Show commissioning of third parties with internal security measures

Service Description

As an obliged entity or obligated party under money laundering law, you must create appropriate business and customer-related internal security measures to manage and mitigate the risks of money laundering and terrorist financing through suitable principles, procedures and controls.

You can also transfer the implementation of internal security measures to a third party within the framework of contractual agreements. However, you must first notify the competent supervisory authority of the intended outsourcing. The Money Laundering Act contains standard examples of the security measures to be put in place. This list is not exhaustive. Further internal security measures may be required in individual cases. The internal security measures also require the approval of the member of management responsible for money laundering prevention in your company.

As the obligated party, you may have the internal security measures carried out by an (external) third party within the framework of contractual agreements if you have notified the supervisory authority in advance. The supervisory authority may prohibit the transfer if

  • the third party does not guarantee that the security measures will be carried out properly.
  • the control options of the obligated party are impaired or
  • supervision by the supervisory authority is impaired.

For you as the obligated party, this means that you must state in your notification that the conditions for prohibiting the transfer are not met.

You must also state in the notification which internal security measures are the subject of the outsourcing

The notification must be made by the obliged entity itself or, if applicable, by the appointed money laundering officer.

Important note:

The responsibility for the fulfillment of the internal security measures remains with the obliged entities. If the third party does not properly fulfill the contractually assigned obligations, for example, you remain responsible for non-compliance with the internal security measures.

Source: Zuständigkeitsfinder Thüringen (Linie6PLus)

No competent authority found