In recent months, Bulgaria has undergone significant changes to its Anti-Money Laundering (AML) legislation intending to achieve the long-overdue complete transposition of the EU 2018/843 Directive into national law and meeting the higher standards set forth in the Financial Action Task Force’s (FATF) recommendations on Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT), especially following the country’s inclusion in FATF’s so-called “grey list” of jurisdictions under increased monitoring. Naturally, these changes give rise to a number of new obligations for businesses to comply with. The purpose of this article is to provide an overview of the most significant changes.
Some of the changes affect the AML internal rules of the Obliged Entities (OE). In compliance with these, the internal rules shall now include information on the updating periods of the customer databases and dossiers, consistent with the identified customer risk rating. Additionally, the internal rules shall indicate the update periods of the entity’s Risk Assessment – at least once every 3 years. However, certain high-risk OE (such as leasing companies, investment intermediaries, insurance undertakings, insurance intermediaries, etc.) are required to update their risk assessments annually and designate a specific date for the update to occur each calendar year.
Furthermore, the OE’s internal rules must include policies and procedures regarding the verification of the professional competence and reliability of the internal AML department employees as well as other employees whose job functions involve AML /CFT-related duties.
The customer due diligence procedure has also undergone certain changes. One of these is situations in which the customer is represented by a proxy before the OE. The OE must now identify the natural persons acting as customers’ proxies in the same manner that they identify the actual customers. Additionally, proof of the proxies’ authorized representative powers (PoA) must be requested by the OE.
Also, as part of the due diligence process, as of October 6, 2023, the OE must determine the source of funds involved in each business relationship or transaction (before the revisions, this was only required in specific situations).
Another noteworthy modification is the introduction of a new mechanism for reporting discrepancies in beneficial ownership data. This mechanism comes into effect on July 16, 2024, as a part of the transposition of the EU 2018/843 Directive. This new rule requires all OE to disclose to the Registry Agency any discrepancies they identify between the beneficial owners’ data they have gathered and the register data. Once the discrepancy is reported, the Registry Agency notifies the relevant company in writing, urging it to update its Ultimate Beneficial Ownership (UBO) information within 7 days or face penalty. Therefore, it is highly recommended that all OE maintain their UBO information up-to-date as the 7-day deadline may be difficult to meet, particularly for companies with more complicated structures.
It is worth noting that the list of OE has been expanded as a result of last year’s legislative amendments. Pursuant to these changes, individuals who, by way of their business, grant access to safe-deposit boxes at public vaults are now considered OE. Another addition to the list of OE are providers engaged in virtual assets transfer or exchange services, virtual assets safekeeping and administration services enabling control over virtual assets, and virtual assets public offering services. These changes are in line with the EU AML framework and reflect the rising tide of crypto platforms and retail financial services.
Additional personal requirements have been introduced concerning the natural persons eligible to perform certain activities. Previously, only the natural persons providing services as company service providers, legal service providers, or real estate agents were subjected to a personal requirement for a clean criminal record – they were required not to have been convicted of an intentional, publicly prosecutable criminal offence unless they had been rehabilitated. Following the amendments in the Measures Against Money Laundering Act (MAMLA), several additional personal requirements were imposed. Currently, in addition to having clean criminal record, these individuals are required also not to have been members of a management or control body, or general partners, in a company that has been subject to bankruptcy proceedings or has been dissolved due to bankruptcy within the last two years preceding the date of the decision declaring bankruptcy, in case there were unsatisfied creditors. These individuals shall not be restricted from holding senior management positions under Art. 124 of the MAMLA (foreseeing restrictions for natural persons that have been sanctioned for violations of the MAMLA), nor from holding positions of material responsibility. Their reliability and suitability must be proven based on collected data.
All the abovementioned personal requirements for natural persons eligible to perform certain activities are now listed in a new separate provision (Art. 9d of MAMLA). The scope of the newly-created provision also covers the custodian wallet providers (a wallet in which a third party is responsible for managing your private keys), the persons who, by way of their business, grant access to safe-deposit boxes at public vaults, as well as the providers engaged in exchange services between virtual currencies and fiat currencies, virtual assets transfer or exchange services, virtual assets safekeeping and administration services enabling control over virtual assets and virtual assets public offering services.
These personal requirements shall also apply to procurators, managers, members of management or control bodies, or limited partners in companies that carry out any of the aforementioned activities, as well as to their beneficial owners.
Besides the amendments to Bulgaria’s national AML legislation, it is important to note another major development that will have a considerable impact on AML rules throughout the EU. This is the recently adopted legislative package of new anti-money laundering measures at the EU level (hereinafter referred to as the "EU AML Package"), which brings a long-awaited reform to EU AML legislation.
The new comprehensive EU AML package consists of several new directives and regulations with the ambitious purpose of harmonising the AML/CFT legislation across the EU as the regulations will apply directly in all Member States. On June 19, 2024, the EU Official Journal published the EU Single Rulebook Regulation (Regulation (EU) 2024/1624), the sixth Anti-Money Laundering Directive (Directive (EU) 2024/1640), and the Anti-Money Laundering Authority Regulation (Regulation (EU) 2024/1620), which established a new European Authority for Anti-Money Laundering and Countering the Financing of Terrorism.
The new rules will take effect three years after the regulations and directives come into force (with some exceptions).
A more detailed review of the impact of these changes on EU-obliged entities will soon be provided in a separate article.
By Mario Kralev, Associate, and Sevdelina Rabuhchieva, Senior Associate, Gugushev & Partners, PONTES