Anti-money laundering framework for financial institutions in France

The anti-money laundering framework for financial institutions in France encompasses the key components of the country's regulations aimed at combating money laundering and terrorist financing. This framework includes the laws and regulations established for responsible parties, ensuring compliance with international initiatives.

In France, the anti-money laundering framework is based on Ordinance 2009-104 of January 30, 2009, which is codified in Articles L. 561-1 and subsequent articles of the French Monetary and Financial Code.^[1]

The fourth directive on combating money laundering and the financing of terrorism (AML-CFT), initiated on February 5, 2013, was adopted by committees of the European Parliament on January 27, 2015. This directive introduced several legal innovations, including the establishment of national databases.^[2] It was transposed into domestic law by Member States by June 26, 2017, which marked its entry into force in France.^[3]

The fifth European AML-CFT directive (Directive (EU) No 2018/843 of May 30, 2018) took effect in July 2018.^[4][5]

In addition to the European legislative framework, the regulatory requirements for governance and internal control related to AML/CFT were defined by the decree of January 6, 2021,^[6] which came into effect on March 1, 2021.^[7]

The Autorité de Contrôle Prudentiel et de Résolution (ACPR) oversees compliance with AML/CFT obligations, while a common supervisory framework by the European Union is anticipated to be implemented in 2023.^[8]

The list of liable parties responsible for combating money laundering and terrorist financing is defined in Article L561-2 of the Monetary and Financial Code (hereinafter "CMF") and includes:^[9]

• Banking establishments;
• Insurance companies and brokers;
• Provident institutions;
• Mutual insurance companies and unions, as well as reinsurance and capitalization entities;
• The Bank of France;
• The issuing institute of the overseas departments;
• The issuing institute for overseas territories;
• Investment firms (excluding portfolio management companies);
• Credit institutions headquartered in a state party to the European Economic Area (EEA). The General Regulation of the Financial Markets Authority (AMF) allows for the inclusion of institutions that are not based in the EEA;
• Investment firms headquartered in a state belonging to the EEA. The General Regulation of the Financial Markets Authority allows for the inclusion of establishments not based in the EEA;
• Corporate entities whose partners are jointly and severally held by credit institutions headquartered in a state that is part of the European Economic Area (EEA);
• Corporate entities headquartered in mainland France or overseas departments or in Saint-Barthélemy or Saint-Martin, whose main or sole purpose is the clearing of financial instruments. The General Regulation of the Financial Markets Authority allows for the inclusion of corporate entities not established in mainland France or overseas departments or Saint-Barthélemy or Saint-Martin;
• Market operators;
• Central depositories and managers of financial instrument settlement and delivery systems;
• Financial investment advisors;
• Intermediaries acting on behalf of third-party owners of financial securities;
• Portfolio management companies for investment services;
• Portfolio management companies and management companies for the marketing of units or shares of collective investment schemes, whether or not they manage them;
• Manual currency exchangers;
• Individuals or legal entities who, habitually, engage in transactions involving third-party real estate;
• Legal representatives and managers are responsible for casinos and associations, clubs, and companies organizing gambling, lotteries, bets, sports, or horse racing predictions;
• Individuals who habitually engage in the trade or organization of the sale of precious stones, precious materials, antiques, and works of art;
• Companies providing payment banking services, exempted from approval by the Prudential Supervisory Authority;
• Chartered accountants and employees authorized to practice the profession of chartered accountant;
• Lawyers at the Conseil d'État and the Court of Cassation, lawyers, avoués near the courts of appeal;
• Notaries;
• Bailiffs;
• Judicial administrators and judicial agents;
• Judicial auctioneers;
• Public auction companies for voluntary sale of goods;
• Individuals engaging in domiciliation activities.

The fourth AML/CFT directive establishes obligations regarding customer due diligence, suspicious transaction reporting, data retention, and internal control provisions in the event of serious, repetitive, or systematic breaches by obligated entities:^[3]

• For credit and financial institutions, a maximum financial penalty of at least 5 million euros or 10% of annual turnover is set for legal entities, and a maximum of at least 5 million euros for natural persons;
• The fourth directive does not limit the financial penalties to the directors of financial institutions; it also extends to individuals responsible for regulatory breaches, such as those in charge of the AML/CFT system or compliance.

The Third Anti-Money Laundering Directive 2005/60/EC, adopted on October 26, 2005,^[10] was transposed into national law by Ordinance 2009-104 of January 30, 2009.^[11] This transposition marked a shift from a threshold-based approach to due diligence to a risk-based approach that considers the actual risk of money laundering.

This "risk-based approach" was advocated by banking professionals, particularly in the Anglo-Saxon context, to ensure that resources are concentrated where they are most needed. Under this framework, the principle of due diligence is adjusted to account for various money laundering and terrorist financing risks associated with the customer, the product, or the distribution method.

The due diligence obligations are specified in Articles L. 561-5 to -10-2 of the aforementioned ordinance and in Articles R. 561-5 and -6 of the decree dated September 2, 2009.

