BLL Bulletin

Stay ahead with us

At the end of each month the BLL Bulletin presents a round-up of BLL news in the areas of bribery & corruption, fraud, money laundering and proceeds of crime. To opt-in for the BLL Bulletin, enter your details and email to the side.

Bright Line Law News

Latest news & updates from Bright Line Law.

Undertaking CDD on your customer's customer

undertaking cddSpeed Read

On 3 September 2015 the Advocate General to the European Court of Justice delivered an Advisory Opinion on the CDD expectations of regulated entities dealing with regulated clients. The Opinion indicates that the expectations of regulated entities have been raised and in certain circumstances they are expected to conduct CDD on their “customer’s customers”. Additionally, the Opinion promotes a wide interpretation of “suspicion” and has the potential to encourage financial institutions to aggressively “de-risk”, a message which is at odds with recent domestic and inter-governmental guidance.


The transmission of money abroad poses a high risk of money laundering, requiring vigilance by financial sector institutions. It is therefore no surprise that for well over a decade, it is an area that has attracted ongoing regulatory attention in the UK as well as at an EU and intergovernmental level, including the Financial Action and Terrorist Financing Taskforce (FATF). Until recently, there has at least been some consistency between the various guidance statements issued, with regulated institutions urged to take a measured, as opposed to wholesale, approach to “de-risking” in the context of money laundering. Thus far, the message has been that it is preferable for financial institutions to manage the money laundering risk rather than to cease their relationships with vulnerable clients. However, on 3 September 2015, the UK Advocate General to the European Court of Justice (ECJ), Eleanor VE Sharpston QC, quietly delivered a detailed Advisory Opinion on the AML expectations of entities in the regulated sector dealing with similarly regulated clients which, if it is to be adopted by the ECJ, may promote aggressive AML de-risking contrary to domestic and FATF guidance.  

Relating to the case of Safe Interenvios, SA v Liberbank, SA, Banco De Sabadell, SA and Banco Bilbao Vizcaya Argentaria, SA, the Opinion will be closely scrutinised by the ECJ at its full hearing of the matter in 2016. At this early stage, however, practitioners should be aware of its significance as it indicates that the EU Money Laundering Directive, 2005/60/EC (the Money Laundering Directive), imposes very high expectations on regulated financial institutions which continue to apply, even where a regulated financial institution is conducting business with another regulated entity. In certain circumstances, regulated financial institutions cannot rely on customer due diligence carried out by their regulated customers and may be required to conduct due diligence on their “customer’s customers”. Accordingly, the Opinion is of critical importance to practitioners and others advising on AML requirements.

Safe Interenvios

A series of questions about the AML expectations imposed on financial institutions which were regulated under the Money Laundering Directive were referred to the ECJ by a Spanish court, the Audiencia Provincial de Barcelona. The questions arose out of a dispute between three banks regulated in Spain and their similarly regulated client, Safe Interenvios (Safe), a payment institution that transmitted money abroad for its customers via accounts it held with the three banks. In a bid to “de-risk”, the banks had closed Safe’s accounts on the basis of money laundering suspicions when Safe refused to provide information on the final destination of the transmitted funds. The reasons behind Safe’s refusal were layered. As a regulated entity, Safe contended that the due diligence it conducted on its own customers was sufficient for the purposes of not only its but also the banks’ compliance with the Money Laundering Directive and that there was no obligation for the banks to undertake their own due diligence on Safe’s customers. According to Safe, the banks were only entitled to conduct due diligence on Safe and any provision of information about their clients to the banks would contravene the data protection requirements imposed by the EU Personal Data Directive, 94/46/EC. Rejecting this, the banks closed all of Safe’s accounts. Safe subsequently brought a claim for unfair commercial practice, in contravention of the Unfair Commercial Practice Directive, 2005/29/EC, on the basis that the banks’ position effectively forced it out of the money transmission business.

The Advisory Opinion

The Safe Interenvios case brings into sharp focus the expectations of customer due diligence (CDD) under the Money Laundering Directive.  Practitioners will be aware that under the Directive three levels of CDD are established – simplified, standard and enhanced. Some leeway is afforded to credit or financial institutions dependent on the degree of risk of money laundering or terrorist financing posed by their customers. Standard AML requirements, set out in Articles 7, 8 and 9 of the Directive, include customer identification and verification, identification of beneficial owners, understanding the purpose of the business relationship and ongoing monitoring of the business relationship and scrutiny of transactions. Under Article 13 enhanced due diligence is expected in situations which pose higher risk and envisaged measures include verifying customer identity by additional documents, data or information, seeking certified documents and ensuring that the first payment is made through an account opened in the customer’s name. Simplified due diligence procedures are only permitted where the risk of money laundering and terrorist financing is low. Ultimately, the due diligence procedures established by the Money Laundering Directive serve as a baseline. Under Article 5, Member States may impose more rigorous domestic AML requirements on regulated entities.

Against this background, the primary issue referred to the ECJ for consideration was the condition requiring a regulated credit institution to conduct standard and enhanced customer due diligence in relation to a regulated payment institution. At the crux of Safe’s case was its contention that as it was a regulated entity, covered by the Money Laundering Directive with detailed AML policies in place, the banks were not permitted to supervise its activities, extending to conducting their own due diligence on Safe’s customers. Accordingly, on Safe’s case, the banks’ decision to terminate its accounts was invalid.

