Implementing the New EU AML Package: The Crucial Role of OSINT

On 30 May 2024, the Council of the EU adopted a package of new anti-money laundering and counter-terrorist financing (AML/CTF) rules. The AML Package contains an EU Single Rulebook Regulation, a new Directive and a regulation establishing a new AML Authority. The new regulations introduce several key measures aimed at enhancing effectiveness and creating uniform AML/CFT frameworks across member states. The package has already been adopted by the EU parliament on 24 April.

Some of the key changes introduced as part of the new EU AML Package include:

• Expanding the scope of the AML/CTF rules to brand new sectors
• Unifying the regulatory framework across all EU member states
• Establishing a single supervisory authority to apply this framework
• Introducing stricter requirements for customer due diligence, especially for high-risk scenarios

Read on to learn more about the new package and why OSINT is key in implementing it.

What’s new?

New obliged entities

Under the new package, the list of obliged entities has been expanded to include:

• Crypto-asset service providers (CASPs)
• Crowdfunding service providers and intermediaries
• Mortgage and credit intermediaries
• Football agents and professional football clubs (from 2029)
• Traders of certain high-value goods. This includes traders of jewellery and watches exceeding €10,000, vehicles exceeding €250,000 and aircraft and boats exceeding €7.5 million.

All these firms will have to start thinking about how to meet the requirements for customer due diligence and identifying suspicious behaviour, often for the first time. Football clubs, in particular, may be building out a formal anti-financial crime framework from scratch. Obligated firms must tackle both rules-based procedures (like identifying customers) and more open-ended, risk-based activities like conducting enhanced due diligence and investigations. Figuring out best practice and how to balance effectiveness with efficiency will be a steep learning curve.

New enhanced due diligence scenarios

The new package also introduces specific, enhanced due diligence requirements for situations where there is a higher money laundering risk. This includes cross-border correspondent relationships for CASPs, handling substantial assets for high-net-worth individuals (HNWIs), and transactions and relationships involving high-risk third countries.

Why is OSINT so important?

Enhanced due diligence is about going beyond tick-box requirements to gain a real understanding of a customer. This involves diving deeper into their background and activities, potentially uncovering hidden risks that standard checks would miss. By leveraging a much wider range of information and engaging in sophisticated analysis, EDD provides a clearer, more detailed picture of who firms are doing business with, enabling better decision-making and fostering more secure relationships.

One of the most tangible ways for a firm to show it is applying meaningful EDD to higher-risk scenarios is to use open source intelligence (OSINT). Due diligence checks that rely on limited datasets only cover a tiny fragment of the information available, leaving gaps in firms’ knowledge of their customers. Using the full range of publicly available information helps firms better understand their customers and identify unwanted risks. As such, this approach demonstrates a commitment to meeting the standards of the EU’s AML Directive and managing risks proactively.

Within this approach, firms might use sources such as live, unstructured internet data, corporate records, media databases and PEP lists.

Use Case: OSINT for complex investigations on HNWIs

HNWIs demand heightened scrutiny and present unique challenges for firms conducting due diligence and risk assessments. Their substantial assets, complex financial portfolios and diverse business interests can be hard to piece together, demanding thorough and nuanced investigation to uncover any hidden liabilities.

Suggested reading: Discover how leading financial institutions are already using OSINT in our free handbook.

Challenges of HNWIs

On the one hand, HNWIs are often high-profile figures. They generate so much media coverage and appear in so many official records, it is hard to manually sift through to identify key information and produce a clear picture. On the other hand, many of their activities and corporate interests may be undocumented or even deliberately hidden. It is not unusual to find very little information on HNWIs’ early years, especially how they started acquiring their wealth. Unearthing these insights requires more intelligent use of a wider range of open sources.

How can OSINT help?

OSINT plays a crucial role in conducting comprehensive reviews of HNWIs by aggregating and analysing many different types of publicly available information. Examples of open source data that is useful in HNWI due diligence includes:

• Corporate registries and financial disclosures allow firms to map out an individual’s business ventures and investments over time. This provides insights into their financial stability and potential conflicts of interest.
• Property records reveal real estate holdings, indicating their wealth and areas of influence.
• Legal documents can sometimes highlight business activities or associations which are not explicitly documented in corporate filings.

Explaining source of wealth

One of the most powerful aspects of OSINT is its ability to uncover inconsistencies or gaps in the accounts of an individual’s sources of wealth, background, and career history. These red flags are crucial for spotting risky customers. For example, unexplained wealth, sudden changes in career trajectories, or discrepancies between reported and actual assets can indicate potential financial crime risks.

Finding risky connections

HNWIs often have connections to influential business figures, politicians, and other key individuals. OSINT can track these connections using news articles, social media and other public records. Understanding these relationships is important for assessing individuals’ influence within certain networks and potential bribery and corruption risks. It also helps identify any hidden relationships that might pose a conflict of interest or suggest potential collusion.

Understanding involvement in litigation

Another area where OSINT can be extremely valuable is investigating an individual’s involvement in litigation. OSINT uses public court records and news reports to provide insights into past and ongoing legal battles, shedding light on potential liabilities and disputes. This information is essential for understanding the individual’s legal standing and any risks associated with their litigation history.

Establishing a risk profile

The reputation and operations of companies linked to HNWIs are also pivotal in understanding their risk profile. OSINT enables firms to analyse market reports and industry reviews of these companies to understand their business practices. Reviewing all the relevant information helps firms find inconsistencies or red flags and decide if further investigation into a client’s legitimacy is needed.

Suggested reading: read our blog, Why Banks Need OSINT, to understand what you can learn from recent AML scandals.

A crucial tool for enhanced due diligence

With its new AML Package, the EU has set out clear expectations for enhanced due diligence and in-depth investigations in high-risk scenarios. OSINT provides an invaluable tool for conducting such investigations and gaining a meaningful understanding of riskier customers including HNWIs, offering a multidimensional view of their backgrounds, assets, and associations. Using OSINT, firms can do more to find and reduce risks linked to these important clients. This approach not only ensures compliance but also safeguards the firm’s reputation and financial stability, enabling it to make better-informed decisions.

Suggested reading: Learn more about why OSINT is key in the new package by reading this blog.