Professionals are required to implement their due diligence obligations regularly, adapting their practices according to this new risk-based approach. Consequently, there are three levels of due diligence, with varying intensities of procedures: simplified, standard, and enhanced.

The simplified due diligence level is justified by the presence of low risk in the business relationship, leading to a reduction in the obligations of the obligated party concerning certain categories of customers and transactions. When the risk of money laundering is assessed as low, due diligence can be performed in a simplified manner, both in terms of customer identification and transaction processing. This risk assessment can be based on various criteria, including the customer, the product, or its marketing method.

Article R561-15 of the CMF, derived from Decree No. 2009/1087 of September 2, 2009, specifies the conditions for applying these simplified control measures and outlines cases presenting a low risk of money laundering and terrorist financing. These cases include when the customer or the "beneficial owner" is:

• A financial institution established in a Member State of the European Union;
• A listed company whose securities are admitted to trading on at least one regulated market in France or a State party to the agreement on the European Economic Area;
• A public authority, a public body.

Article R561-16 of the aforementioned text details the products for which these simplified due diligence measures will be applied, including:

• Digital currency with a maximum capacity of the device of 250 euros in case of impossibility to recharge and 2,500 euros in the opposite case;
• Employee savings plans.

These exemptions require obligated entities to gather the necessary information to confirm that the customer meets the specified conditions.

In the insurance sector, simplified due diligence is also addressed in the decree of November 10, 2009 (JORF No. 0264 of November 14, 2009).

This level of due diligence corresponds to a medium risk, which applies to the majority of customers. It necessitates the application of the following principles:

• Identification of regular and occasional customers based on reliable documents;
• Assessment of the nature and purpose of the intended business relationship;
• Regular monitoring of the business relationship, including the updating of information;
• Identification of ultimate beneficial owners.

When the risk of money laundering and terrorist financing presented by a customer, product, or transaction is assessed as high, obligated entities must enhance the intensity of the measures outlined in Articles L561-5 and L561-6.

The strengthened due diligence measures specified in Articles L561-10-1 and L561-10-2 of the CMF are particularly applicable in the following situations:

• Cross-border correspondent banking relationships or business relationships for the distribution of financial instruments with a financial institution located in a country outside the European Union or not party to the agreement on the European Economic Area (Article L561-10-1). In such cases, specific measures (as outlined in Article R561-21 of the CMF) must be adopted, including gathering information about the contracting entity's activities, reputation, and the quality of supervision it is subject to;^[12]
• Atypical operations that lack economic justification, have no legitimate purpose, are complex, or involve unusually high amounts (Article L561-10-2). In these instances, obligated entities must inquire about the origin of the funds, the destination of these sums, the purpose of the operation, and the identity of the beneficiary.^[13]

Beyond these specific provisions, institutions may establish their risk management policies and adjust their controls based on the nature of the risks they face.

As part of the checks conducted by the French Prudential Supervision and Resolution Authority (ACPR) of the Bank of France, entities must be prepared to justify the nature of the measures implemented within the framework of their risk-based approach.

This approach is operationalized through the adoption of a risk mapping process,^[14] which relies on an analysis of business processes that is cross-referenced with an operational risks typology.

Customer knowledge is a fundamental pillar of anti-money laundering efforts, as a thorough understanding of the customer base facilitates the detection of atypical transactions that may be linked to illicit activities and enables the reporting of suspicious activities. Customer knowledge primarily involves identification and verification (including identity, address, activity, etc.) through credible documentation, as well as gathering information related to the purpose and nature of the relationship, to determine the customer's risk profile.^[15]

The ordinance imposes a duty of due diligence on entities specified in Article L.561-2 of the CMF, which consists of understanding the customer.^[9]

This principle is internationally recognized as KYC (Know Your Customer). Therefore, professionals must ensure compliance with the information regarding their customers and, if applicable, the beneficial owners both before entering into a business relationship (Article L.561-6, para. 1 of the CMF) and throughout that relationship (Article L.561-6, para. 2 of the CMF).

According to Article L.561-5 of the CMF, before entering into a business relationship or assisting a customer in preparing or executing a transaction, financial institutions must identify their customer and, if applicable, the beneficial owner of the business relationship through appropriate means. They must also verify these identification elements upon presentation of any supporting written documents. The term "customer" is understood in the broadest sense to include natural persons, legal entities, industrial, commercial, or service companies, guarantors, intermediaries, management companies, correspondent banks, and others.

A business relationship is established when a qualified professional initiates a professional or commercial relationship that is expected to last for a certain duration at the time the contact is established (Article L.561-2-1 CMF).

Thus, the establishment is required to identify its customer or beneficial owner before entering into a business relationship by collecting all relevant information related to the purpose and nature of that relationship, as well as any other pertinent customer information.

The "beneficial owner" is defined in Article L.561-2-2 of the CMF as a natural person who:^[16]

1. Ultimately controls, directly or indirectly, the customer, or
2. For whom an operation is carried out or an activity is conducted.