In her lengthy Advisory Opinion, however, the Advocate General flatly rejected this and considered that the banks were authorised to terminate Safe’s accounts. In reaching this conclusion, a series of important findings about the Money Laundering Directive were made. First, underscoring that the Money Laundering Directive permitted Member States to mandate more comprehensive due diligence (paragraph [114]), the Advocate General considered that the Directive required all regulated entities to take into account “all relevant facts” to assess the risk of money laundering or terrorist financing and to conduct the appropriate level of due diligence. The fact that a customer was also a regulated entity did not preclude enhanced due diligence being undertaken (paragraph [128]). In this case, the banks held a suspicion that Safe was being used as a vehicle for money laundering and, therefore, they were required to conduct comprehensive due diligence. According to the Advocate General, “suspicion” as to money laundering or terrorist financing arose when “taking in to account the individual circumstances of a customer and his transactions (including with respect to the use and management of his account(s)), there are some verifiable grounds showing a risk that money laundering or terrorist financing exists or will occur in relation to that customer.” Under Article 7(c) of the Money Laundering Directive, where such a suspicion arose a Member State is precluded from applying simplified due diligence measures.

As a consequence of the banks’ suspicions that Safe was a vehicle for money laundering, the banks were required to conduct enhanced due diligence on Safe. Although the Advocate General did not consider that the Money Laundering Directive envisaged that enhanced due diligence automatically extended to a regulated entity requesting and verifying information relating to “the customer(s) of the customer” (paragraph [124]), it also did not necessarily preclude national laws authorising a regulated entity, where justified, to obtain and verify information of this kind. The banks’ conduct was neither anti-competitive nor precluded by data protection laws (paragraph [126]).

Implications for practitioners

The Opinion of Advocate General Sharpston is striking for several reasons, none the least being that it establishes that regulated entities, in certain circumstances, could be required to conduct due diligence on the customers of its customer, and that the public interest in protecting personal data will not be a bar to due diligence when a money laundering suspicion arises.

Whilst it is axiomatic that CDD measures must be commensurate with the risk of money laundering that is posed by a specific entity, the opinion takes the AML expectations of regulated entities under the Money Laundering Directive an unprecedented step further. Where there is suspicion, a regulated entity may be required by national law to conduct enhanced due diligence, extending in practice to verifying documents and other information about its “customer’s customers”. The fact that a customer is also a regulated entity with AML policies in place will be wholly immaterial.

At first glance, a robust approach to the fight against money laundering is certainly to be commended. However, whether the opinion reflects the intentions of the Money Laundering Directive is a matter requiring careful consideration by the ECJ in 2016. The definition of “suspicion” in the context of money laundering, hitherto not defined in the Money Laundering Directive, provided by the Advocate General is expansive, in that it only requires that there are some, as opposed to substantial, “verifiable grounds” showing a risk. Accordingly, practitioners should take note as the threshold for holding a suspicion of money laundering or terrorist financing, thereby triggering regulated entities to undertake more comprehensive due diligence procedures and exposing them to the risk of attracting adverse regulatory attention for failing to do so, appears to have been set rather low.

In this sense, the Opinion is a further example of the court taking a very wide, purposive approach to the Money Laundering Directive in view of the threat posed by money laundering and terrorist financing. It reinforces that shortcuts cannot be taken with due diligence, even though a customer may also be regulated. What, however, are the wider implications of the higher expectations that have been placed on regulated entities? An obvious one is that regulated entities are likely to aggressively “de-risk”, terminating transactions and business relationships with customers vulnerable to money laundering, such as money transmitters and charities, as well as those from countries where the risk of corruption and money laundering is great. Such an approach to de-risking runs against the grain of guidance issued domestically in the UK and internationally by the FATF which in recent years urged regulated entities to not de-risk but rather to manage risk and continue doing business with vulnerable customers and in vulnerable countries. It also runs counter to a recent Chancery Division decision, Dahabshiil Transfer Services Ltd v Barclays Bank Plc [2013] All ER (D) 35, in which a money transmission company succeeded in obtaining an interim injunction against Barclays Bank when the bank took a heavy-handed approach and sought to close its accounts owing to money laundering suspicions. 

Against this background, the Advocate General’s Advisory Opinion that the banks were permitted to terminate Safe’s accounts is somewhat curious. There are real dangers associated with terminating business relationships and promoting wholesale “de-risking”. Fundamentally, it encourages regulated financial service providers to cease or restrict business, leaving communities without banking services and an opportunity for less transparent and responsible financial service providers to fill the gap and tighten their grip on countries already vulnerable to money laundering and terrorist financing. This is harmful not just to countries struggling to develop robust anti-corruption and AML frameworks, but to the financial sector as a whole and the global fight against terrorist financing and money laundering.

Factors such as these, however, do not feature in the Advocate General’s Advisory Opinion and it remains to be seen whether the ECJ will turn its mind to them when it considers the Safe Interenvios case in 2016. Until then, practitioners should note that the notion of “suspicion” of money laundering has been interpreted expansively and that the expectations of regulated entities have been considerably raised.

The author acknowledges the assistance given by Anita Clifford in writing this article.

Undertaking CDD on your customer’s customer
DPP rebuffs attempt to lift restraint order in $1....
The views expressed in this article represent those of the author and not Bright Line Law.


  1. Please let us know your name.
  2. Invalid Input
  3. Please let us know your email address.
  4. Invalid Input