Anti-money laundering framework for financial institutions in France

Anti-money laundering framework for financial institutions in France are the main aspects of the French framework for anti–money laundering regulations for financial institutions. It includes the laws and regulations implemented in French for liable parties to combat money laundering and terrorist financing in line with international initiatives.

History
In France, the framework stems from Ordinance 2009-104 of January 30, 2009, codified in Articles L. 561-1 and following the French Monetary and Financial Code.

The fourth directive on combating money-laundering and the financing of terrorism (AML-CFT), launched on February 5, 2013, was voted on in committees of the European Parliament on January 27, 2015. It included several legal innovations, including the creation of national databases. It was transposed into domestic law by the Member States by June 26, 2017 (the date of entry into force in France).

The fifth European AML-CFT directive (Directive (EU) No 2018/843 of May 30, 2018) came into force in July 2018.

In addition to the European legislative framework, the regulatory requirements for governance and internal control regarding AML/CFT were defined by the decree of January 6, 2021, which came into effect on March 1, 2021.

The ACPR ensures the AML/CFT supervision and the AML/CFT obligations, but common supervision by the European Union is expected to come into effect in 2023.

The liable parties
The list of liable parties to combat money laundering and terrorist financing is defined in Article L561-2 of the Monetary and Financial Code (hereinafter "CMF") and includes:


 * Establishments in the banking sector
 * Insurance companies and brokers
 * Les institutions de prévoyance
 * Provident institutions
 * Mutual insurance companies and unions, reinsurance and capitalization
 * The Bank of France
 * The overseas department issuing institute
 * The overseas issuing institute
 * Investment firms (excluding portfolio management companies)
 * Credit institutions headquartered in a state that is part of the European Economic Area (EEA). The General Regulation of the Financial Markets Authority allows for the inclusion of establishments not based in the EEA
 * Investment firms headquartered in a state belonging to the EEA. The General Regulation of the Financial Markets Authority allows for the inclusion of establishments not based in the EEA
 * Corporate entities whose partners are jointly and severally held by credit institutions headquartered in a state that is part of the European Economic Area (EEA)
 * Corporate entities headquartered in mainland France or overseas departments or in Saint-Barthélemy or Saint-Martin, whose main or sole purpose is the clearing of financial instruments. The General Regulation of the Financial Markets Authority allows for the inclusion of corporate entities not established in mainland France or overseas departments or Saint-Barthélemy or Saint-Martin
 * Market operators
 * Central depositories and managers of financial instrument settlement and delivery systems
 * Financial investment advisors
 * Intermediaries acting on behalf of third-party owners of financial securities
 * Portfolio management companies for investment services
 * Portfolio management companies and management companies for the marketing of units or shares of collective investment schemes, whether or not they manage them
 * Manual currency exchangers
 * Individuals or legal entities who, habitually, engage in transactions involving third-party real estate
 * Legal representatives and managers are responsible for casinos and associations, clubs, and companies organizing gambling, lotteries, bets, sports, or horse racing predictions
 * Individuals engaging habitually in the trade or organization of the sale of gemstones, precious materials, antiques, and works of art
 * Companies providing payment banking services, exempted from approval by the Prudential Supervisory Authority
 * Chartered accountants and employees authorized to practice the profession of chartered accountant
 * Lawyers at the Conseil d'État and the Court of Cassation, lawyers, avoués near the courts of appeal
 * Notaries
 * Bailiffs
 * Judicial administrators and judicial agents
 * Judicial auctioneers
 * Companies conducting voluntary sales of furniture at public auctions
 * Individuals engaging in domiciliation activities

Penalties incurred in case of non-compliance with regulations
The fourth AML/CFT directive provides, in the event of serious, repetitive, or systematic breaches by the obligated entities, obligations regarding customer due diligence, suspicious transaction report, data retention, and provisions related to internal control:


 * For credit and financial institutions, a ceiling of at least 5 million euros or 10% of annual turnover is set for legal entities and a ceiling of at least 5 million euros for natural persons;
 * The fourth directive does not limit the financial penalty to the directors of financial institutions but also extends it to individuals responsible for regulatory breaches (such as the person in charge of the AML/CFT system or compliance).

The risk-based approach
The 3rd Anti-Money Laundering Directive 2005/60/EC of October 26, 2005, was transposed by Ordinance 2009-104 of January 30, 2009, abandoning the threshold-based approach to due diligence for a graduated approach based on the actual risk of money laundering.

This "risk-based approach" was advocated by professionals in the banking sector (especially Anglo-Saxon) with the aim of "concentrating resources where they are most needed."

The due diligence principle is thus adjusted to take into account the various money laundering and terrorist financing risks presented by the customer, the product, or its distribution method.

These obligations of due diligence are set forth by Articles L. 561-5 to -10-2 of the aforementioned ordinance and Articles R. 561-5 and -6 of the September 2, 2009 decree.

The professional must implement its due diligence obligations regularly in such a way as to adjust its behavior according to this new risk-based approach. There are thus three levels of due diligence, depending on which the approach will be more or less accentuated in terms of procedures (simplified, standard, enhanced).

