Service Finder
Show commissioning of third parties with internal security measures
Service Description
As an obliged entity or obligated party under money laundering law, you must create appropriate business and customer-related internal security measures to manage and mitigate the risks of money laundering and terrorist financing through suitable principles, procedures and controls.
You can also transfer the implementation of internal security measures to a third party within the framework of contractual agreements. However, you must first notify the competent supervisory authority of the intended outsourcing. The Money Laundering Act contains standard examples of the security measures to be put in place. This list is not exhaustive. Further internal security measures may be required in individual cases. The internal security measures also require the approval of the member of management responsible for money laundering prevention in your company.
As the obligated party, you may have the internal security measures carried out by an (external) third party within the framework of contractual agreements if you have notified the supervisory authority in advance. The supervisory authority may prohibit the transfer if
- the third party does not guarantee that the security measures will be carried out properly.
- the control options of the obligated party are impaired or
- supervision by the supervisory authority is impaired.
For you as the obligated party, this means that you must state in your notification that the conditions for prohibiting the transfer are not met.
You must also state in the notification which internal security measures are the subject of the outsourcing
The notification must be made by the obliged entity itself or, if applicable, by the appointed money laundering officer.
Important note:
The responsibility for the fulfillment of the internal security measures remains with the obliged entities. If the third party does not properly fulfill the contractually assigned obligations, for example, you remain responsible for non-compliance with the internal security measures.
Process flow
- The notification must be submitted to the competent supervisory authority by the obliged entity itself or, if applicable, by the appointed money laundering officer
- Your notification will be reviewed by the competent authority
- You will receive a final notification
- After notification, the internal security measures can be carried out by a third party; prior approval from the authority is not required.
- The supervisory authority may prohibit the transfer to a third party if
- the third party does not guarantee that the security measures will be carried out properly,
- the control options of the obligated party are impaired as a result, or
- supervision by the supervisory authority is impaired
Requirements
Obliged parties under the Money Laundering Act
- Only natural or legal persons who are obligated parties under the Money Laundering Act are entitled to make a report.
- The reporting person must be a member of management or an internal/external money laundering officer or an internal/external money laundering officer of the company.
The third party must be sufficiently qualified and reliable to carry out the internal security measures:
- be sufficiently qualified and reliable, provide assurance that the safeguards are properly implemented and
- the outsourcing must not impair the control options of the obliged entity and the supervision of the supervisory authority.
Which documents are required?
- Notification of the outsourcing of internal security measures
- The notification must clearly state which internal security measures are to be outsourced.
- In addition, the notification of outsourcing must state in full and in writing that all requirements have been met and that there are no grounds for prohibiting the intended outsourcing.
- Proof of authorization to notify
- Proof of appointment as money laundering officer or money laundering officer or
- Contract on the outsourcing of internal security measures or
- Proof that the reporting person is a member of the company's management (e.g. extract from the commercial register or shareholders' agreement)
- Contract with the third party
- Copy of the contractual agreement with the third party to whom the security measures are to be outsourced.
- Current excerpt from the commercial register, if applicable
- Registered companies should submit a current excerpt from the commercial register with the notification. Legal entities in the process of being established (GmbH, AG) must submit the articles of association.
- Note: The authority may require proof of the service provider's suitability - this could be, for example, CVs, training certificates or references that explicitly refer to obligations and experience under money laundering law.
What are the fees?
none
What deadlines do I have to pay attention to?
- Notification of the outsourcing of internal security measures must be made prior to outsourcing
- after notification, the internal security measures can be implemented; prior approval by the authority is not required
Legal basis
§ Section 6 (1) of the Money Laundering Act (GwG) for the basic obligation to take security measures
§ Section 6 (7) GwG regarding the obligation to report outsourcing
Appeal
- Forms: yes
- Online procedure possible: no
- Written form required: no
- Personal appearance required: no
Author
The text was automatically translated based on the German content.
Source: Zuständigkeitsfinder Thüringen (Linie6Plus)
No competent authority found
Please enter your location.