The German Anti-Money Laundering Act (GwG) imposes significant compliance requirements on mid-sized companies as well. From risk analysis to beneficial owner identification to suspicious activity reporting -- we explain the obligations and provide practical implementation guidance.
Anti-Money Laundering for Mid-Sized Companies: The GwG and Its Practical Requirements
Anti-money laundering has long ceased to be a topic that concerns only banks and financial service providers. The German Anti-Money Laundering Act (Geldwäschegesetz -- GwG) covers a broad range of so-called obliged entities, which include not only credit institutions but also tax advisors, lawyers, auditors, real estate agents, dealers in goods, and numerous other professional groups. Moreover, all companies -- regardless of size -- must observe the transparency obligations under the GwG. For mid-sized companies, implementing the statutory requirements represents a significant challenge, but one that can be mastered with a systematic approach.
Who Is Obligated?
The GwG distinguishes between various groups of obliged entities (Section 2 GwG). Particularly relevant for mid-sized companies are:
Directly Obliged Entities
- Financial undertakings: Including company-owned leasing or factoring entities
- Dealers in goods: Companies that sell goods where they make or accept cash payments of 10,000 euros or more
- Real estate agents: When brokering purchase and lease agreements (for lease agreements from a monthly net cold rent of 10,000 euros)
- Tax advisors and lawyers: For certain activities (e.g., financial and real estate transactions, formation and administration of companies)
Indirectly Affected Companies
Companies that are not directly obliged entities under the GwG must nevertheless observe the Transparency Register provisions. All legal entities under private law and registered partnerships must report their beneficial owners to the Transparency Register (Section 20 GwG).
Overview of Obligations
1. Risk Analysis (Section 5 GwG)
The risk analysis forms the foundation of every anti-money laundering compliance system. Obliged entities must identify, assess, and document their individual money laundering and terrorist financing risks. The risk analysis must cover the following dimensions:
Customer Risk:
- What customer groups does the company serve?
- Are there politically exposed persons (PEPs) among the customers?
- Do business relationships exist with customers in high-risk countries?
- Are there customers with complex or opaque ownership structures?
Product Risk:
- What products or services does the company offer?
- Are certain products particularly vulnerable to money laundering?
- Are new products or distribution channels being introduced?
Geographic Risk:
- In which countries does the company operate?
- Do business relationships exist with high-risk countries pursuant to the EU Delegated Regulation?
- Are there cross-border transactions?
The risk analysis must be regularly updated -- at least annually and upon significant changes to business activities.
2. Customer Due Diligence (KYC -- Know Your Customer)
Due diligence obligations are at the core of the GwG. They comprise:
Standard Due Diligence (Section 10 GwG):
- Identification of the contracting party: Name, place of birth, date of birth, nationality, and residential address for natural persons; company name, legal form, registration number, and registered office for legal entities
- Verification of identity: Using a valid official identification document (for natural persons) or a registry extract (for legal entities)
- Determination of the beneficial owner: Identification of the natural person who ultimately controls the contracting party (for legal entities: from 25 per cent of capital shares or voting rights)
- Obtaining information on the purpose and nature of the business relationship
- Ongoing monitoring: Continuous review of the business relationship and transactions conducted
Enhanced Due Diligence (Section 15 GwG):
Enhanced measures are required in certain risk situations:
- For politically exposed persons (PEPs) and their family members
- For business relationships or transactions involving high-risk countries
- For complex or unusually large transactions
- For transactions serving no discernible economic or lawful purpose
3. Transparency Register (Sections 18 et seq. GwG)
The Transparency Register is a central electronic register maintaining the beneficial owners of all legal entities and registered partnerships. Key obligations include:
- Reporting obligation: Companies must report their beneficial owners to the Transparency Register without delay
- Update obligation: Changes to beneficial owners must be communicated promptly
- Discrepancy reporting: Obliged entities under the GwG must report deviations between the information available to them and the entries in the Transparency Register (Section 23a GwG)
4. Suspicious Activity Reporting (Section 43 GwG)
Reporting to the Financial Intelligence Unit (FIU) is one of the most important obligations under the GwG. A report must be filed when:
- Facts suggest that assets originate from a criminal offence or are connected with terrorist financing
- The contracting party has violated their due diligence obligations and the business relationship could therefore not be established or continued
- An unusual transaction does not fit the customer's known business profile
Important: The suspicious activity report is confidential (tipping-off prohibition, Section 47 GwG). The reporting party must not inform the affected person or third parties about the report.
5. Internal Safeguards (Section 6 GwG)
Obliged entities must implement appropriate internal safeguards:
- Money laundering officer: Appointment of a money laundering reporting officer and their deputy
- Training: Regular training of employees on money laundering risks and internal procedures
- Internal policies and procedures: Written documentation of processes for fulfilling GwG obligations
- Reliability checks: Verification of employee reliability
- Whistleblowing system: Establishment of a reporting system for employees
6. Record-Keeping Obligations (Section 8 GwG)
All data and documents collected under the due diligence obligations must be retained for at least five years after the end of the business relationship or after execution of the transaction. The retention period may be extended to up to ten years in certain cases.
Practical Implementation for Mid-Sized Companies
Step 1: Stocktaking
First, determine whether and to what extent the company falls under the GwG:
- Does the company qualify as an obliged entity under Section 2 GwG?
- Which business activities are relevant?
- What customers and business relationships exist?
Step 2: Prepare the Risk Analysis
The risk analysis should be prepared pragmatically and proportionally to company size and identified risks:
- Use of standardised templates and questionnaires
- Involvement of all relevant business areas
- Documentation in a traceable format
- Definition of concrete measures for identified risks
Step 3: Implement KYC Processes
Implementing efficient KYC processes is crucial:
- Standardised identification forms for different customer types
- Checklists for beneficial owner verification
- Technical solutions for automated screening (sanctions list screening, PEP checks)
- Clear escalation paths for suspicious circumstances
Step 4: Train Employees
Employee training is a key element:
- Initial training for all affected employees upon joining or assuming relevant duties
- Annual refresher with current typologies and case examples
- Specialist training for particularly exposed staff
- Documentation of all training conducted
Step 5: Establish the Suspicious Activity Reporting Process
The suspicious activity reporting process must be clearly defined:
- Reporting channels: Who reports internally to whom?
- Decision matrix: When is a report to the FIU required?
- Deadlines: Reports must be filed without delay
- Confidentiality: Ensuring the tipping-off prohibition
Sanctions for Violations
Violations of the GwG can have serious consequences:
- Fines: Up to 150,000 euros for simple violations; up to one million euros or twice the economic benefit derived from the violation for serious, repeated, or systematic breaches (Section 56 GwG). For certain institutions, fines can rise to five million euros or ten per cent of annual turnover.
- Publication: The supervisory authority may publish final measures and fine decisions on its website (naming and shaming, Section 57 GwG)
- Criminal consequences: Money laundering itself is punishable under Section 261 of the Criminal Code; reckless money laundering is also covered
- Trade law consequences: Serious or repeated violations may call trade law reliability into question
Current Developments
EU Anti-Money Laundering Package
The EU has adopted a comprehensive anti-money laundering package bringing significant changes:
- Establishment of AMLA: The new EU Anti-Money Laundering Authority based in Frankfurt am Main will supervise the most significant cross-border financial institutions
- EU Anti-Money Laundering Regulation: The directly applicable regulation will largely replace national anti-money laundering laws and ensure harmonisation of rules
- Reduction of the cash limit: The ceiling for cash payments will be set at 10,000 euros
- Expansion of obliged entities: Additional professional groups will be brought within scope, including crypto-asset service providers and professional football clubs
Conclusion
Anti-money laundering is a serious compliance task for mid-sized companies that can be implemented professionally with manageable effort. A systematic approach, clear responsibilities, and risk-based prioritisation are decisive. Those who ignore GwG obligations risk not only substantial fines but also significant reputational damage.
At compleneo, we support you in implementing a tailored anti-money laundering compliance system. Our experts prepare your risk analysis, implement KYC processes, train your employees, and accompany you in ongoing monitoring -- so that you meet regulatory requirements reliably and can focus on your core business.
