I. Purpose of provisions

Pursuant to section 25 g (1) KWG, the institutions and undertakings specified in section 25c (1) KWG

“as controlling companies, shall create, with reference to their controlled companies, branches in EU Member States and in third countries, group-wide internal safeguards pursuant to section 9 of the Anti Money Laundering Act (Geldwäschegesetz – GwG) and section 25c (1), ensure compliance with the CDD duties pursuant to sections 3, 5 and 6 GwG and with sections 25d and 25f as well as the duty to make and retain records pursuant to section 8 GwG.”

The Basel Committee on Banking Supervision, already in its paper “Consolidated Know-Your-Customer Risk Management” of 6 October 2004 (http://www.bis.org/publ/bcbs110.pdf?noframes=1), pointed to the global character of the risks posed to a group’s legal situation and integrity arising from money laundering and/or terrorism financing. When it comes to ensuring the integrity of the financial system, it is therefore indispensable for a group-wide approach to be taken to risk management in the area of money laundering and terrorism financing. In particular “cross-border undertakings should have systems and processes in place to monitor and share information on the identity of customers and account activity of the entire group, and to be alert to customers that use their services – possibly also in different sectors”. The Basel Committee moreover points out that a problematic customer relationship with part of the group can already pose a risk to the legal situation and integrity of the entire group.

The following statements take account of the above circumstances and serve to explain the requirements set out in section 25g KWG for the group-wide implementation of duties under money laundering legislation.
It is not the purpose of this Circular to explain the obligations for prevention of fraudulent activities to the detriment of the institutions specified in section 25c (1) KWG; this will be done in a separate circular to be issued by the Federal Financial Supervisory Authority (BaFin).

II. Persons to whom obligation is addressed

1. Obligors within the meaning of section 25g KWG

Section 25g (1) sentence 1 KWG requires

• credit institutions,
• financial services institutions,
• capital investment companies (cf. section 6 (5) of the Investment Act (Investmentgesetz – InvG),
• financial holding companies as well as mixed financial holding companies which are deemed to be controlling companies according to section 10a (3) sentence 6 or 7 KWG or according to section 10b (3) sentence 8 KWG and are obligors according to section 25g (2) KWG within the meaning of section 2 (1) no. 1 GwG,

which are parent companies or controlling companies within the meaning of section 25g KWG to ensure that group-wide internal safeguards are created for all controlled companies and branches in Germany and abroad and to meet the other obligations set out therein (“group-wide implementation”).

The termination obligation pursuant to section 25g (1) sentence 3 KWG, however, refers only to branches as well as controlled companies in third countries.

“Controlled companies” within the meaning of section 25g (1) KWG and thus of this Circular are, in addition to controlled companies within the meaning of section 10a KWG, also companies in Germany and abroad which – even if they do not perform any financial transactions themselves – offer, either exclusively or in addition to investment advice, the administration, management and support service of assets (“family office”) provided that they

oare themselves subject AML/CFT CDD legislation at their location, and
oare subject to a controlling influence (section 17 (1) German Stock Corporation Act – AktG) of their parent company or controlling company, for example by reason of a capital or voting majority, contractual obligation (e.g. controlling agreement) or close interrelationships.

“Group” within the meaning of this Circular shall mean the entirety of the parent company or controlling company as well as branches in EU Member States and in third countries and all controlled companies.

2. Responsibility of managing director

The managing directors of the parent company or controlling company within the meaning of section 1 (2) sentence 1 KWG are responsible for fulfilling the obligations of section 25g (1) sentence 1 KWG.

III. Scope of obligation

1. Creation of internal safeguards

For effective implementation, the respective responsibilities within the group are to be explicitly defined with reference to internal safeguards.

a. Group anti-money laundering compliance officer

At the parent company or controlling company, a group anti-money laundering compliance officer is to be appointed whose task is to create a uniform policy for preventing money laundering and terrorism financing within the scope of global risk management for the entire group and to co-ordinate and monitor its implementation group-wide.

The group-wide anti-money laundering compliance officer must create procedures binding throughout the company for implementing the obligations under money laundering legislation within the group’s branches in EU Member States and in third countries and controlled companies in Germany and abroad and must issue instructions.

The resources and procedures necessary for group-wide performance of the tasks of the group anti-money laundering compliance officer are to be kept available and effectively employed by the parent company or controlling company.

As part of his duties, the group anti-money laundering compliance officer must keep himself informed in the branches in EU Member States and in third countries as well as the controlled companies in Germany and abroad of their compliance with the obligations under AML/CFT legislation and assure himself at regular intervals – also through visits on site – in particular that the obligations pursuant to section 25g (1) KWG are being complied with and/or that the necessary measures are being taken. If required, he must take company-wide measures.

The parent company or controlling company must ensure that the group anti-money laundering compliance officer and/or his authorised staff are given the power to have themselves submitted audit reports both by the internal auditing department and by external auditors with reference to all branches in EU Member States and in third countries as well as controlled companies to the extent that these contain statements on the compliance with obligations under AML/CFT legislation. Within the scope of the foregoing duties, this power also involves performance of spot checks without restriction. The parent company or controlling company must additionally ensure that, within the scope of their tasks, the group anti-money laundering compliance officer, his authorised staff and the internal auditing department have all information, documents and files relating to all customers, persons holding power of disposition, beneficial owners, as well as all customer accounts and transactions, of relevance for the performance of the obligations under AML/CFT legislation.