A decree by the Council of State clarifies the definition and the methods for determining the beneficial owner.

The decree of September 2, 2009,^[17] specifies in Article R.561-1 of the CMF that the beneficial owner is the person who ultimately benefits from the transaction.^[18] This individual must be a natural person who directly or indirectly holds at least 25% of the capital or voting rights of the company, or who holds control, administrative, or managerial authority over the company or its governing body.

For natural persons, the institution must verify the identity and authority of individuals acting on their behalf. The customer or beneficial owner must present a valid official document containing a photograph. The financial institution is then required to verify the following details: name, first name, date and place of birth, date and place of issue of the document, and the issuing authority.

Customer knowledge must also facilitate the identification of the customer's resources, necessitating an understanding of their economic situation. In relation to the economic situation of the customer or beneficial owner, the financial institution must obtain proof of the current address, details of current professional activities, and any information necessary for assessing assets, income, or other resources.

These elements allow for a concrete analysis of the customer's economic transactions to determine whether they align with the customer's economic capacity or exhibit suspicious characteristics. Certain attributes of the customer can significantly impact the risk associated with the relationship, particularly if the customer is a politically exposed person (PEP).

The regulations stipulate that all relevant information must be gathered regarding the customer, including an analysis of their economic, financial, and legal environment, as well as their reputation, to ensure a comprehensive understanding of the customer.

In some cases, customer knowledge requirements may be deemed automatically satisfied, resulting in the waiver of due diligence obligations. Article L.561-9, paragraph II of the CMF provides exemptions under specific conditions, as detailed in the implementing decree of September 2, 2009:

• This exemption applies when entities have their registered office in France, another Member State of the European Union, or the European Economic Area (EEA), or in a country with equivalent obligations in the fight against money laundering and terrorist financing;
• The same applies to subsidiaries with their parent company in the aforementioned regions if they confirm the knowledge of the beneficial owner of the transaction, as well as for other entities authorized by the competent authority of a Member State of the EU, the EEA, or a state with equivalent obligations.

Before establishing a business relationship, the financial institution must perform "standard" due diligence, which includes continuous monitoring of the customer.^[19] Pre-established information allows for the classification of customers into low, medium, or high-risk categories.

The Fourth European Directive of May 20, 2015, transposed into French law by Ordinance No. 2016-1635 of December 1, 2016,^[20] mandates the establishment of "registers of beneficial owners" in all EU countries. These registers, which refer to individuals owning more than 25% of the capital or voting rights, must be publicly accessible.^[21] The document filed with the commercial court registry must include, for each customer involved in a transaction, the name, first name, date and place of birth, nationality, personal address of the beneficial owners, the date they became beneficial owners, and the nature of control they exercise over the company. This requirement applies to new companies from August 1, 2017, and to existing companies from April 1, 2018.^[22][23][24]

Article L.561-6, paragraph I of the CMF stipulates that customer identification must encompass all information related to the purpose and nature of the relationship, along with any other relevant customer information.

The decree of September 2, 2009, further specifies that, as part of the knowledge of the business relationship, the financial institution must accurately identify the amount and nature of the planned transactions, the source of funds, the destination of funds, the economic justification provided by the customer, and the intended operation of the account.

The purpose and nature of the relationship must be defined based on the transactions anticipated with the customer.^[25] In analyzing the nature of the relationship, it is essential to consider the types of operations requested by the customer.

In the context of certain transaction types, the financial institution must adopt a risk-based approach tailored to its specific circumstances and expertise. This approach involves implementing due diligence measures based on a risk matrix.

The ordinance of January 30, 2009, distinguishes between two types of risk and three types of due diligence:

• Normal: for regular operations;
• Low: for low-risk situations;
• Complementary - Enhanced: For situations presenting a higher risk.

Article L.561-5 II of the CMF states: "Notwithstanding paragraph I, when the risk of money laundering or terrorist financing appears low and under conditions defined by decree of the Council of State, only the verification of the customer’s identity, and where applicable, that of the beneficial owner, may be carried out during the establishment of the business relationship."

The decree of September 2, 2009, which pertains to the obligations of due diligence and reporting for the prevention of the use of the financial system for money laundering and terrorist financing, defines the relevant conditions in Article R.561-15 of the CMF.^[26]

Consequently, banks and financial institutions established in European or French territory are generally regarded as presenting a low risk. For an entity located in a non-European Union country to be considered low-risk, it must implement an equivalent anti-money laundering system, which underscores the importance of publishing AML/CFT questionnaires.^[27]

Additionally, a listed company whose securities are admitted to trading on at least one regulated market in France or a state party to the Agreement on the European Economic Area, or in a third country with transparency requirements compatible with EU legislation, may also be deemed low-risk. For example, a company listed on the CAC 40 could qualify under this category.

The decree of September 2, 2009,^[28] also identifies several types of activities considered to present a low risk of money laundering. These include life insurance contracts with an annual premium of less than €1,000, certain consumer credit operations, and specific insurance transactions.

