Does the requirment under Article 5 of the Delegated Regulation refer to the sharing of information on the underlying data of the Suspicious Activity report (SAR) (e.g. transactions, customer data) without disclosing whether the SAR was filed and sent to the local authorities of the third country?

According to Article 5 of the EU Delegated Regulation 2019/758, branches and majority-owned subsidiaries (in third countries) of credit and financial institutions must allow for the sharing within the group of information related to suspicious transactions (as referenced in Article 33(1) of EU Directive 2015/849).

Article 5 refers to the “sharing of information” related to a SAR but does not specifically address the extent to which the SAR itself (including, for example, the associated analysis, where a conclusion of suspicion was met, etc.) must be shared or that it has been filed. Given the sensitive nature of SAR communication under AML/CFT regulations, clarity on this requirement is critical.

Article 45 of Directive (EU) 2015/849 (AMLD) requires obliged entities that are part of a group to implement group-wide policies and procedures. These group-wide anti money laundering and countering the financing of terrorism (AML/CFT) policies and procedures, include policies and procedures for sharing information within the group for AML/CFT purposes, and are required to be implemented at the level of branches and majority-owned subsidiaries in Member States and third countries.

Sharing information within the group supports effective, ongoing Money Laundering (ML)/Terrorist Financing (TF) risk identification and management at the level of the group. It is also enables competent authorities to effectively supervise the group's compliance with the AMLD’s requirements.

The AMLD creates an expectation that credit institutions and financial institutions, that form part of the same group, disclose to each other that a Suspicious Transaction Report (STR) has been submitted, as well as to disclose the accompanying information of that STR and additional information requested by the financial intelligence unit (FIU).

• Specifically, Article 45 (8) of the AMLD provides that credit institutions and financial institutions, that are part of a group, are required to share within the group ‘information on suspicions that funds are the proceeds of criminal activity or are related to terrorist financing’ reported to the financial intelligence unit (FIU), unless otherwise instructed by the FIU. Furthermore, Article 39(3) allows for the said sharing of information to take place notwithstanding the prohibition provided for under Article 39(1) of the AMLD.

Such disclosure is not limited to group entities that are based in the EU but possible also between EU entities and their branches and majority owned subsidiaries established in third countries, subject to certain conditions.

Notwithstanding the requirement of Article 45(8) of the AMLD, the conditions set out in Article 39 of the AMLD, and Article 5 of Commission Delegated Regulation (EU) 2019/758, recognise that the sharing of actual STRs among group entities may not always be possible. In those situations, Article 5 of the Delegated Regulation provides that credit institutions and financial institutions have to take steps to mitigate the resulting ML/ TF risk at group level by:

• Ensuring that the third country branch or majority-owned subsidiary provides relevant aggregate information to the credit institution's or financial institution's senior management so that it is able to assess the ML/TF risk associated with the operation of the branch or majority-owned subsidiary and the impact this has on the group, such as: (i) the number of suspicious transactions reported within a set period; (ii) aggregated statistical data providing an overview of the circumstances that gave rise to suspicion; and
• taking one or more measures set out in Article 8 a-c and g-i of the Delegated Regulation in addition to their standard AML/CFT measures to manage ML/TF risk across the group. The additional measures in Article 8 include steps to ensure that the branch or majority-owned subsidiary shares with the credit institutions or financial institutions ‘information that gave rise to the knowledge, suspicion or reasonable grounds to suspect that money laundering and terrorist financing was being attempted or had occurred, such as facts, transactions, circumstances and documents upon which suspicions are based, including personal information to the extent that this is possible under the third country's law’.