Simplified due diligence
This due diligence level, which is justified by the existence of low risk in the business relationship, results in a limitation of the obligations of the obligated party regarding a category of customers and transactions. When the risk of money laundering is low, due diligence is carried out in a simplified manner both in terms of customer identification and transactions conducted. This assessment of the risk of money laundering can be based on various criteria such as the customer, the product, or its method of marketing.

Article R561-15 of the CMF (derived from Decree No. 2009/1087 of September 2, 2009) specifies the conditions for the application of these simplified control measures and sets out cases presenting a low-risk of money laundering and terrorism financing, particularly when the customer or the "beneficial owner" is:


 * A financial institution established in a Member State of the European Union;
 * A listed company whose securities are admitted to trading on at least one regulated market in France or in a State party to the agreement on the European Economic Area;
 * A public authority, a public body.

Article R561-16 of the aforementioned text sets out the cases of products for which these simplified due diligence measures will be implemented, including:


 * Digital currency with a maximum capacity of the device of 250 euros in case of impossibility to recharge and 2,500 euros in the opposite case;
 * Employee savings plans.

These exemptions provided for in the texts require the obliged entities to collect the necessary information to establish that the customer meets the required conditions.

In the field of insurance, this case of simplified due diligence is provided for by the decree of November 10, 2009 (JORF No. 0264 of November 14, 2009).

Normal due diligence
This due diligence level corresponds to a medium risk, and therefore to the majority of customers. It requires applying the following principles:


 * Regular and occasional customers' identification based on reliable documents
 * Assessment of the nature and purpose of the intended business relationship
 * Regular monitoring of the business relationship, including updating information
 * Ultimate beneficial owners identification

Enhanced due diligence
When the risk of money laundering and terrorist financing presented by a customer, product, or transaction appears high to them, the obligated entities must strengthen the intensity of the measures provided for in Articles L561-5 and L561-6.

These strengthened due diligence measures provided for in Articles L561-10-1 and L561-10-2 of the CMF are applicable particularly in the following situations:


 * In the case of cross-border correspondent banking relationships or business relationships for the distribution of financial instruments with a financial institution located in a country outside the European Union, or which is not a party to the agreement on the European Economic Area (Article L561-10-1), specific measures (provided for in Article R561-21 of the CMF) must be adopted by the obligated entity, including gathering information about the contracting establishment regarding the nature of its activities, its reputation, and the quality of the supervision it is subject to.
 * The operation is atypical: lacking economic justification, having no legitimate purpose, being complex, or involving an unusually high amount (Article L561-10-2).
 * In this case, obligated entities must inquire with the customer about the origin of the funds and the destination of these sums, as well as the purpose of the operation and the identity of the beneficiary.

Outside of these precisely defined provisions, institutions may establish their risk management policy and adjust their controls based on the nature of the risk.

As part of the checks conducted by the French Prudential Supervision and Resolution Authority (ACPR) of the Bank of France, the entities must be able to justify the nature of the measures implemented within the scope of their risk-based approach.

This approach is implemented in practice through the adoption of a risk mapping, relying on an analysis of business processes that is cross-referenced with an operational risks typology.

Customer knowledge
Customer knowledge is one of the pillars of anti-money laundering efforts, as a thorough understanding of the customer base allows for the atypical transaction detection that may be linked to illicit activities and enables the reporting of suspicious activities. Customer knowledge primarily relies, before establishing a relationship, on identification and verification (identity, address, activity, etc.) through any credible documentation, on gathering information related to the purpose and nature of the relationship, and more generally, on the intended the account operation to determine the customer's risk profile.

The ordinance therefore imposes on a set of entities mentioned in Article L.561-2 of the CMF a duty of due diligence towards its clientele.

This obligation consists in knowing the customer. This principle is recognized internationally under the designation KYC (Know Your Customer). The professional must therefore ensure, before entering into a business relationship (Article L.561-6 para.1 of the CMF), and throughout the business relationship (Article L.561-6 para.2 of the CMF), the compliance of the information regarding the knowledge of its customer or, if applicable, that of the beneficial owner.

Business relationship establishment
Article L.561-5 of the CMF provides that before entering into a business relationship or assisting the customer in preparing or carrying out a transaction, financial institutions must identify their customer and, if applicable, the beneficial owner of the business relationship through appropriate means. In addition, they must verify these identification elements upon presentation of any probative written document. The customer notion must then be understood in the broadest possible sense (a natural or legal person, industrial, commercial, or service company, guarantors, intermediaries, management companies, correspondent banks, etc.).

A business relationship is established when a qualified professional initiates a professional or commercial relationship that is supposed, at the time the contact is established, to last for a certain duration (Article L.561-2-1 CMF).

The establishment is therefore required to identify its customer or beneficial owner before entering into a business relationship by collecting all information related to the purpose and nature of this relationship, as well as any other relevant customer information.

Customer or beneficial owner identification
The "beneficial owner" is defined in Article L.561-2-2 of the CMF as "natural person(s)”:

1° those who ultimately control, directly or indirectly, the customer,

2° or for whom an operation is carried out or an activity is conducted.

A decree by the Council of State specifies the definition and the methods of determining the beneficial owner.

The decree of September 2, 2009, specifies through Article R.561-1 of the CMF that the beneficial owner is the person who ultimately benefits from the transaction. This person must be a natural person who directly or indirectly holds at least 25% of the capital or voting rights of the company, or a person holding control, administrative, or managerial power over the company or the general assembly of management.

When it comes to a natural person, the institution must verify the identity and powers of the individuals acting on behalf of that person:


 * The customer or the beneficial owner must present a valid official document containing a photograph. The financial institution must then verify the name, first name, date and place of birth, date, and place of issue of the document, as well as the authority that issued the document.
 * Customer knowledge must allow for the identification of the customer's resources, so it is also necessary to know their economic situation. Regarding the economic situation of the customer or the beneficial owner, the financial institution must obtain proof of the current address at the time the information is collected, the current professional activities, any information allowing the assessment of assets, income, or any other information allowing the estimation of other resources.

These elements allow for the analysis of the customer's economic transactions in concrete terms to determine if they correspond to the customer's economic capacity or, conversely, if they exhibit suspicious characteristics. Certain attributes of the customer appear to have significant consequences on the risk of the relationship. This is the case when the customer is a politically exposed person (hereinafter 'PEP').

The text also specifies that all relevant information must be gathered about the customer. Information regarding the analysis of their economic, financial, and legal environment, as well as their reputation, are essential elements to obtain a better customer understanding.

In some cases, this customer knowledge is considered automatically satisfied. Therefore, due diligences are waived.

Article L.561-9, paragraph II of the CMF provides for an exemption from customer knowledge obligations under certain conditions exhaustively detailed in the implementing decree of September 2, 2009:


 * This is the case when the entities subject to this regulation have their registered office in France, in another Member State of the European Union or the European Economic Area (hereinafter referred to as the "EEA"), or in another country imposing obligations equivalent to ours in the fight against money laundering and terrorist financing;
 * The same applies to subsidiaries with their parent company in the global regions mentioned above if they validate the knowledge of the beneficial owner of the transaction, as well as for all other entities authorized by the competent authority of a Member State of the European Union, the EEA, or a state with equivalent obligations.

Before the business relationship even begins, the financial institution must exercise "standard" due diligences, consisting of subjecting the customer to constant monitoring. Certain pre-established information allows classifying this customer into low, medium, or high-risk categories.

The 4th European directive of May 20, 2015, transposed into French law through ordinance no. 2016-1635 of December 1, 2016, requires the establishment, in all EU countries, of "registers of beneficial owners" (also called ultimate owners of companies, referring to any person directly or indirectly owning more than 25% of the capital or voting rights). These registers must be accessible, including to the public. The document, to be filed with the commercial court registry and placed as an annex to the RCS, must ( starting from August 1, 2017, for new companies and from April 1, 2018, for existing ones) include a list mentioning, for each customer for whom a transaction is carried out, the name, first name, date and place of birth, nationality, personal address of the beneficial owners, the date on which they became such, and the mode of control they exercise over the company (customer of the bank-insurance).

Relationship profile determination
Article L.561-6, paragraph I of the CMF specifies that the customer identification must include all information relating to the purpose and nature of the relationship as well as any other relevant customer information.

The decree of September 2, 2009, specifies that, as part of the knowledge of the business relationship, the financial institution must accurately identify the amount and nature of the planned transactions, the source of funds, the destination of funds, the economic justification declared by the customer, or the intended operation of the account.

The purpose and nature of the relationship, which must also be identified, are to be defined according to the transactions envisaged with the customer. Regarding the relationship nature, it will be necessary to analyze the type of operations requested by the customer.

In the presence of certain types of transactions, the financial institution must, according to these criteria, adopt a risk-based approach specific to its institution and specialties. Based on this risk matrix, it implements due diligence measures.

Transaction monitoring
The ordinance of January 30, 2009, distinguishes between two types of risk and three types of due diligence:


 * normal: for regular operations;
 * low: for low-risk situations;
 * complementary - enhanced: for situations with higher risk.

Low-risk: simplified due diligence
Article L.561-5 II of the CMF states: "Notwithstanding paragraph I, when the risk of money laundering or terrorist financing appears low and under conditions defined by decree of the Council of State, only the verification of the customer’s identity, and where applicable, that of the beneficial owner, may be carried out during the establishment of the business relationship."

The decree of September 2, 2009, relating to obligations of due diligence and reporting for the prevention of the use of the financial system for money laundering and terrorist financing, defines the conditions in Article R.561-15 of the CMF:


 * In consequence, banks and financial institutions represent a low risk, provided that these establishments are established in European or French territory. An entity established in a non-European Union country must implement an equivalent anti-money laundering system to be considered low-risk, hence the relevance of publishing AML/CFT questionnaires.
 * Furthermore, considered to represent low-risk is a listed company whose securities are admitted to trading on at least one regulated market in France or in a state party to the Agreement on the European Economic Area or in a third country imposing transparency requirements compatible with EU legislation, appearing on a list determined by the minister responsible for the economy. For example, a company listed on the CAC 40 could be considered low-risk.
 * The decree of September 2, 2009, also mentions several types of activities representing a low risk of money laundering. For example, we can mention life insurance contracts with an annual premium of less than €1,000, certain consumer credit operations, certain insurance operations, etc.
 * Finally, public authorities or public bodies whose identity is accessible to the public are also considered to present a low-risk of money laundering.

Special case of additional due diligence measures
Article L561-10 of the CMF states that additional due diligence measures regarding their clientele can be imposed on obligated entities in addition to the obligations already incumbent upon them and provided for in articles L. 561-5 and L. 561-6 of the CMF.

These additional measures must be implemented when:


 * the customer or the legal representative is not physically present during identification;
 * the customer is a politically exposed person;
 * the product or operation contemplated with the customer promotes anonymity;
 * the operation is conducted with a person from a country or territory listed by the Financial Action Task Force whose legislation or practices hinder the fight against money laundering and terrorist financing.

Politically Exposed Person
Article R.561-18 of the CMF, derived from the implementing decree of September 2, 2009, specifies that a politically exposed person is an individual "who is exposed to particular risks due to their functions," residing in a country other than France and who currently holds or has held, within the last year, one of the functions exhaustively listed in the aforementioned article.

The former political position of a PEP makes them susceptible to corruption. This is why it should be considered an alert situation if, for example, a German politically exposed person opens an account in another country, such as France. The prior identification of this status as a PEP necessitates the implementation of additional due diligence measures.

The financial institution must collect a certain number of documents:


 * For a corporate customer: it involves obtaining the official registry extract, the shareholders or executive officers' identity, knowing the justification for the registered office address, the articles of association, mandates and powers of the company, and any element allowing assessment of the financial situation.
 * For asset management structures without legal personality, trusts, or any other comparable legal arrangement under foreign law: a document justifying the distribution of rights over the capital or profits of the entity on behalf of which the opening of an account or the execution of an operation is requested.

The decree of September 2, 2009 specifies the nature of the additional measures to be implemented by the banking institution. In the situations listed above, the entities mentioned in Article L.561-2 of the CMF must:


 * obtain additional supporting documents to confirm the identity of the person with whom they are in a business relationship;
 * implement measures to verify and certify the copy of the official document or the extract from the official register mentioned in Article R.561-5 of the CMF by a third party independent of the person to be identified;
 * require that the initial payment of transactions be made from or to an account opened in the name of the customer with an entity subject to regulation established in a Member State of the European Union or in a State party to the EEA Agreement;
 * obtain confirmation of the customer's identity from a regulated entity established in a Member State of the European Union or in a State party to the EEA Agreement.

Finalement, les mesures complémentaires doivent être diligentées lorsque le client est une personne politiquement exposée, ou que cette personne ne peut clairement être identifiée. L’ordonnance prévoit également des mesures de vigilance renforcée.

High-risks: strengthened due diligence measures
The ordinance stipulates that strengthened due diligence measures must be applied when the risk of money laundering and terrorist financing presented by a customer, a product, or a transaction appears to be high.

When the transaction appears to be particularly complex or of an unusually high amount, or when it seems to lack economic justification or a legitimate purpose, strengthened due diligence measures must be applied. The same applies when financial institutions enter into an agreement to provide correspondent banking services, cashing or discounting checks, or establish a business relationship for the distribution of financial instruments. Strengthened due diligence measures consist of:


 * gathering sufficient information about the co-contracting institution to understand the nature of its activities and to assess, based on publicly available and usable information, its reputation and the quality of the surveillance it is subject to;
 * evaluating the anti-money laundering and counter-terrorism financing measures implemented by the co-contracting institution;
 * ensuring that the decision to establish a business relationship with the co-contracting institution is made by a member of the executive body or any person authorized for this purpose by the executive body;
 * including in the correspondent banking or financial instrument distribution agreement the modalities for transmitting information upon request by the subject institution.

Since situations presenting a medium risk of money laundering are not mentioned in the regulations, each financial institution will have to establish its own characteristics for these intermediate risk situations.

Monitoring the relationship: constant due diligence
Article L.561-6 of the CMF imposes on obligated entities a constant due diligence of customers throughout the relationship duration. This constant due diligence purpose is to ensure that the customer monitoring is appropriately adapted to the money laundering risk that the customer presents.

This obligation entails that obligated entities carefully scrutinize the transactions conducted by their customers, meaning they verify the consistency of these transactions with the customer's profile. This, therefore, presupposes an up-to-date understanding of the customer.

Article R.561-11 of the CMF requires obligated entities to carry out a new identification of their customer when they have "good reasons to believe" that the information obtained (regarding the customer's identity) at the start of the relationship is no longer accurate.

It is necessary to analyze any minor changes that may impact the assessment of the risk posed by the customer:


 * If the customer is a natural person: it is necessary to look for any changes in professional situation, salary, address, and verify that they have not become, during the business relationship, a politically exposed person;
 * If the customer is a legal entity: it is necessary to search for any changes in statutes, directors, shareholders, corporate purpose, countries of operation, etc., during the business relationship.

It is necessary to regularly update the knowledge that financial institutions have about their customers in order to apply appropriate due diligence measures. All collected information must be documented in writing and kept for a period of 5 years from the business relationship termination.

Prohibition to enter into a business relationship
Article L561-8 of the CMF provides for two cases of prohibition to enter into a business relationship:

When the obligated entity terminates the business relationship under the conditions of Article L.561-8 of the CMF, it is required to make a suspicious transaction report to TRACFIN if it suspects or has reasonable grounds to suspect money laundering or terrorist financing offenses.
 * When a financial intermediary is unable to identify its customer or obtain information about the purpose, nature, and business relationship, it cannot execute any transactions or establish or continue the business relationship.
 * If the financial intermediary has not been able to identify its customer or obtain information about the purpose and nature of the business relationship, yet the relationship has nevertheless been established (because the customer presented a low risk of money laundering), it must terminate it.

Obligation to report suspicious transactions
The new French system is based on a dual set of complementary obligations:


 * Due diligence obligations
 * Reporting obligations to TRACFIN

France has not opted for an automatic reporting system based exclusively on predefined objective criteria. Except for specific cases where the law mandates reporting in certain situations and conditions, the system relies on a case-by-case analysis of sums and transactions based on the profile of the business relationship and the risk classification established by the obligated entity.

Therefore, organizations must analyze their customer's situations based on updated information, then examine suspicions of money laundering before, if necessary, submitting a report to TRACFIN. The obligations for reporting suspicions are provided for in Article L.561-15 of the CMF.

=== Extending the scope of declarations === In terms of legal obligations in France, both national and European texts have continuously expanded the scope of professions subject to anti-money laundering measures and the obligation to report suspicions since 1990.

The obligated persons include: Regarding the underlying offenses of money laundering, over the past twenty years, the scope of the obligation to report suspicions to TRACFIN has been continually widened through various provisions.
 * Banks
 * Independent Wealth Management Advisors (CGPI) and Financial Investment Advisors (CIF)
 * Currency exchange offices
 * Casinos
 * Real estate intermediaries
 * Legal professions (notaries, judicial administrators, bailiffs, and lawyers)
 * Accountants
 * Statutory auditors

The final step is the transposition of the 3rd European Directive of October 26, 2005, into French law by the ordinance of January 30, 2009 (as well as by the decrees of July 16 and September 2, 2009, and by the orders of September 2 and October 29, 2009).

Article L.561-15 I of the CMF now requires professionals to report to TRACFIN any sums or transactions of which they "know, suspect, or have good reason to suspect that they come from an offense punishable by imprisonment for more than one year or contribute to the financing of terrorism."

Before the transposition of the 3rd European Directive, only five offenses constituted the scope of suspicious transaction report.

Currently, by subjecting the obligation to report suspicious transactions of money laundering to all crimes and offenses punishable by imprisonment for more than one year, the ordinance of January 30, 2009, targets almost the entire French Penal Code, except for misdemeanors, as in French law, most crimes and offenses are punishable by at least one year of imprisonment. In other words, the ordinance covers all financial crimes and offenses that could generate proceeds. For example, money laundering of offenses such as embezzlement, counterfeiting, fraud, and breach of trust is now covered. Furthermore, by introducing this provision, the ordinance of January 30, 2009, has created the obligation to report any suspicion of money laundering stemming from tax fraud.

Declaration for tax fraud
Ordinance No. 2009-104 of January 30, 2009, extended the suspicious transaction report to sums or operations that could stem from any offense punishable by imprisonment of more than one year or that could contribute to the financing of terrorist activities. The scope of the suspicious transaction report now covers tax fraud, punishable in France by up to five years imprisonment and a fine of €37,500.

According to Article 1741 of the General Tax Code, a person is guilty of tax fraud when they have evaded or attempted to evade taxes fraudulently.

The tax fraud crime can therefore be constituted by:


 * Failure to declare income;
 * Concealment of taxable sums;
 * Organizing insolvency or maneuvers obstructing tax recovery;
 * Accounting irregularities.

There are typologies of particularly complex tax frauds that have been detailed by the Banking Commission and TRACFIN in their joint guidelines, published in December 2009.

Given the complexity of this fraud, the ordinance also provides for assisting professionals in detecting this offense by establishing criteria defined by decree.

These mentioned criteria are alternative, which implies that the obligated establishments are required to report to TRACFIN any transaction meeting at least one of them when they suspect tax fraud. The elements of analysis that led to selecting at least one of the criteria must be included in the report.

The 16 criteria used to qualify tax fraud can be classified into five categories:


 * Form indicators;
 * Financial indicators (atypical use of the bank account);
 * Indicators related to the customer's activity;
 * Interposition indicators;
 * International operations.

=== Declaration at the end of the enhanced examination === Financial institutions are required to conduct enhanced scrutiny of any particularly complex transaction or one of unusually high value or that does not appear to have an economic justification or lawful purpose. Thus, when the unusual nature of the transaction has been determined, the declarant must undertake an individualized and thorough analysis: it must inquire with the customer about the origin and destination of the funds, and inquire about the purpose of the transaction and the identity of the beneficiary. In this regard, financial institutions are required to establish internal procedures regarding the information to be collected and retained as part of this enhanced scrutiny. To assist professionals in implementing these procedures, the Financial Markets Authority has established a non-exhaustive list of relevant elements to be collected and retained:

If, following the enhanced examination and its individualized and thorough analysis, the declarant has not been able to dispel suspicion regarding the transaction, it must then submit a report to TRACFIN. Therefore, it is not an automatic or systematic suspicious transaction report for unusual transactions: the report must only be made after a comprehensive analysis that does not dispel suspicion.
 * the amount, origin, and destination of the funds, and the individuals involved in the transaction in terms of remuneration;
 * the identity of the instructing party as well as the ultimate beneficiaries of the transaction;
 * the purpose of the transaction, its characteristics, and the methods of its execution;
 * the consistency of the information gathered.

Report on trusts and fiduciaries
Trusts and fiduciaries are institutions originating from Anglo-Saxon law, resulting from an act by which one person (the settlor) transfers ownership of a property (or a set of properties) to another person (the trustee). The trustee undertakes to manage the property or properties in the interest of a third party (the beneficiary).

The structure of trusts and fiduciaries, by its very nature, often makes it difficult to identify the ultimate beneficiaries of the operation, meaning the individuals who directly or indirectly hold 25% of the capital of a company or voting rights.

Financial institutions must therefore undertake the necessary due diligence to identify the instructing party, the ultimate beneficiary, or the settlor of a trust fund or any other asset management instrument. They must systematically file a suspicious activity report if the ultimate beneficiaries of the transaction have not been identified or if there is doubt about their identity.

Supplementary report
Article L.561-15 V of the CMF requires professionals to promptly inform TRACFIN of any information that may confirm, refute, or modify the elements contained in an initial report, such as the characteristics of the reported transactions or any information related to the knowledge of the business relationship. However, when professionals suspect the financial flows of a customer whose transactions have been reported within a short period, submitting a supplementary report to TRACFIN can only occur if the new transactions involve significant amounts.

In consequence, for example, this applies to a transaction within a short timeframe where the cumulative amounts are at least equivalent to those previously reported. This transaction type confirms the assessment made by the organization to TRACFIN in the initial suspicious transaction report.

Report following a business relationship termination
When a financial institution cannot identify its customer or obtain information about the purpose and nature of the business relationship, it must not carry out any transactions and must not establish or continue the business relationship. If the business relationship is already established, it must be terminated.

If a financial institution terminates its business relationship with a customer in this way, it is required to file a suspicious transaction report.

In consequence, after terminating the business relationship, the financial institution must systematically examine the possibility of making a report. There is no systematic reporting in the event of a business relationship termination: it is upon an individualized analysis, an in concreto assessment of the situation, that the financial institution must determine whether or not to make a suspicious transaction report based on an examination conducted from the information available to it.

Written suspicious transaction report
It is drafted in a form available on the TRACFIN website. The declarant must mention the legal or regulatory provision that led to the report. The use of such a form allows for quick and automated processing. TéléDS enables the direct completion of the form on the TRACFIN website and the simultaneous downloading of supporting documents.

Verbal report
The report can also be verbal, as provided by articles L.561-18 and R.561-31 of the French Monetary and Financial Code. However, this option is strictly limited to cases where the circumstances of the preparation or execution of an operation require it. The declarant must then go to TRACFIN's premises with supporting documents for the report.

Content of the report
Regardless of the form of the declaration, article R.561-31 I of the CMF requires, for its exploitation by TRACFIN, that it mention the identification and knowledge elements of the customer and the beneficial owner if applicable, the purpose and nature of the relationship, the details of the operations concerned, as well as all the analysis elements that led the declaring institution to enter into a relationship with the reported person. Regarding specifically the suspicion reports for tax fraud, all the elements that led to the selection of tax fraud criteria, among the list of 16 criteria defined by decree no. 2009-874 of July 16, 2009, must be specified. All relevant supporting documents and evidence must be attached to the declaration for its exploitation by TRACFIN.

The declarant may provide TRACFIN with additional information in a second report, both to confirm or refute their initial suspicions (see "Supplementary Declaration").

Quality of suspicious transaction report
A deficiency can affect the suspicious transaction report quality and render it unusable: this could include inadequacies in the quality of writing (lack of clarity, lack of conciseness, unnecessary details, or neglecting certain key sections of the declaration form), or a misunderstanding of the suspicion.

Reporting deadlines
Article L. 561-16, paragraph 1 of the CMF explicitly establishes the principle of suspicious transaction report prior to the execution of the transaction in order, if necessary, to allow TRACFIN to exercise its opposition right.

The professional must therefore refrain from carrying out any operation which he suspects is related to money laundering or terrorist financing. Article L. 561-16, paragraph 2 of the CMF provides, by way of exception, that the report may concern operations already executed in 3 cases:


 * when it was impossible to suspend their execution;
 * when their postponement could have harmed ongoing investigations;
 * if the suspicion arose after the completion of the operation in question

In these cases, the professional must analyze the facts leading to the suspicions, and when this analysis confirms the suspicion, they must submit the declaration without delay. Declarants must ensure not to unnecessarily lengthen the time between the discovery of the first suspicious transaction and the submission of a declaration to TRACFIN. Noting the duality emerging from the texts is relevant since they advocate for a priori report, while in practice, the report occurs a posteriori. Moreover, in retail banking, the customer has access to their account and operates it independently. Thus, it is often the general operation of an account or a series of transactions that raises red flags and warrant a declaration. However, there are still a few rare transactions that are reported as such.

Retention of documents related to the reports made
The following documents related to suspicion reports must be retained for five years following the termination of the business relationship concerned:


 * Copy of the suspicious transaction report and, if applicable, the attached documents; in the case of an oral report, copy of the documents transmitted, if any, to TRACFIN;
 * Retention of the declarant's name and the date of the report;
 * Acknowledgment of receipt of the report, if applicable.

N.B: Following Article 6 of the law of January 6, 1978, relating to data processing, files, and freedoms, the documents relating to suspicion reports that are retained cannot be used for a purpose other than that for which they were collected, nor kept for a duration exceeding the time necessary for the purposes for which they were collected and processed.

Confidentiality of the suspicious transaction report
The confidentiality of the suspicious transaction report has several aspects. Firstly, the existence, content, and outcomes of the report cannot be disclosed. Violation of this secrecy is punishable by a fine of €22,500, according to Article L. 574-1 of the CMF. An exception to this would be if a lawyer dissuaded their customer from participating in illegal activities.

The judicial authority, however, may have access to this report when TRACFIN informs the public prosecutor. To protect the declarants, this act will not be included in the court records. The judicial authority will also have access to the suspicious transaction report upon requisition from TRACFIN, to hold accountable the persons subject to this reporting obligation, their executives, or their employees when they are suspected of being involved in the money laundering and terrorism financing mechanisms they have revealed.

Under Article L. 561-29 of the CMF, TRACFIN may also disclose information to the following French authorities:


 * Customs authorities
 * Judicial police services
 * Intelligence services
 * Tax authorities

Communication of suspicious activity reports within establishment groups
Entities subject to reporting obligations, belonging to the same group, network, or professional structure, may be informed of the existence and content of a report through exchange procedures they must establish. In very particular cases, especially for the same transaction involving the same customer, such exchange may occur between companies not belonging to the same group. However, these entities must still be subject to equivalent confidentiality obligations and must have an establishment located in a European Union member state or an equivalent third country.

Exoneration of criminal liability for the suspicious transaction report
Article L. 561-22 5° of the CMF provides for an exemption from criminal liability for money laundering offenses.

The professional may exempt himself from criminal liability by meeting two cumulative conditions:


 * compliance with the general conditions of validity of the suspicious transaction report, as set out in articles L. 561-16 and L. 561-25 of the CMF;
 * the absence of "fraudulent collusion" between the declarant and TRACFIN and the suspected person.

Although the concept of "fraudulent collusion" is not legally or regulatory defined, parliamentary deliberations on the law of July 12, 1990 indicate that it involves a secret agreement between several people whose aim is to deceive one or more other people.

FATF
The Financial Action Task Force (FATF) is an intergovernmental organization established in 1989. Its objective is to develop standards and to promote effective implementation of legislative, regulatory, and operational measures. Therefore, it is a policy-making body.

The FATF has developed a series of recommendations recognized as the international standard for AML/CFT. They form the basis of a coordinated response to these threats to the integrity of the financial system. They also contribute to the harmonization of rules globally. These FATF Recommendations have been revised in 1996, 2001, 2003, and 2012. As such, they remain current and relevant.

TRACFIN introduction
Established by Law No. 90-614 on July 12, 1990, following the G7 Summit at La Grande Arche (July 1989), TRACFIN (Intelligence Processing and Action Against Clandestine Financial Circuits in English) contributes to the growing concern for combating money laundering and developing a healthy economy.

Originally a financial intelligence coordination unit within the General Directorate of Customs, TRACFIN became a national competence service by Decree No. 2006-1541 of December 6, 2006, and gained its direction. The TRACFIN unit operates under the auspices of the Ministry of Economy, Finance, Industry, and Employment, as well as under the minister responsible for Budget, Public Accounts, Public Service, and State Reform.

The legislator has entrusted the national financial intelligence unit with three main missions:


 * Receiving and protecting information on underground financial networks and operations that could be intended for financing terrorism and money laundering;
 * Analyzing and enhancing financial information received under articles L.561-26, L.561-27, and L. 561-31 of the CMF;
 * Transmitting financial intelligence to judicial authorities, judicial police services, customs and tax authorities, and specialized intelligence services.

TRACFIN's role is therefore to collect, analyze, and enhance the reports issued by the obligated professionals. TRACFIN, whose powers were defined by Law No. 90-614 of July 12, 1990, is an administrative investigation service whose action is upstream of the judicial phase. Indeed, TRACFIN is alerted by the entities subject to the system to financial transactions considered atypical by them.

The unit is therefore tasked with cross-referencing data following suspicion reports mainly from financial institutions. The effectiveness of the system relies primarily on the unique partnership between an administrative unit and financial entities. Indeed, according to the 2008 annual report, out of the 14,565 received reports, 1,171 were in dematerialized form:


 * 79% of reports are made by banks and credit institutions;
 * 10% by manual currency exchangers;
 * 5% by insurance companies;
 * 2% by notaries;
 * 4% by professions that remain marginal (accountants, auditors, judicial administrators and trustees, auctioneers, and auction companies).

TRACFIN powers
To carry out cross-referencing of financial information on reported operations, TRACFIN has various powers strictly regulated by law:


 * The right to request information: For the exploitation of the reported suspicions sent to it, TRACFIN has the right to ask the financial institution to transmit, within a certain period, documents regardless of the medium, related to the operation or the person designated in the report.
 * The right to access: Since ordinance no. 2009-104 of January 30, 2009, TRACFIN can directly obtain documents by going to the premises of financial institutions subject to the anti-money laundering system.

However, these two prerogatives remain subject to certain restrictions regarding certain professions (lawyers, solicitors, etc.), as the Bar Council or the president of the company must give their approval when communicating or seizing documents unless the lawyer is acting in a fiduciary capacity.

This ability was not provided for by the New Economic Regulation Law of 2001, which had limited this possibility to only state administrations, local authorities, regulatory authorities, public establishments, and organizations mentioned in Article L.134-1 of the Code of Financial Jurisdictions. The addition of new interlocutors as diverse as the URSSAF, professional unions, or sports leagues, often holders of information related to suspicious legal structures, will allow TRACFIN to obtain much more targeted and precise information effectively.
 * The right to object: TRACFIN can block a transaction that has not yet been executed for one working day from the receipt of the report. This prerogative, unique in French law, proves to be delicate to implement as the organization that made the suspicious transaction report must not inform its customer of the declaration made and must justify the blocking of the transaction. Any unnecessary blocking may result in the liability of the State.
 * Requests for information exchange: This right to exchange information is carried out both with French units and foreign units performing activities similar to those of TRACFIN. Regarding the exchange of information with national administrations, since the 2009 ordinance, TRACFIN can exchange information with individuals tasked with a public service mission.

ACPR introduction
The ACPR is an institution integrated into the Bank of France, responsible for supervising the activities of banks and insurance companies in France. It was founded in January 2010 by Ordinance No. 2010-76.

It is responsible for ensuring compliance by the entities subject to AML/CFT obligations and, in this capacity, conducts both document-based and on-site inspections.

Egmont Group
In addition to the tools provided by the legislature, TRACFIN participates in the Egmont Group, an informal forum established in Brussels. Its main objective is to enhance international cooperation among various anti-money laundering units, particularly by improving the exchange of information among its members and pooling their expertise. Among the achievements of the forum is the development of a standard bilateral agreement facilitating cooperation between different financial intelligence units, the regular exchange of personnel between these units, including through an internet-based information exchange system, and the regular organization of regional training workshops

This forum, independent of police, judicial, or diplomatic structures, facilitates the implementation of concrete solutions to address the daily challenges of anti-money laundering efforts. By circumventing, if necessary, the constraints and bureaucratic hurdles associated with initiating judicial cooperation procedures, information flow becomes more agile, enhancing the responsiveness of these intelligence-gathering units. As of last November 30, the number of financial intelligence units recognized by the Egmont Group stood at 58 units established worldwide.

Summary of International Cooperation
Despite being a constant capability, this exchange facility remains vastly underutilized. In 2008, the service only made 957 requests for information to its foreign counterparts, mainly located in the EU, and received 951 requests from its foreign counterparts, 93% of which came from European counterparts. This exchange possibility is further limited in that it can only be used to reconstruct, following a declaration, transactions carried out by a natural or legal person, or to inform foreign financial intelligence units.

Towards an increase in the number of cases referred to the courts
The judicial authority is the natural recipient of the information gathered by TRACFIN. Based on all the received declarations, a thorough analysis is conducted. If TRACFIN has the necessary elements suggesting that an offense has been committed, it can refer the case to the competent Public Prosecutor.

According to the 2008 annual report, out of the 359 declarations forwarded to the judiciary:

These declarations pertain to: Outside of the processing of forwarded cases, it is now customary for the most sensitive cases to be subject to preliminary contacts before being transmitted to the judiciary. As for the convictions handed down for money laundering offenses, the Ministry of Justice is responsible for communicating the exact number and nature of these. TRACFIN indeed has the right to know the outcome of the transmissions made to the Judiciary and to inform the reporting institutions about the fate of the declaration they have made.
 * 85% of the declarations forwarded to the judiciary originate from the banking sector;
 * 6% from the gaming sector;
 * 3% from the real estate sector;
 * 6% from other sectors combined.
 * 50% primary offenses;
 * 26% concealment;
 * 13% placement;
 * 10% integration;
 * 1% terrorism.

Possibility of communication between TRACFIN and the tax administration
Since February 1, 2009, the tax administration has the right to access information held by TRACFIN, as provided by Article L.561-29 of the CMF. The unit therefore transmits information to the tax administration on facts that may constitute the offense of tax fraud or money laundering from the proceeds of such offense. The tax administration can then use this information for the exercise of its missions, including both tax control and criminal repression. To ensure better efficiency of this collaboration, officials from the tax administration provide accounting and tax expertise on money laundering schemes within TRACFIN.