Lastly, public authorities or public bodies whose identities are accessible to the public are also classified as presenting a low risk of money.

Article L.561-10 of the CMF states that additional due diligence measures may be imposed on obligated entities beyond the obligations already stipulated in Articles L.561-5 and L.561-6.

These additional measures must be implemented under the following circumstances:

• When the customer or the legal representative is not physically present during identification;
• When the customer is a politically exposed person (PEP);
• When the product or operation contemplated with the customer promotes anonymity;
• When the operation is conducted with a person from a country or territory listed by the Financial Action Task Force (FATF) whose legislation or practices hinder the fight against money laundering and terrorist financing.

Article R.561-18 of the CMF,^[29] derived from the implementing decree of September 2, 2009, defines a politically exposed person (PEP) as an individual "who is exposed to particular risks due to their functions," residing outside France and currently holding or having held, within the last year, one of the functions exhaustively listed in the article.

The previous political position of a PEP increases susceptibility to corruption. Therefore, it should be treated as an alert situation if, for example, a German PEP opens an account in another country, such as France. Identifying this status necessitates the implementation of additional due diligence measures.

The financial institution must collect various documents:

• For corporate customers: This includes obtaining the official registry extract, the identities of shareholders or executive officers, justification for the registered office address, the articles of association, mandates, and powers of the company, and any documentation that allows for the assessment of the financial situation;
• For asset management structures without legal personality, trusts, or comparable legal arrangements under foreign law: A document is required to justify the distribution of rights over the capital or profits of the entity on behalf of which the account is being opened or a transaction executed.

The decree of September 2, 2009,^[30] specifies the additional measures that banking institutions must implement in these situations. Entities mentioned in Article L.561-2 of the CMF must:^[9]

• Obtain additional supporting documents to confirm the identity of the person with whom they are engaged in a business relationship;
• Implement measures to verify and certify copies of the official document or the extract from the official register as mentioned in Article R.561-5 of the CMF by a third party independent of the person being identified;^[31]
• Require that the initial payment of transactions be made from or to an account opened in the name of the customer with an entity subject to regulation established in a Member State of the European Union or a State party to the EEA Agreement;
• Obtain confirmation of the customer's identity from a regulated entity established in a Member State of the European Union or a State party to the EEA Agreement.

In conclusion, enhanced due diligence measures must be undertaken when the customer is a politically exposed person or when the identification of this individual is unclear. The ordinance also provides for strengthened vigilance measures.

The ordinance stipulates that strengthened due diligence measures must be applied when the risk of money laundering and terrorist financing presented by a customer, a product, or a transaction is deemed high.

Strengthened due diligence measures are required in the following situations:

• When the transaction is particularly complex or involves an unusually high amount;
• When the transaction lacks economic justification or a legitimate purpose;
• When financial institutions engage in agreements for correspondent banking services, cashing or discounting checks, or establishing business relationships for the distribution of financial instruments.

The specific measures for strengthened due diligence include:

• Gathering sufficient information about the co-contracting institution to understand the nature of its activities and to assess its reputation and the quality of oversight it is subject to, based on publicly available information;
• Evaluating the anti-money laundering and counter-terrorism financing measures implemented by the co-contracting institution;
• Ensuring that the decision to establish a business relationship with the co-contracting institution is made by a member of the executive body or an authorized individual designated by the executive body;
• Including in the correspondent banking or financial instrument distribution agreement the modalities for transmitting information upon request by the relevant institution.

Given that medium-risk situations are not explicitly addressed in the regulations, each financial institution is required to establish its criteria for identifying and managing these intermediate-risk situations.

Article L.561-6 of the CMF^[32] mandates that obligated entities conduct ongoing due diligence on customers throughout the business relationship. The purpose of this continuous monitoring is to ensure that the oversight of customers is appropriately aligned with the money laundering risks they present.

This obligation requires obligated entities to carefully scrutinize the transactions conducted by their customers, verifying that these transactions are consistent with the customer's profile. This necessitates maintaining an up-to-date understanding of the customer.

According to Article R.561-11 of the CMF, obligated entities must perform a new identification of their customer when they have "good reasons to believe" that the information obtained regarding the customer's identity at the outset of the relationship is no longer accurate.^[33]

It is essential to analyze any minor changes that may impact the assessment of the risk posed by the customer:

• For natural persons: Changes in professional status, salary, or address should be monitored, and it must be verified whether the individual has become a politically exposed person (PEP) during the business relationship;
• For legal entities: Changes in statutes, directors, shareholders, corporate purpose, or countries of operation should be investigated throughout the business relationship.

