Money laundering sounds like organised crime on an international scale. Yet it is not only major banks and global corporations that are affected – local mid-sized companies can also fall into the sights of money launderers. Criminals often use goods traders to channel illegal proceeds into seemingly legitimate business. The German Geldwäschegesetz (GwG – Anti-Money Laundering Act) therefore obliges various industries – not only financial institutions – to actively prevent money laundering. Commercial goods traders may also qualify as such "obliged entities" under Section 2 GwG.
Below we summarise which obligations companies in the goods-trading sector must fulfil in order to comply with the Anti-Money Laundering Act.
Risk management and internal safeguarding measures
Every obliged company must implement appropriate risk management. This means that goods traders should first conduct an individual risk analysis. All risks of money laundering and terrorism financing existing in the specific business operations must be identified and assessed (for instance, higher risks where cash transactions occur frequently or where customers come from high-risk countries). This analysis must be documented, regularly reviewed and updated where necessary. The supervisory authority may request to inspect it.
On the basis of the risk analysis, internal safeguarding measures must then be implemented. These include, for example:
• Clear procedural instructions for handling identified risks (e.g. heightened vigilance for certain customer profiles).
• Customer identification and verification of business partners (details below).
• Documentation and retention of all relevant data and records concerning customers and transactions.
• Employee training: regular instruction of staff on money laundering typologies, suspicious indicators and the obligations under the Anti-Money Laundering Act.
• Reliability checks of personnel in sensitive positions.
Larger companies, or those with a higher risk profile, should also consider appointing an anti-money laundering officer. The appointment of an AML officer is legally mandatory only in certain industries (e.g. the financial sector, gambling). However, the supervisory authority may also order a goods trader to appoint such an officer if this appears appropriate. Independently of any legal duty, it may make sense for a company in the goods-trading sector to voluntarily designate a responsible person to oversee the implementation of all GwG requirements.
Customer identification (Know Your Customer)
One of the most important preventive measures is customer identification (Know Your Customer). Special thresholds apply for goods traders: traders must identify customers only once they accept cash payments of EUR 10,000 or more from a customer (individually or in instalments), or where there are concrete grounds for suspecting money laundering. In other words: as long as transactions are carried out without cash or below this threshold and no suspicion exists, the identification obligation in goods trading does not apply.
The obligation to identify customers specifically means: the customer (in the case of natural persons) must be identified in person on the basis of a valid identity document. The first and last name, date and place of birth, nationality and residential address must be recorded. In the case of legal persons (e.g. where the customer is a company), the company name, legal form, registration number, registered office address and the names of the authorised representatives must be recorded. In such cases, the trader must also determine the "beneficial owner" – i.e. the person(s) who ultimately hold more than 25% of the shares or voting rights in the company or who otherwise exercise control. This information about the beneficial owner must be obtained from the customer and verified (e.g. by inspecting the commercial register or the official transparency register, see below).
Identity verification is carried out by inspecting official documents. For private individuals, for instance, an identity card or passport; for companies, for example, a commercial register extract or incorporation documents. It is important that the trader carries out this verification before establishing the business relationship or before concluding the transaction. If, during an ongoing business relationship, a new circumstance arises that gives rise to doubts as to the customer's identity or the money-laundering risk, re-identification may be required (refreshing the KYC data).
Recording and retention obligations
All data collected in the course of customer identification and transaction monitoring must be documented and stored securely. The Anti-Money Laundering Act prescribes comprehensive recording and retention obligations. In concrete terms, this means that copies of the identity documents presented by the customer must be made (or scanned digitally) and archived together with the identification data collected. Likewise, evidence and documents relating to the transactions carried out (e.g. contracts, invoices, payment receipts) must be retained.
The statutory retention period is five years. This period begins at the end of the calendar year in which the respective business relationship ended or the occasional transaction was carried out. After the five years have elapsed, personal data must be deleted without delay, unless other statutory retention periods or pending proceedings preclude this. For companies, this means they need an organised archiving system in order to be able to demonstrate at any time which customer was identified when and which transactions took place.
Only authorised employees should have access to the AML documentation. In the event of an inspection by the supervisory authority, however, the records must be capable of being produced. Missing or incomplete records may constitute a breach of the law.
Suspicious activity reports (reporting obligation in case of suspicion)
Goods traders must not only know their customers for certain amounts, but must also remain vigilant at all times for unusual transactions. Where grounds for suspicion arise that funds could derive from illegal sources or that a transaction is being used for money laundering, the reporting obligation is triggered: the matter must be reported without delay to the Central Office for Financial Transaction Investigations – the Financial Intelligence Unit (FIU) at the Federal Criminal Police Office. This so-called suspicious activity report is filed electronically via the FIU's reporting system (goAML). Important: the customer concerned must not be informed of the report.
But when exactly does a reportable suspicion arise? The Anti-Money Laundering Act requires a report whenever facts indicate that an asset derives from an illegal act or is connected with terrorism financing (Section 43 GwG). In practice, there are a number of warning signs that may arouse suspicion, for example:
• Unusual payment methods: e.g. very high cash payments, in particular where a customer insists on cash instead of a bank transfer with no apparent reason.
• Conspicuous transaction patterns: for instance many small partial payments just below the threshold, which taken together are conspicuously large (so-called smurfing/structuring).
• Many different accounts or corporate vehicles: where a customer makes or receives payments via numerous bank accounts in Germany and abroad, or interposes intermediary companies to obscure the origin of funds.
• Implausible business structure: e.g. a newly founded small trading company purchases very expensive goods in cash, in a way that does not fit the usual business profile.
• Personal grounds for suspicion: information that the customer or beneficial owner may be involved in criminal activities (such as press reports about ongoing investigations).
In case of doubt, the rule is: better one report too many than too few – the principle of "reporting frees you" has become established. The FIU will then examine the matter. If the suspicion is substantiated, law enforcement authorities are called in. For the trader, it is important to know that filing a suspicious activity report does not amount to a criminal complaint against the customer concerned, but is a preventive measure. However, failing to file a report despite concrete grounds for suspicion may result in substantial fines.
Transparency register: reporting obligation for beneficial owners
In addition to the directly customer-related obligations, there is another important requirement: the transparency register. This electronic register was created in 2017 on the basis of EU requirements and contains information about the beneficial owners of companies. As mentioned, a beneficial owner is the person who ultimately holds >25% of the shares or voting rights or who exercises control in a comparable manner.
Following a legislative reform in 2020/2021, the transparency register in Germany has been expanded into a full register. This means: all legal persons under private law and registered partnerships (e.g. GmbH, AG, OHG, KG, etc.) must actively report their beneficial owners to the transparency register. Previously, a "notification fiction" applied – if the ownership structure was already apparent from the commercial register and similar records, no separate filing was required. This exemption has been abolished. Now every company is under an obligation to obtain the relevant data (name, date of birth, place of residence of the beneficial owner as well as the nature and extent of the economic interest), to keep them up to date and to file them electronically with the transparency register. In addition, it must be checked at least once a year whether the entries are still current. Changes must be reported without delay.
Important: this transparency obligation applies to all companies, even if they are not otherwise among the entities obliged under the GwG. A trading company which, for example, does not regularly deal in large cash amounts must nevertheless disclose its ownership structure in the transparency register. Breaches of the reporting obligation may be sanctioned with substantial fines – the Federal Office of Administration (Bundesverwaltungsamt) may impose fines of up to EUR 100,000, in serious cases up to EUR 1 million, and in extreme cases even up to EUR 5 million. In fact, the Federal Office of Administration has conducted numerous proceedings against non-compliant companies in recent years and has imposed considerable fines in some cases. Companies are therefore well advised to comply urgently with this often-overlooked obligation.
Conclusion and recommendations for action
The obligations under the Anti-Money Laundering Act may seem extensive at first glance – but non-compliance is not an option. Breaches of the Anti-Money Laundering Act constitute administrative offences and may be sanctioned with fines or with twice the economic advantage obtained. Authorities are already strictly monitoring compliance. Numerous companies have already been hit with substantial penalties for shortcomings (for example in transparency register filings). Apart from fines, there is also the threat of reputational damage and exclusion from public procurement, should a company become involved in money-laundering incidents.
Our recommendation for goods traders: tackle the topic of money-laundering prevention proactively. Establish a robust compliance system. Carry out the required risk analysis, train your employees and implement clear processes for customer identification and suspicious activity reporting. Make sure that your company is correctly registered in the transparency register. Document all steps carefully.
We are happy to support you in implementing all GwG obligations within your company and in interpreting them in a legally secure manner. From preparing an individual money-laundering risk analysis through drafting internal guidelines to training your employees, we are at your side in an advisory capacity.