The group anti-money laundering compliance officer must inform the board of management of the parent company or controlling company on a regular basis and in written form about the group-wide implementation of and compliance with the obligations under AML/CFT legislation.

b. Training

Group-wide internal safeguards to prevent money laundering and terrorism financing require, pursuant to section 25g (1) sentence 2 KWG, adequate training of anti-money laundering compliance officers and the staff of the parent company or controlling company as well as all branches in EU Member States and in third countries and controlled companies who are involved in the performance of transactions and the initiation and establishment of customer relationships.

c. Risk analysis

The parent company or controlling company must prepare and update for the entire group a risk analysis for the group-wide implementation of section 25g (1) KWG giving due regard to my Circular 8/2005 which must include and build on the risk analyses of all group branches in EU Member States and in third countries as well as controlled companies in Germany and abroad. The current risk analysis for the group must be brought to the attention of the management.

In this connection, the parent company or controlling company must also evaluate the risk posed for the entire group by a business activity performed by its branches in EU Member States and in third countries or controlled companies in Germany and abroad.

2. Compliance with CDD duties

The parent company or controlling company must ensure compliance with the following CDD duties at all branches in EU Member States and in third countries as well as controlled companies in Germany and abroad:

• the general CDD duties of section 3 GwG (relating to (1) no. 3 in conjunction with section 4 (5)),
• the enhanced CDD duties pursuant to section 6 (2) no. 1 and no. 2 GwG
• the simplified CDD duties of section 5 GwG and 25d KWG, and
• the enhanced CDD duties pursuant to section 25f KWG.

The form requirements of section 4 (3) and (4) GwG are not to be observed for group-wide implementation abroad.

The parent company or controlling company must moreover ensure pursuant to section 9 (2) no. 2 GwG in conjunction with section 25g (1) sentence 1 KWG that uniform risk-adequate provisions and procedures exist for customer acceptance group-wide for the fulfilment of CDD duties.
The foregoing duties of the Anti Money Laundering Act and the Banking Act in this regard represent the minimum standard.

Pursuant to section 25g (1) sentence 3 KWG, in the event that more stringent CDD duties apply at the foreign seat of a branch in an EU Member State and in a third country or controlled company in Germany or abroad, the more stringent duties must be fulfilled there.

The relevant information must be accessible for the parent company or controlling company at all branches in EU Member States and in third countries as well as controlled companies in Germany and abroad.

If customers, by reason of statutory provisions or by reason of a classification, are regarded by the anti-money laundering compliance officer of a branch in an EU Member State and in a third country or a controlled company in Germany and abroad, or by the group anti-money laundering compliance officer group-wide, as posing elevated risks, enhanced CDD duties are to be provided. In such cases, the immediate superior or immediately higher management level must decide on the establishment or continuation of a business relationship with such customers.

The parent company or controlling company must further ensure that adequate uniform risk-oriented procedures for monitoring accounts for unusual or suspicious transactions are applied group-wide. These shall cover all accounts (including internal accounts, trust accounts or customer accounts for assets that are kept or managed on an agency basis).

3. Requirements pursuant to section 25g (1) sentence 3 KWG

If the measures to be taken as part of the establishment or conduct of business relationships or transactions pursuant to section 25g (1) sentence 1 KWG in a third country in which a branch or controlled company is domiciled are legally not admissible or, according to the law of the country concerned, factually not practicable, the parent company or controlling company must ensure, pursuant to section 25g (1) sentence 3 KWG, that its branches or controlled companies do not establish or continue any business relationship in such third country and do not perform any transactions requiring such inadmissible or impracticable measures.

If a business relationship already exists, the parent company or controlling company in such cases must ensure that such relationships are ended by its controlled companies or by its branches by way of termination or otherwise, regardless of other statutory or contractual provisions (section 25g (1) sentence 4 KWG).

In the case of the obligation not to perform a transaction or to terminate or otherwise end an existing business relationship, the principle of proportionality must be observed. The requirements to be met for fulfilment of the CDD duties as part of the decision not to perform a transaction or to end a business relationship are to be interpreted not on the basis of narrowly pre-defined formal criteria but in the light of the risk-based approach of section 3 (4) GwG. The obligation not to perform a transaction or to end a business relationship always exists if the measures required by section 25g (1) sentence 1 KWG which are not practicable in the third country concerned for legal or factual reasons are material in nature.

4. Ensuring access to information within the group

Pursuant to section 9 (2) no. 2 GwG in conjunction with section 25g (1) sentence 1 KWG, the parent company or controlling company must ensure that its branches in EU Member States or third countries as well as controlled companies in Germany and abroad are in a position to make the information necessary for performance of the duties pursuant to section 25g (1) KWG and for group-wide risk management which is relevant for preventing money laundering or terrorism financing available to the group anti-money laundering compliance officer and the group auditing department and to answer queries in this regard – in particular from the group anti-money laundering compliance officer and the group auditing department – in a prompt manner. Such information also includes customer data, reports of suspicious transactions or information relating to contacts to financial supervisory, criminal prosecution and investigation authorities as well as tax and customs authorities.

The parent company or controlling company must also ensure that rules and procedures exist making it possible to determine whether a customer holds accounts or deposits at or business relationships with a branch in an EU Member State or in a third country or a controlled company in Germany and abroad.

5. Duties to make and retain records

The parent company or controlling company must ensure that the requirements for making and retaining records of the statements gathered and the information obtained about contractual partners, beneficial owners as well as business relationships and transactions are observed within the entire group in accordance with the principles of section 8 (1) sentence 1, (2) and (3) GwG.

Reports by the group anti-money laundering compliance officer as well as other information provided or made available to the parent company or controlling companies must be retained in accordance with the principles of section 8 (3) GwG and made available to the group auditing department and as part of audits of the annual accounts and special audits. They are also subject to the secrecy and confidentiality provisions applicable to all business secrets.