Financial institutions must regularly update their knowledge of customers to apply appropriate due diligence measures. All collected information must be documented in writing and retained for five years from the termination of the business relationship.^[34]

Article L561-8 of the CMF^[35] outlines two scenarios in which a financial intermediary is prohibited from entering into a business relationship:

• If a financial intermediary is unable to identify its customer or obtain information regarding the purpose, nature, and business relationship, it cannot execute any transactions or establish or continue the business relationship;
• If a financial intermediary has established a relationship despite being unable to identify its customer or obtain information about the purpose and nature of the business relationship—typically because the customer was assessed as presenting a low risk of money laundering—it is required to terminate that relationship.

Furthermore, when an obligated entity terminates the business relationship under the conditions specified in Article L.561-8, it must file a suspicious transaction report with TRACFIN if it suspects or has reasonable grounds to suspect money laundering or terrorist financing offenses.^[35]

The new French system is based on a dual set of complementary obligations:

• Due diligence obligations;
• Reporting obligations to TRACFIN.

France has not adopted an automatic reporting system based solely on predefined objective criteria. Instead, except for specific cases where the law mandates reporting under certain conditions, the system relies on a case-by-case analysis of sums and transactions, taking into account the profile of the business relationship and the risk classification established by the obligated entity.

As a result, organizations must analyze their customers' situations based on updated information, examine any suspicions of money laundering, and, if necessary, submit a report to TRACFIN (Intelligence Processing and Action Against Clandestine Financial Circuits). The obligations regarding the reporting of suspicions are outlined in Article L.561-15 of the CMF.^[36]

In France, legal obligations concerning anti-money laundering measures have continuously expanded since 1990, encompassing both national and European texts. This expansion has broadened the scope of professions subject to these measures and the obligation to report suspicions.^[37]

The obligated persons include:^[38]

• Banks;
• Independent Wealth Management Advisors (CGPI) and Financial Investment Advisors (CIF);
• Currency exchange offices;
• Casinos;
• Real estate intermediaries;
• Legal professions (notaries, judicial administrators, bailiffs, and lawyers);
• Accountants;
• Statutory auditors.

Over the past two decades, the obligation to report suspicions to TRACFIN has been increasingly defined through various provisions, culminating in the transposition of the 3rd European Directive of October 26, 2005, into French law via the ordinance of January 30, 2009, along with related decrees and orders issued in 2009.

Article L.561-15 I of the CMF^[36] now mandates that professionals report to TRACFIN any sums or transactions they "know, suspect, or have good reason to suspect" are derived from an offense punishable by imprisonment for more than one year or that contribute to the financing of terrorism.

Prior to the transposition of the 3rd European Directive, only five specific offenses fell under the scope of suspicious transaction reporting.^[39]

Currently, the obligation encompasses all crimes and offenses punishable by imprisonment for more than one year, effectively targeting almost the entire French Penal Code, with the exception of misdemeanors. Consequently, this ordinance covers all financial crimes and offenses likely to generate proceeds, including money laundering related to offenses such as embezzlement, counterfeiting, fraud, and breach of trust. Notably, the ordinance also establishes the requirement to report any suspicion of money laundering arising from tax fraud.

Ordinance No. 2009-104 of January 30, 2009, expanded the scope of suspicious transaction reporting to include sums or operations that may arise from any offense punishable by imprisonment for more than one year or that could contribute to the financing of terrorism. This extension now encompasses tax fraud, which in France is punishable by up to five years of imprisonment and a fine of €37,500.^[40]

According to Article 1741 of the General Tax Code, a person is guilty of tax fraud if they have evaded or attempted to evade taxes fraudulently. Tax fraud can manifest through various actions, including:

• Failure to declare income;
• Concealment of taxable sums;
• Organizing insolvency or maneuvers obstructing tax recovery;
• Accounting irregularities.

The complexity of certain tax fraud cases has been highlighted in joint guidelines published by the Banking Commission and TRACFIN in December 2009. To assist professionals in detecting such offenses, the ordinance establishes specific criteria defined by decree.^[41][42]

These criteria are alternative, meaning that obligated entities must report to TRACFIN any transaction that meets at least one of them when they suspect tax fraud. The report must include the elements of analysis that led to the selection of at least one criterion.

The 16 criteria used to qualify tax fraud can be categorized into five groups:

• Form indicators;
• Financial indicators (atypical use of the bank account);
• Indicators related to the customer's activity;
• Interposition indicators;
• International operations.

Financial institutions are mandated to conduct enhanced scrutiny on transactions that are particularly complex, unusually high in value, or lack clear economic justification. When such unusual transactions are identified, institutions must carry out a thorough and individualized analysis, which involves.^[43][44][45]

• Inquiring about the origin and destination of the funds;
• Understanding the purpose of the transaction;
• Identifying the beneficiary.

To facilitate this process, the Financial Markets Authority has provided a non-exhaustive list of relevant information that should be collected and retained, including:^[46]

• The amount, origin, and destination of the funds, along with details about the individuals involved in the transaction;
• The identity of the instructing party and the ultimate beneficiaries;
• The purpose, characteristics, and methods of the transaction;
• The consistency of the information gathered.

If, after this enhanced scrutiny, suspicion remains unresolved, the institution must submit a report to TRACFIN. Importantly, reporting is not automatic; it follows a comprehensive analysis that fails to dispel suspicion.

