The Fourth AML Directive and the EU’s Approach to Data Protection: A Precautionary Warning

Lets get one thing straight: The Fourth Anti-Money Laundering (AML) Directive is a directive whereas the General Data Protection Regulation (Data Regulation) is a regulation. The difference between these two is crucial. The Fourth AML Directive allows member states to implement the Fourth AML Directive requirements into national laws. This means that, at a minimum, the requirements of the Fourth AML Directive must be kept, but it does not stop nation states from introducing more stringent requirements. For example, the Dutch Central Bank’s approach for the Third AML Directive was often seen as going over and above EU requirements, whereas the Irish Central Bank’s approach was seen to meet the requirements of the Third AML Directive.

On the other hand, Data Regulation does not allow member states to transpose the requirements into national law, instead it applies within the EU on a unified basis. This means no alternations, however slight, can be made by member states and the law must be directly implemented into the national law of a member state. As a result, the law in Ireland will be similar to the law in the Netherlands, Luxembourg, France, etc.

The Fourth AML Directive must be transposed into member states’ national law by June 2017 and the Data Regulation will likely come into force in early 2018. Therefore, the timeline for both must be taken into account when preparing your organization for compliance with the Fourth AML Directive. If both are not considered, you will risk wasting efforts and commercial resources, which may bring forth criticism from both your organization and regulators alike.

You do not want to place your organization in a position where it may face penalties/sanctions as a result of failing to comply with the Fourth AML Directive and in a separate instance to the Data Regulation. In addition, by following the security requirements and data protection principles of the forthcoming Data Regulation you should ideally be able to prevent a data leak at least to the size and scope of what occurred in the recent Panama Papers leak. This is simply because at the heart of AML is handling personal and oftentimes sensitive data. As AML and compliance professionals, we must stop focusing simply on a singular facet of AML, and instead see it as multifaceted. This will assist us in thinking outside the box and help us come up with creative solutions to common problems…

To read more please access the following website at:

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *