Chevalier & Sciales | View firm profile
Luxembourg’s government has published draft legislation to incorporate into national law the requirements under articles 30 and 31 of the European Union’s Directive 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, better known as the 4th Anti-Money Laundering Directive. Placed before the Chamber of Deputies on December 6, 2017, draft law no. 7217 would establish a central register of beneficial owners of Luxembourg legal entities such as companies and partnerships under the authority of the minister of justice, while draft law no. 7216 would create a similar register of beneficial owners of fiduciary contracts, that is express trusts, under the authority of the Administration de l’Enregistrement et des Domaines, Luxembourg’s indirect tax authority.
Fourth money-laundering directive
The requirement for each member state to establish beneficial ownership registers is the main new feature of the fourth AML directive, one that has already been implemented by many EU countries. While the final form of the Luxembourg legislation is subject to the parliamentary process, it is unlikely to move far away from the EU text.
The definition of beneficial owners, initially as set out in the law of November 12, 2004 on money laundering and terrorist financing, has just been amended by the law of February 18, 2018 on professional duties and regulatory powers in relation to money laundering and the financing of terrorism, which incorporates into national law other provisions of the fourth AML directive governing information on the transfer of funds.
While the directive and the Luxembourg legislation are intended to create greater transparency regarding owners and beneficiaries of corporate and fiduciary structures, the government has chosen to incorporate safeguards against improper access to the registers and use of the data they contain.
Who is a beneficial owner?
The newly-enacted law designates the beneficial owner as any individual who ultimately possesses or controls the entity in question or for whom a transaction or activity is carried out. For companies and similar entities, this means that directly or indirectly, they possess or control a sufficient proportion of shares, voting rights or capital interest, including via bearer shares or other means, in an entity other than one listed on a regulated market and subject to EU or equivalent international requirements on transparency of ownership.
Direct ownership is measured by a shareholding exceeding 25% of the capital held by an individual, or indirect ownership by a shareholding exceeding 25% held by one or more companies controlled by the same individual(s). The law states that if this definition does not identify one or more beneficial owners, the designation applies to any individual acting as the principal executive of the entity.
In the case of fiduciary arrangements and trusts, the designation covers the settlor, any trustees, the protector (if applicable) and the beneficiaries, or, if these have not yet been designated, the category of persons for whose benefit the trust or entity has been established, any other person exerting ultimate direct or indirect control over the fiduciary arrangement or trusts. The same applies to any individuals exercising equivalent roles for legal entities such as foundations or structures similar to trusts and fiduciary arrangements.
What kind or corporate entities are covered?
The register of beneficial owners under draft law no. 7217 covers all Luxembourg commercial companies and other legal entities recorded in the country’s trade and companies’ register. These include commercial companies, including public limited companies, private limited companies, simplified joint stock companies, simplified private limited companies, partnerships limited by shares, common limited partnerships, special limited partnerships; foundations and non-profit organisations; civil law partnerships; national or European economic interest groupings; corporate investment funds; pension, mutual insurance and agricultural associations; and state and municipal public bodies.
Excluded from the requirement are companies listed on regulated markets in Luxembourg, in the European Economic Area or any other country with equivalent regulatory standards, as well as mutual funds (FCPs) and branches of foreign companies.
What are companies’ obligations?
Entities covered by the law will be required to obtain and keep complete, accurate and up-to-date information on their beneficial owner(s) at the entity’s registered office. The information must be provided to the central register of beneficial owners (Registre des bénéficiaires effectifs, or REBECO), which is maintained by the Luxembourg trade and companies’ register but separate from it.
Existing companies will have up to six months after the legislation comes into force to apply to REBECO for registration of the required information; subsequently they must apply for registration within a month of becoming subject to the law’s requirements.
Criminal penalties, including fines of between €1,250 and €1.25 million, may be applied to entities or their representatives that fail to supply the information to the register within the deadline, knowingly provide partial, incorrect or outdated information, or fail to maintain up-to-date records at their registered office. Anyone with access to REBECO who becomes aware of incorrect or missing information must inform the register without delay.
What information must they provide?
The information required includes the identity of the beneficial owner, their date and place of birth, nationality, and private or professional address of residence and national identity number, as well as the nature and extent of beneficial interests held in the entity in question. A future grand-ducal decree will set out the list of supporting documents that must be attached to the request for registration with REBECO. The information, including supporting documents, will be kept by REBECO for five years after the dissolution of the entity or it ceasing to exist.
Entities or their representatives, which can include the appointed notary or the creator of the applicable incorporation deed or any amending deed of the entity in question, must apply electronically to the register for registration. Once the request is filed, the administrator has three working days to process the registration.
The administrator may refuse the registration request if it is incomplete, does not comply with legal or regulatory provisions, or is inconsistent with the supporting documents. They will then send the applicant a request for regularisation, giving the applicant 15 days to comply. In the event of refusal of registration, the administrator will notify the applicant, citing the reasons for its decision; the applicant has a right of appeal against a refusal.
Who can access the REBECO register?
Full, unrestricted and unlimited electronic access to the information held by REBECO will be limited to national public authorities, including the public prosecutor’s office, the Financial Intelligence Unit, the Financial Sector Supervisory Authority (CSSF), the insurance regulator (Commissariat aux Assurances), direct and indirect tax authorities, and customs and excise.
Professional self-regulatory bodies such as the Bar Council, Chamber of Notaries, Institute of Auditors, Order of Accountants and Chamber of Bailiffs, will also have electronic access to the register, subject to authorisation from the REBECO manager, but strictly limited to the exercise of their obligation to monitor the compliance with anti-money laundering and financing of terrorism obligations. They are not entitled to access the address or national identity numbers of beneficial owners.
Entities subject to anti-money laundering obligations such as banks, financial sector professional entities, insurance businesses and UCITS management companies, including foreign entities active in Luxembourg under freedom of services rules, may also obtain restricted access to REBECO, excluding the address or national identity numbers of beneficial owners, to comply with their obligations to carry out due diligence on their clients. A self-regulatory body or AML-subject entity can face a criminal fine of between €1,250 and €1.25m for making an unjustified request for access.
Can ordinary individuals access the register?
Restricted access, initially physical, may be granted to any Luxembourg-resident individual or organisation that can demonstrate a legitimate interest with regard to anti-money laundering efforts, subject to a formal written application justifying the request and its approval by a co-ordination committee to be created by the minister of justice. The entity concerned may contest the request.
In such cases, the applicant cannot access the beneficial owner’s date and place of birth, address and national identity number. Electronic access may be requested starting six months following the entry into force of the law; no access to the supporting documents will be permitted.
Exceptionally, any entity covered by the register may request restriction of access to their data in REBECO to national authorities if they can demonstrate that broader access might expose the beneficial owner to the risk of fraud, kidnapping, blackmail, violence or intimidation, or if they are a minor or otherwise do not enjoy full legal rights. In such cases, the administrator will refer the request to the co-ordination committee, which will decide on the legitimacy of the request and inform the entity and administrator accordingly. Pending the decision, access will be temporarily limited to national authorities.
How do the rules differ for trust information?
The regime governing the register of trusts and fiduciary arrangements (Registre des Fiducies), as defined by Luxembourg’s law on trusts and fiduciary contracts of July 27, 2003, is broadly similar to that for REBECO, but with certain differences reflecting their different nature.
The trustees of any express trust governed by Luxembourg law and that entails tax consequences must obtain, hold, maintain and upload information in the central fiduciary register. They must request registration of the trust within six months of the law coming into force.
Compliance by trustees with these requirements and other professional obligations defined by the AML law is monitored by regulatory authorities, which may impose administrative penalties such as a fine or temporary suspension from exercising professional activity.
What information must trustees provide?
The information must include the identity of the settlor, trustee(s), protector (if any), beneficiaries or class of beneficiaries, as well as any other individuals exercising effective control over the trust. If beneficiaries are designated by characteristics or categories, the trustee must obtain sufficient information to be able to identify them at the time of a pay-out or when the beneficiaries exercise their vested rights.
The information must be kept in the register for five years following the dissolution or termination of the trust. Anyone with access to the register that detects incorrect or missing information must inform its manager without delay.
If the parties to the trust to be identified are individuals, the trustee must collect the same information as for beneficial owners of companies and other entities, apart from the nature and extent of the interests held. If they are legal entities, the trustee must obtain their legal designation, including any abbreviation or commercial brand, their registered address, and the registration number or name if they are entered in the Luxembourg Trade and Companies Register, or any foreign registration number if they are not.
Who can access the trust register?
Trustees must provide the identity of the parties to the trust and its registration number on request to the national authorities, disclose their status as trustees and provide information to entities subject to AML requirements with which they enter into business relationship in their capacity as trustees, or carry out transactions exceeding thresholds defined in the AML Law.
Access to the trusts register is limited to national authorities. The law, which provides extended supervisory and sanctioning powers to the Administration de l’Enregistrement et des Domaines, calls on the public regulatory authorities, including the CAA and CSSF, to co-operate and exchange any relevant information in order to perform their duties as stipulated by the beneficial ownership registry legislation and Luxembourg’s anti-money laundering law.
The creation of these two new registers will give rise to additional obligations and responsibilities for companies and trustees in Luxembourg, which should begin preparations even though the draft legislation may be amended before becoming law. Stakeholders affected by the two registers should also bear in mind that they will have to comply with applicable data protection laws, notably the EU’s General Data Protection Regulation, which will come into force on May 25, 2018.