Trusts and fiduciaries, rooted in Anglo-Saxon law, complicate the identification of ultimate beneficiaries since they often involve multiple parties: the settlor (who transfers ownership), the trustee (who manages the assets), and the beneficiary (who benefits from the trust). Due to this complexity, financial institutions must undertake diligent efforts to identify:

• The instructing party;
• The ultimate beneficiaries;
• The settlor of the trust.

If the ultimate beneficiaries cannot be identified or if there are doubts regarding their identity, institutions are required to file a suspicious activity report. This proactive approach is crucial in maintaining compliance and mitigating risks associated with money laundering and terrorist financing.^[47][36]

Article L.561-15 V of the CMF^[36] mandates that professionals must promptly notify TRACFIN of any new information that could confirm, refute, or modify elements in an initial report. This includes details about the characteristics of reported transactions or any relevant information about the business relationship. If a financial institution suspects ongoing financial flows from a customer whose transactions have already been reported, a supplementary report can only be submitted if the new transactions involve significant amounts, typically at least equivalent to those previously reported.

When a financial institution is unable to identify a customer or gather necessary information about the purpose and nature of a business relationship, it must refrain from conducting transactions or establishing the relationship. If the relationship is already in place, it must be terminated. In this scenario, the institution is also required to consider filing a suspicious transaction report.^[48][35]

The obligation to report after terminating a business relationship does not imply automatic reporting; instead, it necessitates a thorough, individualized analysis of the situation. The financial institution must evaluate the circumstances based on the information available to determine if a suspicious transaction report is warranted. This approach ensures that reporting is based on substantive findings rather than a blanket response to termination.

The written suspicious transaction report must be completed using a form available on the TRACFIN website. This form facilitates quick and automated processing of reports. The declarant is required to specify the legal or regulatory provision that necessitated the report. The online platform, TéléDS, allows for direct completion of the form and enables the simultaneous uploading of supporting documents.

While the written report is the standard procedure, a verbal report is also permitted under Articles L.561-18 and R.561-31 of the CMF. However, this option is limited to situations where the circumstances surrounding the operation warrant immediate verbal communication. In such cases, the declarant must visit TRACFIN's premises and present supporting documents.

Regardless of the reporting method, Article R.561-31 I of the CMF outlines essential content requirements for the report:

• Identification and Knowledge Elements: Include details about the customer and, if applicable, the beneficial owner;
• Purpose and Nature of the Relationship: Clearly outline the nature of the business relationship;
• Details of the Operations: Provide specifics regarding the operations that raised suspicion;
• Analysis Elements: Summarize the analysis and reasoning that led to the suspicion, including relevant supporting evidence.

For reports related to tax fraud, the declarant must specify the elements that align with at least one of the 16 criteria outlined in Decree No. 2009-874 of July 16, 2009. All relevant documentation must be attached to ensure effective processing by TRACFIN.

The declarant has the option to provide additional information in a supplementary report, which can either confirm or refute initial suspicions. This mechanism allows for ongoing communication with TRACFIN and ensures that the agency has the most accurate and comprehensive information available.

The quality of a suspicious transaction report (STR) is crucial for effective processing by TRACFIN. Deficiencies in the report can render it unusable. Common issues that may affect the report's quality include:

• Inadequate Writing: This may involve lack of clarity, excessive detail, or failure to address key sections of the declaration form;
• Misunderstanding of Suspicion: If the report does not accurately reflect the nature of the suspicion, it may be considered ineffective

According to Article L.561-16 of the CMF,^[49] explicitly establishes the principle of suspicious transaction report prior to the execution of the transaction in order, if necessary, to allow TRACFIN to exercise its opposition right.

The professional must therefore refrain from carrying out any operation that he suspects is related to money laundering or terrorist financing. However, Article L.561-16, paragraph 2 outlines exceptions where the report may concern transactions that have already been executed. These exceptions include:^[49]

• Impossibility to Suspend Execution: If it is not feasible to halt the transaction;
• Harm to Ongoing Investigations: If postponing the transaction could negatively impact an active investigation;
• Suspicion Arising Post-Completion: If the suspicion came to light after the transaction was completed.

In these cases, professionals must analyze the facts leading to the suspicion and submit the declaration without delay if their analysis confirms it.

Declarants need to avoid unnecessary delays between identifying the initial suspicious transaction and submitting the STR to TRACFIN. While regulations advocate for a priori reporting, practical scenarios often result in a posteriori reports. In retail banking, for example, customers may operate their accounts independently, which can complicate the detection of suspicious activities. Consequently, it is often a pattern of transactions or general account activity that raises red flags, rather than isolated transactions.

In summary, maintaining high-quality reports and adhering to prompt reporting protocols are critical components of effective anti-money laundering practices.

