The liability of individuals under the Bulgarian Prevention of Money Laundering Act5 July 2019
This note analyses the potential liability of the individuals connected to obliged entities (within the meaning of the EU money laundering directives) but does not deal with so-called regulated entities (banks, advisors, intermediaries and other professionals tasked with enforcement duties in AML terms).
This Note is aimed at:
- in-house legal counsel/legal teams
- directors/senior management
- other persons with compliance responsibilities.
This Note discusses certain liabilities for individuals in connection with anti-money laundering (AML) legislation in Bulgaria, including the Prevention of Money Laundering Act 2018 (PMLA). We examine four groups of potentially affected individuals:
- Obliged entity beneficial owners
- Entity directors or managers
- Senior management officials specified in lieu of beneficial owners
- Local contact persons
Under PMLA, obliged entities must acquire and file information on their “beneficial owners”. Notably, this category may include those who are legally not owners at all.
In our view, the duties of acquiring and filing information on beneficial ownership belong to the obliged entities themselves and are not duties of the “beneficial owners” themselves. However, once an entity is found in breach, its director(s) or other manager(s) may also incur liability for the entities’ failures.
Where the obliged entity has not been able to identify with sufficient certainty a beneficial owner, the default obligation of the entity is to nominate a “senior management official” whose details are filed instead. We feel that such officials are likely to be immune from liability (but note some risk and advise that developments in this area need to be monitored).
Entities must also appoint local contact persons where none of the directors are permanently resident in Bulgaria. These are individuals who do assume duties and are subject to certain liabilities as described in more detail below.
The question of personal liability
The PMLA implemented in Bulgaria the EU’s Fourth Anti-money Laundering Directive (MLD4). The PMLA imposes a number of obligations on companies and certain other entities collectively referred to as “obliged entities”. These include identifying an entity’s own “beneficial owners” and collecting and filing certain information. We deal with the obligations of the enties in a separate Note.
The question arises what, if any, is the personal liability of the various types of individuals connected to obliged entities or whom the obliged entities nominate as local contact persons (as they are obliged to in some cases)?
Obliged entities vs regulated entities
In the MLD4 framework and therefore in the PMLA, various duties are imposed on entities referred to as “regulated entities” and defined in s 4 PMLA. These include banks and other regulated financial providers; notaries; lawyers; real estate agents, and multiple other categories. Multiple provisions of the PMLA (both in its Chapter 10 and elsewhere) expressly create liabilities for certain individuals connected to regulated entities in the event of their non-compliance.
It is unlikely that this statutory liability would be applied by analogy to individuals involved in obliged entities. In the first place, regulated entities are generally given a much bigger role in MLD4’s scheme and tasked with AML enforcement. They report suspicious activity observed in the course of their business and/or professional activities and must comply with certain standards of conduct. The duties of the obliged entities are instead more modest – focused on the collection, maintenance of, and filing of information about themselves. Having said this, we examine specific categories of individuals connected to obliged entities in more detail.
As to the obligations of regulated entities, we address these elsewhere. For the avoidance of doubt, we also do not here consider the duties regulated entities may have as obliged entities.
Is a director of an obliged entity personally liable to identify and disclose the beneficial owner?
S. 61 of PMLA states that obliged entities and contact persons are obliged to receive, avail themselves of and make available appropriate, current and accurate information regarding the individuals who are “their owners”. Strictly this is an obligation for the entities and contact persons and not for directors or other management. However, the liability of Directors may potentially be engaged as a director may be personally liable for violations which he/she has ordered or permitted to take place (known as допустителство). S.116 PMLA, dealing with penalties for non-compliance, includes not only failure to comply but also the act of allowing a violation to occur.
One filter for the extent of this duty is the established case law principle that the main duty bearer (here, the obliged entity) must be held liable before the director is.
What is the liability of a ‘beneficial owner’?
Do beneficial owners need to assist the obliged entities in identifying them as the beneficial owners? If so, do they owe a duty that is parallel to the duty of the company or other entity to be identified? In our view, the answers to these questions must be in the negative.
The PMLA does not require the beneficial owner to identify him- or herself. Rather, the duty to identify is that of the company or entity. For all intents and purposes, the beneficial owners are not directly involved in the operation of anti-money laundering law. While their ownership or control or other status as beneficial owner(s) are published as a result, they are not directly required to take steps to create this transparency.
May the beneficial owners be indirectly obligated to provide necessary information to the obliged entity to enable it to perform its own disclosure duties? It seems to us that at least a public law duty of this sort cannot be read into the PMLA.
It may be very inconvenient for the obliged entity not to have the necessary information, and if the entity is exposed to liability, that may indirectly affect the interests of the beneficial owner or controller who is presumably indirectly benefitting from the success of the entity. Yet, this liability may not always suffice to motivate a beneficial owner to cooperate in disclosure. To qualify as a beneficial owner, an individual may hold a very small percentage of the economic interest in an entity (e.g. where they hold via a chain of companies).
It may be another matter whether the beneficial owner can be said to owe a duty in delict (or tort) to the company they are a beneficial owner of, to not unreasonably cause it harm but failing to provide information. Nevertheless, at least while the company remains solvent, such duties (if they exist) would generally remain inchoate and theoretical if the beneficial owner genuinely controls the equity and in the absence of a doctrine of unfair prejudice by one shareholder against another.
Are “senior management officials” (where they are identified in lieu of beneficial owners) liable?
Is it different where the entity is unable to identify anyone who sufficiently fits within the statutory definition of beneficial owner and so is required instead to disclose a senior management official in accordance with § 2(5) of the Additional Provisions of the PMLA?
In our view, once again, the answer is in the negative.
The senior management official in this situation does not voluntarily assume liability, and does not do so as a practical matter (e.g., there is no requirement that they consent to their being indicated in the filing); like a beneficial owner they may be remote both physically and practically from the obliged entity.
What may help the opposite conclusion would be an ellision between the concept of ‘senior manager’ and that of ‘senior management official’ (both are contained in MLD4). According to Article 3(12) of MLD4, a senior manager may in the alternative be someone with a special responsibility for AML compliance at a parent entity. If the two concepts are very similar, the fact that a senior manager/senior management official is a person with AML compliance duties would appear to support an argument that such an official has a duty for AML enforcement and is therefore liable for non-compliance. However, selecting such as a senior management official someone with a separate (AML) compliance role is optional: the company may instal another senior official who has no prior responsibilities or involvement in AML matters and thus presumably is less duty bound ex ante.
This is in our view an area of law which ought to be closely watched for developments.
What are the duties and liability of a local contact person?
There is a further category of individual whose details may be the subject of a filing under the PMLA, where the obliged entity does not have a Bulgarian-resident individual as a director or other lawful representative.
Unlike a beneficial owner (whether owner proper or senior management official appointed in lieu of one), the contact person must consent to acting as such.
S 118(5) of the PMLA states that a contact person who fails to ‘perform his or her obligations pursuant to sections 61 or 62’ may be fined between €50-€500 on the first and between €100 to €1,000 on any subsequent occasion. Indeed, s 61 imposes on contact persons greater duties than on directors of the obliged entities since the contact person is obliged to ‘receive, avail themselves of and to make available appropriate, current and accurate information regarding the individuals who are “their” owners including detailed information on the rights held by them’.
Secondary obligations include providing information regulated entities are entitled to demand to them and to law enforcement agencies.
At first sight, it is unclear how a duty to receive relevant information may in fact be fulfilled. Would it be sufficient for the contact person to remain open to receiving this information (but not to take steps to source it) or do they need to solicit the information and if so – how effective must their efforts be? Is a contact person required to communicate anything to the company or its beneficial owners? The latter does not appear to be a specifically imposed duty but on the other hand appears implicitly to be the point – the company needs a local person in order for the company to be contacted by the authorities which have a responsibility for anti-money laundering. If so, a contact person may be required to demonstrate that he or she is communicating to their appointing entity any enquiries or requests made by law enforcement. It is questionable to what degree of proof and disclosure of transmission they may be placed.
The PMLA contains an express reservation for criminal offences which may separately arise in respect of money laundering, but are outside it.
Keep under review
This is a fast-developing area of law and we would recommend to both obliged entities and to contact persons and other individuals who may be affected to keep aware of new developments and in particular the evolving practice and the position taken by the courts.