77 officer roles, all coveredArt. 33 GDPR, 72 hours to report a breach93 controls under ISO/IEC 27001:2022905 ready-to-run audit templates in the workspace§ 130 OWiG, supervisory duty of the management boardOfficer appointment letter, signed, filed, evidencedOne workspace for tasks, trainings, audits, documentationDIN 14095 fire protection plans, standardisedEU AI Act, the first horizontal AI regulation worldwide77 officer roles, all coveredArt. 33 GDPR, 72 hours to report a breach93 controls under ISO/IEC 27001:2022905 ready-to-run audit templates in the workspace§ 130 OWiG, supervisory duty of the management boardOfficer appointment letter, signed, filed, evidencedOne workspace for tasks, trainings, audits, documentationDIN 14095 fire protection plans, standardisedEU AI Act, the first horizontal AI regulation worldwide
Money laundering prevention: What Section 7 GwG really requires of medium-sized businesses
Anti-Money Laundering

Money laundering prevention: What Section 7 GwG really requires of medium-sized businesses

15 June 202612 min readBy Dr. Henrik Bauer
CIVAC

The Money Laundering Act covers far more companies than most management assume. Anyone who is obliged according to Section 2 of the GwG must have an appointed person in accordance with Section 7 of the GwG, due diligence obligations in accordance with Section 10 of the GwG and a suspicious transaction report to the FIU. Audit proof, documented.

The Money Laundering Act (AMLA) in the version dated June 23, 2017 with numerous later amendments (most recently through the Financial Crimes Combating Act) has significantly expanded the circle of those obliged to do so in recent years. Section 2 GwG covers not only banks and insurance companies, but also real estate agents, goods dealers for cash transactions over 10,000 euros, lawyers, tax advisors and art dealers. Many of these companies are formally aware of the obligation, but do not know the operational consequences.

This article explains the central MLA obligations, the role of the money laundering officer according to Section 7 GwG, the due diligence obligations according to Section 10 ff. GwG and the reporting path to the Financial Intelligence Unit (FIU). It describes how these obligations can be mapped in a workspace in an audit-proof manner and what fines can be imposed in the event of violations. You will receive a structured overview for classifying your own obligations and for discussions with supervisors and auditors.

Key Takeaways

  • Section 2 of the GwG covers banks, insurance companies, real estate agents, goods dealers with cash over 10,000 euros, lawyers, tax advisors and art dealers as obligated parties.
  • Section 7 of the GwG requires the appointment of a money laundering officer and a deputy who report directly to management.
  • According to Section 56 of the GwG, violations are punished with fines of up to 150,000 euros per violation and, for banks, up to 5 million euros or 10 percent of turnover.

Who is obliged according to Section 2 GwG?

Section 2 Paragraph 1 GwG lists 16 groups of obligated parties. These include credit institutions (No. 1), financial services institutions (No. 2), insurance companies with life and accident insurance (No. 6), capital management companies (No. 9), lawyers and notaries in certain mandate cases (No. 10), tax advisors and auditors (No. 12), real estate agents (No. 14), goods dealers in cash transactions from 10,000 euros (No. 16) as well Art and antique dealers.

The thresholds have fallen significantly since the Fourth and Fifth Money Laundering Directives. Anyone who accepts cash payments over 10,000 euros in goods trading is a liable party. Anyone who works as a real estate agent has no threshold. This expansion catches many medium-sized companies unprepared because they do not see themselves as financial service providers.

Supervision is distributed. BaFin monitors banks, insurance companies and financial service providers. The states are responsible for the non-financial sector, in practice the district governments or regional councils. Auditors and tax advisors are supervised by their chambers. An initial mandatory check in the company clarifies whether and under which number the obligation exists. This check is the basis for all further steps and should be carried out by the Money Laundering Officer or an external consultant.

Risk analysis according to Section 5 GwG

§ 5 GwG obliges every company to carry out and document a risk analysis. The risk analysis looks at the business activities, the customer structure, the products, the sales channels and the geographical distribution. It evaluates the constellations in which there is an increased risk of money laundering and derives the internal security measures from this.

A reliable risk analysis is not a two-page mandatory declaration, but a structured assessment with specific risk factors and an update frequency. Updates are usual at least annually or when there are significant business changes. Supervisors check the risk analysis first because it is the basis for all further measures.

The methodology is based on the interpretation guidelines from BaFin and the district governments. It typically includes a heatmap with risk factors on one axis and risk categories (low, medium, high) on the other. The due diligence obligations in accordance with Section 10 GwG (general), Section 14 GwG (simplified) or Section 15 GwG (strengthened) are derived from this. A compliance platform with Officer-as-a-Service keeps the risk analysis versioned and documents every update in an audit-proof manner.

Duties of care towards customers

§ 10 para. 1 GwG defines the general due diligence obligations: identification of the contractual partner, determination of the beneficial owner according to § 3 GwG, clarification of the purpose of the business relationship, continuous monitoring. Identification is carried out using official identification documents or a qualified electronic signature in accordance with the eIDAS regulation.

According to Section 3 of the GwG, the beneficial owner is the natural person who holds more than 25 percent of the capital or voting rights or otherwise exercises control. The investigation is carried out using an extract from the transparency register in accordance with the Money Laundering Act (managed by the Bundesanzeiger Verlag) and, if necessary, additional declarations from the contractual partner. In the case of partnerships and family constellations, research is often time-consuming.

§ 14 GwG allows simplified due diligence obligations where there is demonstrably low risk, for example in the case of listed companies, public bodies or contracts with a small volume. Section 15 GwG requires increased due diligence in the case of increased risk, for example in the case of politically exposed persons (PEP) according to Section 1 Paragraph 12 GwG, if the company is based in third countries with a high risk or in the case of unusually complex transaction structures. The assignment is documented in the workspace for each customer file.

Report suspicious activity to the FIU

§ 43 GwG obliges you to report suspected cases to the Financial Intelligence Unit (FIU) at customs. The report is made via the goAML portal and must be submitted immediately as soon as facts indicate money laundering or terrorist financing. The clock starts on awareness.

The obligation to report is not linked to a specific initial suspicion in the criminal sense. There are enough clues that, according to the FIU's interpretation guidelines, make a plausible explanation difficult. Typical indicators are unusual cash transactions, straw man constellations, change of beneficial owner shortly before the conclusion of the contract or the involvement of PEP without a plausible business background.

The report contains mandatory information (obligor, affected persons, facts, amount and type of transaction) and is transmitted via the FIU platform. The FIU checks and, if necessary, forwards the matter to the public prosecutor's office and tax investigators and provides feedback on the blocking period in accordance with Section 46 of the GwG. Anyone who fails to report or submits it late risks fines in accordance with Section 56 of the GwG. A platform with prepared reporting texts and a documented 24-hour initial audit trail significantly reduces the risk. The auditor calls, the evidence is ready.

The money laundering officer according to Section 7 GwG

§ 7 GwG obliges certain obligated parties to appoint a money laundering officer and a deputy. The order is mandatory for banks, insurance companies and financial service providers. For other obligated parties, the responsible supervisory authority orders the appointment if this is necessary due to the business activity and size. In practice, larger medium-sized companies in the goods or real estate trade appoint voluntarily in order to structure supervisory communication.

The money laundering officer is the contact person for the supervisory authority, the law enforcement authorities and the FIU. He reports directly to management. The reporting line according to Section 7 Paragraph 1 Sentence 4 GwG cannot be delegated to middle management levels. The appointment certificate documents the person, the area of ​​responsibility and the reporting line. The appointment certificate, signed, filed, verifiable.

The external order is permissible according to Section 7 Para. 4 GwG if the person can carry out their tasks independently. A compliance platform like CIVAC provides the anti-money laundering officer as a monthly bookable role, with a standard SLA of 2 business days for the appointment certificate instead of the industry standard 2 to 6 weeks. Licence the workspace for your internal representatives, or have our representatives order it.

Training and internal security measures

§ 6 GwG requires appropriate business and customer-related internal security measures. This includes defining internal principles and procedures (risk management, data protection, control system), appointing the money laundering officer, training employees and a whistleblower procedure. The security measures are based on size and risk profile.

The training of employees is mandatory according to Section 6 Para. 2 No. 6 GwG. Employees who are responsible for initiating and executing transactions are trained. The training content includes the AMLA obligations, risk analysis, due diligence requirements, reporting requirements and typical risk indicators. One to two hour training courses with repetition every twelve to 24 months are common, documented in the training plan.

A compliance platform with audit templates reduces the effort. Training material, participant records and risk indicators are maintained centrally. Supervisors check the training certificates on a random basis, especially for new employees. Anyone who documents training courses ad hoc via email runs the risk of being subject to requirements. Others run compliance like a filing cabinet. We run it like software.

Supervision and fines according to Section 56 GwG

§ 56 GwG lists around 70 fines. The amount ranges from 100,000 euros for individual violations to 5 million euros or 10 percent of annual turnover for serious violations by credit institutions. For other obligated parties, up to 150,000 euros per violation applies, in the case of repeated or intentional violations up to 1 million euros.

The most common fines are: no or insufficient risk analysis according to Section 5 GwG, insufficient due diligence according to Section 10 GwG, missing or late reporting of suspicious activity according to Section 43 GwG, failure to appoint the money laundering officer according to Section 10 of the GwG. 7 GwG as well as inadequate retention obligations according to Section 8 GwG. The recording obligations cover five years and begin at the end of the calendar year in which the business relationship was terminated.

Supervisory audits in the non-financial sector are risk-oriented. County governments typically audit every two to five years, with a focus on risk analysis, due diligence and appointing the officer. Anyone who keeps the artifacts in an audit-proof manner will survive the audit without any conditions. Audit-proof, documented, paragraph-proof.

Pragmatic implementation in medium-sized companies

Medium-sized companies often underestimate the effort involved in implementing the AMLA. A realistic initial implementation involves six steps. Firstly, the determination of obligations: under which number of Section 2 GwG are we obliged? Secondly, the risk analysis according to Section 5 GwG with an assessment of customers, products and geographies. Thirdly, the determination of the due diligence requirements for each risk category.

Fourthly, the appointment of the money laundering officer and deputy in accordance with Section 7 GwG, if the supervisory authority orders this or makes sense voluntarily. Fifth, the creation of the internal security measures in accordance with Section 6 GwG, including training plans and whistleblower procedures. Sixth, setting up the suspicious activity reporting path to the FIU with a documented 24-hour initial inspection process.

These six steps can be implemented in four to eight weeks if existing templates are used. CIVAC provides 490 audit templates, including risk analysis templates, due diligence checklists, training materials and suspicious activity reporting workflows. The external money laundering officer will be appointed in 2 working days and will take over supervisory communication. Licence the workspace for your internal representatives, or have our representatives order it.

Turn reading into an assignment

If you want to systematically set up money laundering prevention, the next step is a concrete obligation and risk assessment. CIVAC is a German compliance platform and officer-as-a-service with 25 officer roles, 490 audit templates, ISO/IEC 27001:2022 ISMS and EU data residency. The external money laundering officer will be appointed in 2 working days, the risk analysis according to Section 5 GwG will be drawn up based on the standard templates.

Licence the workspace for your internal representatives, or have our representatives appointed. The monthly contract with 30-day cancellation reduces the investment risk. Supervisory communication is carried out in a structured manner via the money laundering officer, with a documented reporting line to management in accordance with Section 7 Para. 1 GwG.

Turn reading into a mandate. Write to info@civac.de or use the contact form on civac.de. Within one working day you will receive a clarification of needs with a statement of obligations, risk assessment and onboarding plan for the next five working days.

FAQ

Am I more obligated as a goods dealer within the meaning of the AMLA?

You are obliged according to Section 2 Paragraph 1 No. 16 GwG if you make or accept cash payments of 10,000 euros or more as part of your business operations. Different, lower thresholds sometimes apply to precious metal and gemstone trading.

Who is responsible for money laundering prevention in medium-sized businesses?

The management is responsible. The money laundering officer is operationally responsible in accordance with Section 7 GwG, if appointed. Without an obligation to order, management bears the duties directly and can delegate tasks to a compliance officer or external service provider.

What is a PEP according to the AMLA?

According to Section 1 Paragraph 12 of the GwG, politically exposed persons are people who hold or have held important public offices (members of the government, parliamentarians, judges of the highest courts, board members of state-owned companies) as well as their family members and close confidants. In the case of PEP, increased due diligence obligations apply in accordance with Section 15 of the GwG.

When do I have to submit a suspicious transaction report to the FIU?

According to Section 43 of the GwG, immediately as soon as facts indicate money laundering or terrorist financing. Clues are sufficient; a concrete initial criminal suspicion is not necessary. The report is made via the goAML portal.

How long do I have to keep AMLA documents?

According to Section 8 GwG, five years. The period begins at the end of the calendar year in which the business relationship was terminated or the one-off transaction was completed. This includes identification documents, extracts from the transparency register and risk assessments.

How much does an external money laundering officer cost per month?

Depending on the industry and complexity, realistic ranges are between 500 and 2,000 euros net per month. CIVAC offers the external money laundering officer as a role that can be booked monthly with an SLA of 2 working days for the appointment certificate.

No obligation

Sounds like a lot of work?

Officer duties, deadlines, paperwork — that's exactly what we take off your hands. Say hello and we'll show you how.

Turn this into a mandate.

Let us carry the operational weight. External officer, templates and documentation in one workspace. No obligation.

Related articles