Financial institutions are required to retain specific documents related to suspicious transaction reports (STRs) for five years following the termination of the corresponding business relationship. These documents include:

• Copy of the Suspicious Transaction Report: This includes any attached documents. For oral reports, a copy of any transmitted documents to TRACFIN must be retained;
• Declarant's Information: The name of the individual who made the report and the date it was submitted;
• Acknowledgment of Receipt: Any acknowledgment of receipt from TRACFIN, if applicable.

It is important to note that, in compliance with Article 6 of the law of January 6, 1978, concerning data processing and freedoms, these retained documents can only be used for the purposes for which they were collected. They must not be kept longer than necessary for those purposes.

Confidentiality surrounding suspicious transaction reports is critical. Key aspects of this confidentiality include:

• Non-Disclosure: The existence, content, and outcomes of the STR must not be disclosed. Violating this confidentiality can result in a fine of up to €22,500, as specified in Article L. 574-1 of the CMF. The only exception to this rule is when a lawyer dissuades their client from engaging in illegal activities;^[50]
• Access by Judicial Authorities: Judicial authorities may access the report when TRACFIN informs the public prosecutor. However, to protect the declarants, these reports will not be included in the court records;^[51]
• Access Upon Requisition: The judicial authority can also obtain access to STRs through a requisition from TRACFIN, particularly when there are suspicions involving the individuals responsible for making the reports.^[52]

Under Article L. 561-29 of the CMF, TRACFIN has the authority to disclose information to several French authorities, including:^[53]

• Customs authorities;
• Judicial police services;
• Intelligence services;
• Tax authorities.

This framework ensures that while the confidentiality of STRs is upheld, necessary cooperation with judicial and regulatory authorities is maintained to combat money laundering and terrorism financing.

Entities subject to reporting obligations, such as those within the same group, network, or professional structure, can share information about the existence and content of suspicious transaction reports (STRs). This exchange must follow specific procedures established by these entities. In exceptional cases, this sharing can extend to entities not belonging to the same group, provided they are subject to equivalent confidentiality obligations and have operations in an EU member state or a recognized equivalent third country.

Article L. 561-22 5° of the CMF outlines conditions under which professionals can be exempt from criminal liability for money laundering offenses when they submit a suspicious transaction report:

• Compliance with Validity Conditions: The report must meet the general conditions for validity as defined in Articles L. 561-16 and L. 561-25 of the CMF;
• Absence of Fraudulent Collusion: There must be no "fraudulent collusion" between the reporting professional, TRACFIN, and the individual suspected of money laundering. While "fraudulent collusion" is not explicitly defined in legal texts, parliamentary discussions suggest it refers to a secret agreement aimed at deceiving one or more parties.

This framework encourages professionals to report suspicious activities without the fear of liability, provided they act in good faith and adhere to the established legal protocols.^[54]

The Financial Action Task Force (FATF) is an intergovernmental organization established in 1989, primarily aimed at combating money laundering and terrorist financing. It functions as a policy-making body that develops and promotes standards for effective legislative, regulatory, and operational measures in this domain.

The FATF has formulated a series of recommendations recognized as the international standard for anti-money laundering (AML) and counter-terrorist financing (CFT). These recommendations provide a framework for countries to establish and enhance their AML/CFT measures. Additionally, the FATF facilitates a coordinated global response to the threats posed by money laundering and terrorist financing, ensuring that countries work towards similar standards and practices. By providing a consistent set of guidelines, the FATF contributes to the harmonization of AML/CFT regulations across jurisdictions, which helps protect the integrity of the financial system worldwide.^[55]

Established by Law No. 90-614 on July 12, 1990,^[56] following the G7 Summit at La Grande Arche in July 1989, TRACFIN^[42] (Intelligence Processing and Action Against Clandestine Financial Circuits) contributes to the growing concern for combating money laundering and developing a healthy economy.

Originally a financial intelligence coordination unit within the General Directorate of Customs, TRACFIN became a national competence service by Decree No. 2006-1541 of December 6, 2006,^[57] and gained its direction. The TRACFIN unit operates under the auspices of the Ministry of Economy, Finance, Industry, and Employment, as well as under the minister responsible for Budget, Public Accounts, Public Service, and State Reform.

The legislator has assigned TRACFIN three primary missions:

• Receiving and protecting information on underground financial networks and operations that could be intended for financing terrorism and money laundering;^[58]
• Analyzing and enhancing financial information received under articles L.561-26, L.561-27, and L. 561-31 of the CMF;
• Transmitting financial intelligence^[53] to judicial authorities, judicial police services, customs and tax authorities, and specialized intelligence services.

