Since the entry into force of of the Anti-Money Laundering Law /AML/, obligations have arisen for a large number of legal entities, including insurers, exchange offices, persons providing accounting services and legal advice, wholesalers, persons organising the award of public contracts, persons carrying out real estate transactions for hire, professional sports clubs and many, many others. They are all listed exhaustively in Article 4 of the MIPA and part of their obligations is to prepare a risk assessment and a set of internal rules and procedures in accordance with which to conduct their business. In case you are not sure whether you fall within the obliged entities, you could check by looking at this listand also by contacting us at office@kgk.bg and telling us about your area of activity.
In the following, we will provide you with some more information on the documents required from the obliged persons.
Risk assessment - This considers risk factors relating to customers, countries or geographic areas, products and services offered, operations and transactions carried out or delivery mechanisms. The risk assessment should be updated periodically. It should be consistent with the national risk assessment as well as with the recommendations of the European Commission in this respect. The importance of the risk assessment stems from the fact that, on the basis of it, the obliged persons referred to in Article 4 of the MIPA determine the risk profiles of their customers and of their business relationships with them and thus assess which of the measures set out in the law to take in relation to the risk profile concerned.
Internal rules - The risk assessment itself is used to develop the internal rules as it is used by individuals to determine the specific measures that will be appropriate for their type of activity. The internal rules consist of a wide range of components, including: clear criteria for identifying suspicious transactions or transactions and customers; arrangements for the use of technical means for the prevention and detection of money laundering and terrorist financing; a system of internal control over the implementation of the obligations under the AML/CFT Act; the possibility of independent audit; arrangements for the collection, retention and disclosure of information; allocation of responsibility for the implementation of the measures; and so on. Various annexes shall be prepared to the internal rules to systematize and facilitate the work of the obligations entity. It is also necessary to organise trainings for employees and workers (the rules for these trainings should also be included in the internal rules) in order to familiarise them with the requirements under the MIPA and the new operational working method.
Having recalled the legal requirements for the documents to be prepared by the obliged entities, we can move on to the deadlines. The law states that entities shall adopt their internal rules within 4 months of their registration (Article 102(1) of the MIPA). And already registered obliged entities for which the obligation to implement anti-money laundering measures arose prior to to the entry into force i.e. they already had internal rules in this respect, but without complying with the new requirements) must bring their internal rules into compliance with the requirements set out in Article 101 of the AML Law within six months of the publication of the results of the national risk assessment n the website of the SANS (§ 6 of the AML Law). The national risk assessment was published on the website in question on 9 January 2020. The six months run from that date.
What is the impact of the now ended state of emergency on the deadlines described above. In § 10 of the Law of 9 April 2020 amending the Law on Measures and Actions during the State of Emergency, it is stated that certain deadlines, including the four-month and six-month deadlines for the adoption/updating of the internal rules , shall cease to run until the end of the state of emergency. An announcement has been posted on the SANS website that the above deadlines expire at 24.00 hours on 21.08.2020. By that date, all obliged entities in the territory of the Republic of Bulgaria should update, respectively adopt their internal rules.
The combination of the financial penalties for breaches of BGN 10 000 to BGN 2 000 000 set out in the MIPA and the body that will exercise control over the obliged entities - the SANS, might at first glance seem worrying for the obliged entities. Nonetheless, a timely response by traders, including documentary and practical preparation, will give the necessary peace of mind.