Skip to main content

BaFin Tightens Money Laundering Prevention & Update Obligations

Written by p400123 on . Posted in Uncategorized.

Shortened KYC Intervals, Clear Risk Segregation, Stricter Monitoring

New Rules for Prevention

The requirements for money laundering and terrorism financing prevention are noticeably increasing.
BaFin has clearly sharpened its expectations of you as an obligated party: shorter update intervals for customer data, a strict separation of money laundering and terrorism financing risks, and enhanced, targeted monitoring are key points.

This brings three main topics to the forefront:

  1. Up-to-date Customer Data – moving from long cycles to regular updates.

  2. Separate Risk Analyses – no longer mixing money laundering and terrorism financing risks.

  3. More Targeted Monitoring of Sensitive Products and Transactions – based on a risk-oriented approach.

These changes are not just national mandates. They are part of a European and international framework – from AMLA to EBA and ESMA to the global FATF standards.

 

BaFin new expectations for institutions

 


BaFin’s Views vs. Obligations’ Expectations

BaFin’s Views Expectations for Obligated Parties
Risks from terrorism financing are often not or insufficiently considered during on-site inspections. Separation of the risk analysis for money laundering and terrorism financing – no mixing, to address both risk types specifically.
Summary of money laundering and terrorism financing risks leads to lack of focus. For terrorism financing, identify and document specific risks for each product, customer, and distribution channel.
Certain products/services (payment services, cash transactions, credit/prepaid cards, association and SME accounts) are particularly vulnerable. For these high-risk areas, implement enhanced testing and control measures.
Onboarding is a crucial lever for preventing terrorism financing. Identify customers comprehensively and risk-oriented during the onboarding process – “KYC” with the most up-to-date data.
Shortened update intervals support a continuous currentness of customer data. Regularly update customer information – not only for high-risk countries, but also in case of noticeable patterns.
Associations, religious organizations, or crowdfunding can be misused for terrorism financing. Increased due diligence obligations for these customer groups, including purpose assessment of donations and source/use analysis.
Adverse media screening is an effective additional tool. Combine PEP-, sanction, and adverse media screening to assess risks more precisely.
Unusual transactions that do not align with account usage or economic circumstances are a warning sign. Expand anomaly detection in monitoring (e.g., high amounts in student or low-income accounts).
High cash donations, sometimes pooled from many small amounts, are particularly risky. In cash transactions, intensify checks, critically question provenance proofs, and analyze the use of funds.
Payments to/from high-risk countries, including via indirect routes, pose high risks. Track transaction chains, even if payments occur via neighboring or friendly states.

1. Update Obligations: Why Your KYC Processes Must Become Faster (Implementation by July 10, 2027)

Until now, many institutions had very long update cycles for customer data – sometimes up to ten years for standard risk customers.
That is now changing fundamentally. KYC data must be updated significantly more frequently to ensure that your risk profile can always realistically reflect the current situation.

Specifically, this means:

  • More Interaction with Existing Customers: Regular reviews prevent unnoticed changes in risk profiles.

  • Early Warning System in the Customer Base: Significant developments – such as new business fields or unusual payment flows – are detected more quickly.

  • Technical Support: Digital KYC systems and automated reminders help meet deadlines.

Advantage: You not only reduce money laundering risks but also increase your chances of early detection of terrorism financing – especially if customers change their economic activity or partner networks.

The application of AMLD (Directive (EU) 2024/1640) will mainly take place from July 10, 2027, after its transposition into national law by the German legislator.Until then, the previous regulations of the Money Laundering Act remain unchanged.The AMLD brings new mechanisms to combat money laundering and terrorism financing and will be further specified by technical standards of the new EU Anti-Money Laundering Authority (AMLA).

2. Risk Segregation: Why Money Laundering and Terrorism Financing Don’t Belong Together

One of the central criticisms from the oversight is that many institutions treat risks from money laundering and terrorism financing in a single risk analysis.
This leads to specific dangers being overlooked.

The difference is crucial:

  • Money Laundering: Usually illegal origin of funds (e.g., from criminal acts) → aim is to introduce it into the legal financial cycle.

  • Terrorism Financing: Funds often come from legal sources (e.g., salary, donations) → aim is to channel it into criminal networks.

