Under Article 40, obliged entities have to retain Customer Due Diligence information, documents and data for five years from the end of the business relationship or from the carrying out of an occasional transaction. The same retention period is applicable in the case of transaction records that take placed within the context of a business relationship. It is understood that these records should be retained by the obliged entity concerned, be it an individual, a legal person or a legal arrangement, as also results from Article 42 of the Directive. However, where an obliged entity is a legal person or a legal arrangement, the obliged entity can undergo a winding up process or otherwise dissolved. The risk is that with the winding up or dissolution of the legal person or legal arrangement, any records retained for AML/CFT purposes may be lost if it is not clearly established who is to retain any such records.