News and developments
EBA issues Guidelines on policies and procedures in relation to Compliance Management and the role and responsibilities of the AML/CFT Compliance Officer
On 2 August 2021, the European Banking Authority (the “EBA”) launched a public consultation on the on policies and procedures in relation to compliance management and the role and responsibilities of the anti-money laundering and counter financing of terrorism (“AML/CFT”) compliance officer under Article 8 and Chapter VI of Directive (EU) 2015/849 [1].
Further to the latter, on 14 June 2022, the EBA published a final version of the above-mentioned on policies and procedures in relation to compliance management and the role and responsibilities of the AML/CFT compliance officer under Article 8 and Chapter VI of Directive (EU) 2015/849 (the “Guidelines”).
Purpose of the Guidelines
Directive (EU) 2015/849 requires that, amongst other obliged entities [2], credit and financial institutions have policies, controls, and procedures in place which are proportionate to the nature and size of the relevant institution, and which are approved by the institution’s respective senior management, to mitigate and effectively manage the risks of money laundering (“ML”) and terrorist financing (“TF”).
In line with Article 8(4)(a) of Directive (EU) 2015/849, where appropriate with regard to the size and nature of the business, credit and financial institutions have to appoint a compliance officer at management level. Additionally, Article 46(4) of Directive (EU) 2015/849 requires that credit and financial institutions that have a management body also identify the member of the management body who is responsible for the implementation of the law, regulations, and administrative provisions necessary to comply with Directive (EU) 2015/849.
Despite the latter specific requirements of Directive (EU) 2015/849, the EBA observed that a number of reports suggest that the requirements set out in Directive (EU) 2015/849 have been implemented unevenly across different sectors and Member States, and that they are not always applied effectively. The latter can result in adverse consequences for the integrity of the EU’s financial system.
Consequently, through the Guidelines, the EBA aims to create a common understanding, by competent authorities, credit institutions and financial institutions, of the role and responsibilities of:
- the management body with regards to AML/CFT or the senior manager where no management body exists; and
- the AML/CFT compliance officer.
It is also worth noting that the provisions set out in the Guidelines should (a) be applied in a manner that is effective and proportionate to the credit or financial institution’s type, size and internal organisation, the nature, scope and complexity of its activities, and the ML/TF risks to which the credit or financial institution is exposed and (b) complement but not replace relevant guidelines issued by the EBA on wider governance arrangements and suitability checks.
Key Points addressed by the Guidelines
Particularly, the Guidelines set out provisions on:
- The role and responsibilities of the management body in the AML/CFT framework and of the senior manager responsible for AML/CFT: Guideline 4.1.
This guideline addresses the collective responsibilities and role of the management body with respect to AML/CFT and specifies the role and tasks of the member of the management body or senior manager responsible for AML/CFT; - The role and responsibilities of the AML/CFT compliance officer: Guideline 4.2.
This guideline sets out the need to appoint an AML/CFT compliance officer at management level and that the AML/CFT compliance officer should have adequate authority to propose, on his/her own initiative, all necessary or appropriate measures to ensure the compliance and effectiveness of the internal AML/CFT measures to the management body in its supervisory and management function.Guideline 4.2 also stipulates the suitability requirements for the role of AML/CFT compliance officer and describes the roles and responsibilities of the person engaged in this role.Lastly, this guideline provides guidance regarding the outsourcing of the operational functions of the AML/CFT compliance officer, mentioning amongst others that the ultimate responsibility for compliance with legal and regulatory obligations, whether or not specific functions are outsourced, lies with the credit or financial institution. - The organisation of the AML/CFT compliance function at group level: Guideline 4.3.
Guideline 4.3 addresses the role of the management body in respect of AML/CFT at group level and specifies the responsibilities and clarifies the reporting lines in respect of the role of the AML/CFT compliance officer function at a group level, in order to ensure that shortcomings in the AML/CFT framework affecting the entire group or a large part of the group are addressed effectively.
Next Steps
The Guidelines will be translated into the official EU languages and published on the EBA website. The deadline for competent authorities to report whether they comply with the Guidelines will be six (6) months after the publication of the translations. The Guidelines will apply from 1 December 2022.
Author: Caroline Gauci
June 20, 2022
[1] Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC, as may be amended from time to time (“Directive (EU) 2015/849” or “Fourth Money Laundering Directive”).
[2] As such term is defined under Article 2 of Directive (EU) 2015/849.