Up to BGN 10 million fine for failing to comply with the new Measures Against Money Laundering Act

It is expected that by the end of this month the Draft Amendments to the Measures Against Money Laundering Act will have passed first session, which will introduce further new regulations to the Bulgarian legislative framework.

The foreseen amendments are bound, once again, to expand the categories of affected entities, adding up to the current ones, also persons trading or acting as intermediaries in the trade of works of art, providers engaged in exchange services related to virtual currencies, as well as wallet providers, trustee service providers etc.

With the adoption of the law, a ban shall be introduced on the opening and keeping of anonymous safe-deposit boxes or safe-deposit boxes in a fictitious name. Lower thresholds are envisaged when it comes to applying customer due diligence measures by the e-money issuers and their agents.

The regulation in the field of measures against money laundering and countering the financing of terrorism shall reach out to most of the Bulgarian businesses. The organizations will face the imperative requirements of the law and apply adequate customer due diligence measures in accordance with the relevant risk level, establish the source of the assets and source of funds, notify the State Agency for National Security in case of suspicious transactions and operations and strictly apply a number of other rules.

Despite the publicity of the abovementioned legislative amendments, still a large part of the organizations have not undertaken the necessary actions for bringing their businesses and activities in compliance with the law, which is becoming more and more restrictive with each subsequent amendment, including the introduction of fines amounting to BGN 10 million or 10 % of the annual turnover of the responsible legal entity.

The consequences and sanctions envisaged for failing to comply with the legal regulations in this field are significant and require duly and timely organized preparation by all obliged entities.

The choice between Bulgaria and Turkey for the new Volkswagen factory

German agency Deutsche Presse-Agentur (DPA) has provided information on the selection of country to build the construction of a new factory of Volkswagen. It's about the car factory where the conventional models of Skoda and Seat will be used. Is expected of the factory to produce around 200,000 cars per year, and jobs will be ranging from 4,000 to 5,000. The Germans were targeting Eastern European countries, at the first considered countries are Turkey, Serbia, Bulgaria and Romania, but according to the latest data at this stage, the choice is limited to Turkey Turkey and Bulgaria. The investment of the German automobile giant (in Bulgaria) will be worth 1.4 billion euros. Both countries have the biggest chances of the Volkswagen project due to the conditions they offer.

According to sources from the company, both countries have their advantages. Turkey has considerable experience in the automobile industry, a large market and a highly skilled workforce. The new Volkswagen factory will have to maintain relatively low production and delivery costs in the long run, which is why Bulgaria's membership in the single European market gives it a significant advantage. Another superiority of our country is the many openings in the last years of a factories to produce automobile parts, which are part of the world production chain in the automobile industry. The German president Frank-Walter Steinmeier went to Sofia and Plovdiv, which are said to be the most likely locations for the factory.

But why is Volkswagen's factory important for Bulgaria?

The Volkswagen car assembly factory would have a positive impact on engineering technology and industrial production. The investment is long-term. Such a factory usually brings with it many related industries, logistics and supply. Since it is a huge company with established markets in Europe and around the world, if it is built in Bulgaria, the factory will create more value for the economy than the whole agricultural sector and construction sector.

The Personal Data Protection Commission has issued an opinion on cases where no consent is needed for the collection and processing of personal data

The direct application of Regulation (EU) 2016/679 ("General Data Protection Regulation", "GDPR"), which has fundamentally amended the regulation on the personal data processing and protection, has began as of 25.05.2018.

Not a small part of the innovations in the regime are also aimed at enhancing the importance and requirements of the legal bases for the lawful personal data processing. The purpose lies therein, where these grounds reflect the needs of the modern information society and the and increasingly entrant digitization. Primary among the grounds for processing personal data, at least in terms of media interest, is the consent given freely and informed by any individual - subject of personal data. In view of the novelty of the Regulation and the lack of a long-standing practice on a number of issues concerning its application, both at European and national level, including on the grounds for processing, the Personal Data Protection Commission was daily bundled with questions from the administrators concerning the need for requirement of consent by individuals with regard to the processing of their personal data. Practically from a possibility, the consent turned into a main ground for processing of personal data, probably because of the subjective feeling of security and guarantee. As a result, we witnessed an all over gathering of declarations-consents from different administrators in the provision of their services.

With regard to the reasonable application of the Regulation and for the purpose of clarification of the ambiguities surrounding the latter, the Personal Data Protection Commission published on its web page an opinion on its website entitled "When it is not necessary to consent to the collection and processing of personal data". At the end of the opinion a Sample inexhaustive list of the administrators, who in the exercise of their normal professional activity, should not require the consent of individuals to process their personal data is specified.

Here are the hypothesis, listed in the commission’s opinion:

1. Administrator – public or private, gathering a certain amount of personal data in  execution of their obligation by law, by virtue of the law such as the Health Act, the Accountancy Act, the Administrative Violations and Sanctions Act, the Labour Code, the Social Insurance Code, the Ministry of Interior Act, the Civil Registration Act, the Tourism Act, the Pre-school and School Education Act etc.
2. Personal data is gathered in connection with offering different administrative services by national authorities, or bodies of local self-government.
3. Personal data is gathered and processed for the sake of an employment relation.
4. Personal data is necessary for contract conclusion and execution, to which the subject of the data is a party.
5. Personal data is necessary for the protection of the legitimate interests of the administrator or of third parties, in case that these interests have advantage over the interests and/or fundamental freedoms of the individual.
6. The personal data is transferred from one administrator to another as a result of a transfer of receivables (cession).
7. The personal data is transferred from the administrator to a personal data processor.
8. Photography and filming of individuals in public.
9. In cases when there is processing of special categories (sensitive) personal data, such as data regarding ethnic origin, political views, religious beliefs, union membership biometric data, health status data, sexual orientation and others., the grounds for legality are indicated in Art. 9, para. 2 of the GDPR – the processing of data for health state is lawful if it is done for the purposes of preventive or occupational medicine, for assessment of the working capacity of the employee, medicine diagnose, the provision of health and social care, treatment, for management of healthcare and social care systems, in the field of public health, for the protection against serious cross-border treats for the health and others.

In its opinion the Commission points out an example inexhaustive list of cases in which administrators, in the exercise of their normal professional activity, should not require consent. Among these administrators are doctors, dentists, pharmacists, lawyers, employers, banks and other credit institutions, insurers, educational institutions, etc.

The full content of the opinion of the Personal Data Protection Commission can be found on the following link: https://www.cpdp.bg/index.php?p=element&aid=1158

The National Assembly has adopted the long-awaited Measures Against Money Laundering Act

The National Assembly of the Republic of Bulgaria adopted at a second reading the new Measures Against Money Laundering Act (MAMLA) which implements the requirements of Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing in the Bulgarian legislation (the 4^th Anti-Money Laundering Directive).

The range of the persons obliged under the new MAMLA is similar to the one provided for in the previously applicable law. Besides the main subjects for which the act imposes obligations – the companies operating in the financial sector (credit, financial and payment institutions, electronic money companies, etc.), a wide range of persons, including non-profit legal entities (associations and foundations), wholesalers, registered auditors, persons who provide professionally accounting services or certain types of legal advice, notaries, private enforcement agents, etc. are also obliged. 

A significant innovation is the creation of a register of the beneficial owners of the legal entities established within the territory of the Republic of Bulgaria who are obliged to provide and dispose with appropriate, accurate and up-to-date information about the natural persons who are their beneficial owners. It is envisaged that this information (names, citizenship, PIN etc. of the beneficial owner) shall be filled in the Commercial Register, respectively in the BULSTAT register, and shall lead to a disburden of the persons obliged upon performance of their obligation to identify the beneficial owner of their customers.

A fundamental principle enshrined in the new act (as well as in the 4^th Anti-Money Laundering Directive) is related to the so-called risk-based approach which should be applied by the persons obliged. On this basis, the persons supervised are obliged to apply the measures for customer due diligence at such an intensity that corresponds to the risk typical for the particular business relationship or occasional operation or transaction. Thus, in theory, the persons obliged could apply simplified measures for customer due diligence in situations characterized with lower risk and on the contrary shall be obliged to apply measures for expanded verification in situations with a higher risk.

Along with the above mentioned, the new act introduces other changes compared to the previously existing legal framework in the sector – the creation of a National Risk Assessment is envisaged, on the basis of which the persons obliged will have to prepare their own internal risk assessments, the range of the persons falling under the notion of politically exposed persons has been expanded, a more detailed legal framework has been developed regarding the criteria and procedures for performance of expanded and simplified customer due diligence, etc.

The adoption of the new legal framework requires a wide range of persons to update their internal rules against money laundering and terrorist financing, to prepare and / or update their internal risk assessments defining risk factors, transactions, clients, etc. which are characteristic for the activity of the particular persons, as well as to comply with the new procedures provided for in the law.

Once the Commission for Protection of Competition authorized the business concentration, a final agreement for the transfer of 100% of the capital of "Bulfeld" Ltd. - the company which owns the Paradise Center, was signed on the 1^st of December 2017.

Thus, the biggest real estate transaction of the year was successfully completed. "Penkov, Markov & Partners", Attorneys-at-Law, represented the interests of the seller "Bulfeld" Ltd in the process of the transaction.