Show commissioning of third parties with internal security measures
As an obligor or obligated party under money laundering law, you must establish appropriate business- and customer-related internal safeguards to manage and mitigate money laundering and terrorist financing risks through appropriate policies, procedures and controls.
You may also outsource the implementation of internal safeguards to a third party under contractual arrangements. However, you must notify the relevant supervisory authority of the intended outsourcing in advance. The Money Laundering Act contains standard examples of the safeguards to be put in place. This list is not exhaustive. Further internal security measures may be required in individual cases. The internal security measures still require the approval of the member of management responsible for money laundering prevention in their company.
As an obligated party or obligated party, you may have the internal security measures carried out by an (external) third party within the framework of contractual agreements if you have notified the supervisory authority of this in advance. The supervisory authority may prohibit the transfer if
- the third party does not provide a guarantee that the security measures will be carried out properly.
- the control options of the obligated parties are impaired, or
- the supervision by the supervisory authority is impaired.
For you as an obligor or obligated party, this means that you must state in your notification that the conditions for prohibiting the transfer do not exist.
You must also state in the notification which internal security measures are the subject of the transfer
The notification must be made by obligated parties themselves or, if applicable, by the appointed money laundering officer.
Important Notice:
The responsibility for fulfilling the internal security measures remains with the obligated parties. If the third party does not properly fulfill the contractually assigned obligations, for example, you remain responsible for non-compliance with the internal security measures.
Legal basis
§ Section 6 (1) of the German Money Laundering Act (GwG) for basic obligation to take security measures
§ Sec. 6 (7) AMLA regarding duty to notify in case of outsourcing
Which documents are required?
- Notification of outsourcing of internal security measures
- The notification must clearly state which internal security measures are the subject of the outsourcing.
- In the notification of outsourcing, it must also be stated in full and in writing that all requirements have been met and that there are no grounds for prohibiting the intended outsourcing.
- Proof of authorization to report
- Evidence of appointment as money laundering officer or money laundering representative or
- Contract on the outsourcing of internal security measures or
- Evidence that the person making the notification is a member of the company's management (e.g. extract from the commercial register or shareholders' agreement)
- Contract with the third party
- Copy of the contractual agreement with the third party to whom the safeguards are to be outsourced.
- If applicable, current excerpt from the commercial register
- Registered companies please submit a current excerpt from the commercial register with the notification. Legal entities in the process of formation (GmbH, AG) submit the articles of association or articles of incorporation.
- Note: The authority may require evidence of the service provider's suitability - this could be, for example, CVs, training certificates or references that explicitly relate to money laundering obligations and experience.
Requirements
Obligated Persons under the Money Laundering Act
- Only natural persons or legal entities who are obligated parties under the Money Laundering Act are eligible to file a report.
- The reporting person must be a member of the management level or internal/external money laundering officer or internal/external money laundering officer of the company.
The third party must be:
- be sufficiently qualified and reliable, provide assurance that the safeguards are properly implemented, and
- not impair the management options of the obligated parties or the supervision of the supervisory authority as a result of the outsourcing.
What are the fees?
none
Process flow
- The notification must be submitted to the competent supervisory authority by the obligated party itself or, if applicable, by the appointed money laundering officer
- Your notification will be examined by the competent authority
- You will receive a final notification
- After notification, the internal security measures can be carried out by a third party; prior approval by the authority is not required.
- The supervisory authority can prohibit the transfer to a third party if
- the third party does not provide a guarantee that the security measures will be carried out properly,
- the management options of the obligated parties are impaired as a result, or
- the supervision by the supervisory authority is impaired
What deadlines do I have to pay attention to?
- Notification of outsourcing of internal security measures must be made prior to outsourcing
- After notification, the internal security measures can be carried out, prior approval of the authority is not required.
Applications / forms
- Forms: yes
- Online procedure possible: no
- Written form required: no
- Personal appearance required: no
Author
The text was automatically translated based on the German content.