On 14th June 2022, the European Banking Authority (EBA) published the Guidelines on policies and procedures in relation to compliance management under Article 8 and Chapter VI of Directive (EU) 2015/849, clarifying the role and responsibilities of the AML/CFT Compliance Officer and of the management body of credit or financial institutions. Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing requires that credit or financial institutions have in place policies, controls and procedures to mitigate and manage effectively the risks of money laundering and terrorist financing (ML/TF)
Through these guidelines, the EBA created a common understanding of the AML/CFT governance arrangements of credit or financial institutions. In this regard, these guidelines specify that credit or financial institutions should appoint one member of their management body who will ultimately be responsible for the implementation of the AML/CFT obligations; and clarify the tasks and functions of that person.
The management body in its supervisory function should be responsible for overseeing and monitoring the implementation of the internal governance and internal control framework to ensure compliance with applicable requirements in the context of the prevention of money laundering and terrorism financing (ML/TF). The management body is also responsible for the following roles / functions:
- Have clear knowledge on the results of the business-wide ML/TF risk assessment
- Oversee and monitor the extent to which the AML/CFT policies and procedures are adequate and effective in light of the ML/TF risks to which the credit or financial institution is exposed and take appropriate steps to ensure remedial measures are taken where necessary
- Review the activity report of the AML/CFT compliance officer and obtain interim updates more frequently for activities that expose the credit or financial institution to higher ML/TF risks
- Assess the effective functioning of the AML/CFT compliance function, including by taking into account the conclusions of any AML/CFT-related internal and/or external audits that may have been carried out, including with regard to the appropriateness of the human and technical resources allocated to the AML/CFT compliance officer
In relation to internal policies, controls and procedures referred to in the Directive, a credit or financial institution’s management body in its management function should:
- Implement the appropriate and effective organisational and operational structure necessary to comply with the AML/CFT strategy adopted by the management body, paying particular attention to the sufficient authority and the appropriateness of the human and technical resources allocated to the AML/CFT compliance officer function, including the need for a dedicated AML/CFT unit to assist the AML/CFT compliance officer
- Ensure implementation of internal AML/CFT policies and procedures
- Review the AML/CFT compliance officer’s activity report, at least annually
- Ensure adequate, timely and sufficiently detailed AML/CFT reporting to the competent authority;
- Where operational functions of the AML/CFT compliance officer are outsourced, ensure compliance with the ESAs guidelines on outsourcing arrangements and ESAs guidelines on internal governance, where applicable, and receive regular reporting from the service provider to inform the management body
The Guidelines also set out clear expectations of the role and responsibilities of the AML/CFT compliance officer and the management body. In particular, they describe the roles and responsibilities of the AML/CFT Compliance Officer, when this person is appointed by the management body pursuant to the proportionality criteria. The guidelines prescribe that, amongst other requirements, such Compliance Officer should possess appropriate AML/CFT skills and expertise including knowledge of the applicable legal and regulatory framework and the implementation of the AML/CFT policies, controls and procedures. The role and responsibilities of the AML/CFT Compliance officer should be clearly defined and documented. The role and responsibilities of the AML/CFT Compliance officer shall include:
- The development of a risk assessment framework
- Development of policies and procedures
- Appropriate consultation before the onboard of customers especially high risk customers
- Compliance monitoring
- Reporting to the management body of the institution
- Reporting of suspicious transactions
- Training of employees
Furthermore, when the credit or financial institution is part of a group, the Guidelines prescribe that a group AML/CFT Compliance Officer should be appointed; and outline the tasks and responsibilities of such Officer.
These guidelines apply to all existing management body structures, and the credit and financial institutions must make every effort to comply with their provisions. Notwithstanding this, the Guidelines also clarify certain principles which may be relevant to and applied by other subject persons.
The guidelines will apply as of 1 December 2022. They complement but do not replace, relevant guidelines issued by the EBA on wider governance arrangements and suitability checks.
For further information, please contact:
Franco Falzon C.P.A. LL.M (Managing Director) or Olga Ivanova LL.M (Legal & Compliance)
T: +356 2010 7771 (office)
M: +356 9989 5679 (mobile)
While FF International Limited (hereinafter referred to as “FFI”) endeavours to ensure that any information published in articles / publications / memos / updates (including any information published on our website) is accurate as at the time of publication, FFI nor any of their respective directors, partners, officers, employees, or agents make any representation or warranty (express or implied) or accept or will accept any responsibility or liability in relation to the accuracy or completeness of the information contained published in our articles / publications / memos / updates (including any information published on our website) or any other written or oral information made available or published on our articles / publications / memos and updates. Any responsibility or liability in respect of any such information or any inaccuracy or omission arising from any article / publication / memo is expressly disclaimed. In particular, but without prejudice to the generality of the foregoing, no representation or warranty is given as to the achievement or reasonableness of any future projections, estimates, prospects or returns published on our articles / publications / memos / updates (including any information published on our website) . The content of the above article / publication / memo / update and any information published on our website is intended to serve solely as general information only and its purpose is not to provide any specific professional advice whether of a financial, legal, tax or other nature. Since it is recommended that business decisions be based only on qualified professional advice, neither FFI nor any related company belonging to FFI nor any of the respective directors, partners, officers, employees, or agents of FFI will be held liable for any damages which might result as a consequence of relying on the information contained within. FFI including any directors, partners, officers, employees, or agents of FFI and / or any entity related to FFI accept no liability whatsoever for the content of this article / publication / memo / update for the consequences of any actions taken on the basis of the information provided. If you have any questions relating to the accuracy and correctness of the above article / publication / memo / updates or any information published on our website you are kindly requested inform us by sending us an email on firstname.lastname@example.org