Why the separation is important:

  • The indicators for money laundering and terrorism financing differ significantly.

  • The monitoring must be configured differently.

  • Measures effective against money laundering can fail in the case of terrorism financing – and vice versa.


3. Current BaFin Expectations

Focus Expectation
KYC Update Update customer data more frequently, introduce risk-oriented checks
Risk Segregation Analyze money laundering and terrorism financing risks separately
Product & Customer-Specific Analysis Clearly define risks by product, customer group, and distribution channel
High-Risk Products Monitor payment services, cash, prepaid cards, association and SME accounts more closely
Screening Implement combined PEP-, sanction, and adverse media screening
Monitoring Detect anomalies, set thresholds and alerts based on risk
Cash & High-Risk Countries Critically examine source and use, trace payment routes, including indirect ones

4. Targeted Monitoring: From Standard Controls to Risk-Oriented Supervision

Another core point: Standard transaction monitoring is no longer sufficient.
The oversight expects you to align your monitoring with specific risk profiles.

Practical Approaches:

  • Fine-Tuning Alerts: Adjust thresholds to capture both large and unusually small but suspicious amounts.

  • Combining Multiple Indicators: Look at patterns over time, not just single transactions.

  • Data Enrichment: Enrich transaction data with external information (e.g., adverse media, business relationships, known high-risk countries).

5. Keeping an Eye on Sensitive Areas

Particularly critical are:

  • Payment Services with International Connections

  • Cash Transactions and Deposits

  • Prepaid Cards

  • Association and Small Business Accounts

  • Crowdfunding and Donation Platforms

Here, the oversight requires you to apply increased due diligence obligations. This includes not only checking the source of funds but also their specific use.

6. International Standards as a Guideline

AMLA (Anti-Money Laundering Authority)

  • Operational from 2028 but already guiding today.

  • Goal: EU-wide harmonization of AML/CFT requirements.

  • Focus on risk-based methodology and uniform supervisory standards.

EBA (European Banking Authority)

  • Develops guidelines for risk assessment, governance, and internal controls.

  • Emphasizes the separation of risk categories and adapting due diligence to new threats.

ESMA (European Securities and Markets Authority)

  • Focuses on the securities sector, particularly on integrating AML/CFT into securities oversight.

FATF (Financial Action Task Force)

  • World leader in developing standards against money laundering and terrorism financing.

  • Emphasizes the necessity of a dynamic risk assessment and adapting to new financial structures.

7. Implementation in Your Practice

a) Organizational Measures

  • Clearly Define Roles: Who is responsible for risk analysis, KYC updates, and monitoring?

  • Establish Internal Escalation Paths to react quickly to anomalies.

b) Technical Support

  • Use automated KYC tools with reminder functions for updates.

  • Monitoring Systems with machine learning to detect patterns and anomalies.

c) Documentation

  • Document every decision and review in a traceable manner.

  • Justify and record changes to processes or thresholds.


8. Your To-Do List for BaFin Requirements

Field of Action Specific Measure
KYC Update Shorten cycle, use automated reminder systems, implement by AMLD6/AMLR by July 10, 2027
Risk Analysis Separate money laundering and terrorism financing risks
Monitoring Adjust thresholds and alerts based on risk
High-Risk Products Implement specific test processes
Screening Combine PEP-, sanction, and adverse media
Sensitive Customer Groups Additional testing and documentation obligations
Cash Transactions Critically examine source and use
High-Risk Countries Analyze direct and indirect routes
Training Regularly train teams on new requirements

9. Your Advantage If You Act Now

By proactively implementing the new requirements:

  • You Minimize Regulatory Risks during audits.

  • You Avoid Reputational Damage from cases going through your institution.

  • You Increase the Efficiency of your compliance processes through clear separation and targeted monitoring.

10. Conclusion

BaFin expects you not only to comply with existing rules but to actively develop your preventive measures.
This means:

  • Timeliness: Always keep customer data up to date.

  • Clarity: Separate risks and analyze them specifically.

  • Purposefulness: Align monitoring with actual risks.

The interplay with international standards – from AMLA to EBA, ESMA to FATF – clearly shows: The direction is clear, and the demand is high.