TRACFIN's role is to collect, analyze, and enhance reports submitted by obligated professionals. As an administrative investigation service, its actions occur upstream of the judicial phase, responding to alerts from entities regarding atypical financial transactions.^[56]

The effectiveness of TRACFIN's system is largely due to its unique partnership with financial institutions. According to the 2008 annual report, out of the 14,565 reports received, 1,171 were submitted in a dematerialized form. A significant portion of these reports came from banks and credit institutions (79%), followed by manual currency exchangers (10%), insurance companies (5%), notaries (2%), and various other professions, including accountants, auditors, and auctioneers (4%).^[59]

To conduct cross-referencing of financial information on reported operations, TRACFIN is endowed with various powers that are strictly regulated by law:

• The right to request information: TRACFIN has the authority to request that financial institutions provide documents, regardless of their medium, related to the operation or individual specified in the report, within a designated timeframe;
• The right to access: Since Ordinance No. 2009-104 of January 30, 2009, TRACFIN is permitted to obtain documents directly by visiting the premises of financial institutions subject to the anti-money laundering system.^[60][61]

However, these two prerogatives are subject to certain restrictions for specific professions, such as lawyers and solicitors. In such cases, approval from the Bar Council or the president of the company is required before any documents can be communicated or seized, unless the lawyer is acting in a fiduciary capacity.

• The right to object: TRACFIN can block a transaction that has not yet been executed for one working day from the receipt of the report. This prerogative, unique in French law, proves to be delicate to implement as the organization that made the suspicious transaction report must not inform its customer of the declaration made and must justify the blocking of the transaction. Any unnecessary blocking may result in the liability of the State;
• Requests for information exchange: This right to exchange information is carried out both with French units and foreign units performing activities similar to those of TRACFIN. Regarding the exchange of information with national administrations, since the 2009 ordinance, TRACFIN can exchange information with individuals tasked with a public service mission.

This ability was not provided for by the New Economic Regulation Law of 2001, which had limited this possibility to only state administrations, local authorities, regulatory authorities, public establishments, and organizations mentioned in Article L.134-1 of the Code of Financial Jurisdictions.^[62] The addition of new interlocutors as diverse as the URSSAF, professional unions, or sports leagues, often holders of information related to suspicious legal structures, will allow TRACFIN to obtain much more targeted and precise information effectively.

The ACPR (Autorité de Contrôle Prudentiel et de Résolution) is an institution integrated into the Bank of France, responsible for supervising the activities of banks and insurance companies in France. It was founded in January 2010 by Ordinance No. 2010-76.

It is responsible for ensuring compliance by the entities subject to AML/CFT obligations and, in this capacity, conducts both document-based and on-site inspections.^[63][64]

In addition to the tools provided by the legislature, TRACFIN participates in the Egmont Group,^[65] an informal forum established in Brussels. The primary objective of this group is to enhance international cooperation among various anti-money laundering units, particularly through improved information exchange among its members and the pooling of expertise. Notable achievements of the forum include the development of a standard bilateral agreement to facilitate cooperation between different financial intelligence units, the regular exchange of personnel, and the organization of regional training workshops.

This forum operates independently of police, judicial, or diplomatic structures, allowing for the implementation of practical solutions to address the daily challenges of anti-money laundering efforts. By circumventing bureaucratic hurdles associated with initiating judicial cooperation procedures, information flow becomes more agile, enhancing the responsiveness of these intelligence-gathering units. As of November 30, the Egmont Group recognized 58 financial intelligence units worldwide.

Despite the ongoing capability for information exchange, this facility remains significantly underutilized. In 2008, TRACFIN made only 957 requests for information to its foreign counterparts, primarily within the EU, and received 951 requests from abroad, with 93% originating from European entities. Furthermore, this exchange capability is restricted to reconstructing transactions carried out by individuals or legal entities following a declaration, or to informing foreign financial intelligence units.

The judicial authority is the primary recipient of the information gathered by TRACFIN. A thorough analysis is conducted based on all received declarations. If TRACFIN identifies sufficient elements suggesting that an offense has been committed, it can refer the case to the competent Public Prosecutor.

According to the 2008 annual report, out of the 359 declarations forwarded to the judiciary:

• 85% of the declarations forwarded to the judiciary originate from the banking sector;
• 6% from the gaming sector;
• 3% from the real estate sector;
• 6% from other sectors combined.

These declarations pertain to:

• 50% primary offenses;
• 26% concealment;
• 13% placement;
• 10% integration;
• 1% terrorism.

In addition to processing forwarded cases, it has become customary for the most sensitive matters to undergo preliminary discussions before being transmitted to the judiciary. The Ministry of Justice is responsible for communicating the exact number and nature of convictions handed down for money laundering offenses. TRACFIN has the right to know the outcomes of its transmissions to the judiciary and to inform the reporting institutions about the status of their declarations.

Since February 1, 2009, the tax administration has had the right to access information held by TRACFIN, as stipulated by Article L.561-29 of the CMF.^[53] TRACFIN transmits information to the tax administration regarding facts that may constitute tax fraud or money laundering from the proceeds of such offenses. This information can be used by the tax administration in its functions, including tax audits and criminal enforcement. To enhance the efficiency of this collaboration, officials from the tax administration provide accounting and tax expertise on money laundering schemes within TRACFIN.

• Anti-Money Laundering Act (Switzerland)
• Money laundering
• Terrorism financing
• Financial Action Task Force on Money Laundering