Does the requirment under Article 5 of the Delegated Regulation refer to the sharing of information on the underlying data of the Suspicious Activity report (SAR) (e.g. transactions, customer data) without disclosing whether the SAR was filed and sent to the local authorities of the third country?
According to Article 5 of the EU Delegated Regulation 2019/758, branches and majority-owned subsidiaries (in third countries) of credit and financial institutions must allow for the sharing within the group of information related to suspicious transactions (as referenced in Article 33(1) of EU Directive 2015/849).
Article 5 refers to the “sharing of information” related to a SAR but does not specifically address the extent to which the SAR itself (including, for example, the associated analysis, where a conclusion of suspicion was met, etc.) must be shared or that it has been filed. Given the sensitive nature of SAR communication under AML/CFT regulations, clarity on this requirement is critical.
Article 45 of Directive (EU) 2015/849 (AMLD) requires obliged entities that are part of a group to implement group-wide policies and procedures. These group-wide anti money laundering and countering the financing of terrorism (AML/CFT) policies and procedures, include policies and procedures for sharing information within the group for AML/CFT purposes, and are required to be implemented at the level of branches and majority-owned subsidiaries in Member States and third countries.
Sharing information within the group supports effective, ongoing Money Laundering (ML)/Terrorist Financing (TF) risk identification and management at the level of the group. It is also enables competent authorities to effectively supervise the group's compliance with the AMLD’s requirements.
The AMLD creates an expectation that credit institutions and financial institutions, that form part of the same group, disclose to each other that a Suspicious Transaction Report (STR) has been submitted, as well as to disclose the accompanying information of that STR and additional information requested by the financial intelligence unit (FIU).
Such disclosure is not limited to group entities that are based in the EU but possible also between EU entities and their branches and majority owned subsidiaries established in third countries, subject to certain conditions.
Notwithstanding the requirement of Article 45(8) of the AMLD, the conditions set out in Article 39 of the AMLD, and Article 5 of Commission Delegated Regulation (EU) 2019/758, recognise that the sharing of actual STRs among group entities may not always be possible. In those situations, Article 5 of the Delegated Regulation provides that credit institutions and financial institutions have to take steps to mitigate the resulting ML/ TF risk at group level by: