Both are discussing the project and also viewing it on the big screen.

New European Guidelines on role and responsibilities of the AMLCO

On 14 June 2022, EBA published Guidelines on the role and responsibilities of the AML/CFT compliance officer (AMLCO) of credit & financial institutions (FIs). Guidelines set clear expectations of the role, task & responsibilities of an AMLCO and specify the FI’s obligations regarding requirement implementation. The goal of the Guidelines  is to ensure a common interpretation and adequate implementation of AML/CFT governance across EU in line with EU AML Directive.

1. BA Guidelines on role and responsibilities of the AML/CFT Compliance Officer

On June 14th, 2022, the European Banking Authority (“EBA”) published new Guidelines on the role and responsibilities of the AML/CFT Compliance officer (“AMLCO”) as well as internal policies, controls and procedures, in accordance with its legal duty to prevent money laundering and terrorism financing.

These Guidelines apply to credit and financial institutions (“FI(s)”) - those within the scope of the AML/CFT regulation - and are also addressed to local financial authorities.

The Guidelines specify the role and responsibilities of the AMLCO and the management body (or the senior manager responsible for AML/CFT where no management body is in place)  .

In its supervisory function, the management body is responsible for overseeing and monitoring the AML/CFT internal governance and internal control framework. In its management function, the management body is notably in charge of implementing the organizational and operational structure to comply with the AML/CFT strategy.

The Guidelines clarifies that when management body decides to assign duties of the AMLCO to an executive or employee who already has other responsibilities, it should identify and review potential conflicts of interest and take the necessary steps to avoid them or, where this is not possible, to manage them. In addition, the management body should ensure that this person can devote sufficient time to the duties of the AMLCO.

When the FI is part of a group, the Guidelines require the designation of a group AMLCO and specify that person’s duties and responsibilities (see section 3).

These Guidelines complement requirements in other sectoral laws that relate to FIs governance and risk management systems, and suitability requirements for senior function holders, and will apply as of December 1st, 2022.

2. Appointment, role and responsibilities of the AMLCO

The main requirements of the EBA Guidelines regarding the AMLCO can be categorized in different sub-sections.

Requirements related to the individual

Requirements related to the quality of function

Requirements related the role and responsibilities

  • He/she has the necessary reputation, honesty, and integrity to perform the function.
  • He/she has the appropriate AML/CFT skills and expertise.
  • He/she demonstrates sufficient knowledge and understanding of the ML/TF risks associated with the business model of the FI.
  • He/she should be independent from the business lines or units he/she controls and be subordinate to a person who has responsibility for managing any of those business lines or units.
  • He/she should have sufficient time and seniority to perform his/her function effectively, independently and autonomously.
  • He/she should be appointed at management level and have sufficient authority to propose all necessary or appropriate measures to ensure the compliance and effectiveness of the internal AML/CFT measures to the management body.
  • The AMLCO function may be combined with the general compliance function, but it must be different from the audit function.
  • The function can also be outsourced. In this context, it is mandatory to comply with the relevant key principles provided in the Guidelines and the ESA guidelines on outsourcing.
  • He/she performs the ML/TF risk assessment and reports the results of this assessment to the management body.
  • He/she operates on an ongoing basis as part of the overall business continuity management.
  • He/she drafts AML/CFT Policies and Procedure.
  • He/she must be consulted before management body makes a final decision on onboarding new high-risk customers or maintaining business relationships with high-risk customers in line with the risk-based internal AML/CFT policies of the credit or FIs.
  • He/she performs specific tasks regarding the reporting of suspicious transactions.
  • He/she should be able to assign and delegate his/her tasks to other officers and employees acting under his/her direction and supervision.

By  December 1st, 2022 at the latest, the National Bank of Belgium (NBB) and the Financial Services and Markets Authority (FSMA), each for the respective FIs under their supervision, will consider such criteria (non-exhaustive list) within the controls and inspections of FIs AML/CFT compliance.

3. Organization of the AMLCO role at group level

The Guidelines provide specific rules on the roles and responsibilities of the AMLCO when the FI is organized as a group.

Therefore, where an FI operates branches or subsidiaries domestically or in another Member State, the group must ensure that the policies and procedures of the entities are aligned with those of the group within the scope of national law. In addition, the ultimate parent entity must designate an AMLCO at the ultimate parent and group level.

The ultimate parent must also approve internal AML/CFT policies and procedures of the group and establish internal AML/CFT control mechanisms at the group level.

In this context, the group AMLCO has broad powers at the group level and cooperates fully with the AMLCO of each entity. He/she prepares a group-wide ML/TF risk assessment, sets group-wide AML/CFT standards and ensures that local entity policies and procedures comply with AML/CFT laws and regulations applicable to each group entity.

Broadly, the group-wide AMLCO performs the task of centralizing procedures and information, as well as coordinating the activities conducted by the respective AMLCO of the group's entities.

4. What impact should you expect as an FI?

FIs are required to assess whether the current function of AMLCO, including the group’s AMLCO if any, complies with the Guidelines, and to be able to demonstrate their credentials in the event of an audit or inspection.

In addition, when deciding on the appointment of the AMLCO, the FI will need to demonstrate to the competent authority that it has considered the scale and complexity of its structure and its ML/TF risk exposure.

In this context, the management body will be required to consider the following criteria when appointing the AMLCO:

  • the nature of the FI’s business and the ML/TF risks associated therewith, taking into account its geographical exposure, customer base, distribution channels, and service offering
  • the size of the FI’s operations in the jurisdiction, the number of its customers, the number and volume of its transactions and the number of its full-time equivalent employees
  • the legal form of the FI, including whether it is part of a group.

As a consequence, when performing the assessment of the AMLCO tasks, procedures and policies in place, and reviewing their current AML/CFT framework based on the principle of proportionality, the structure of their company and their exposure to ML/TF risk, some FIs will be required to appoint a new AMLCO in the coming months, in accordance with the Guidelines requirements.

Regarding the appointment of this new AMLCO, FIs should keep in mind that the NBB – for FIs under its supervision - expects to be notified without delay of any change in that regard. This notification should include an organizational chart, the curriculum vitae of the new AMLCO and clarify if he/she performs another function which could give rise to a conflict of interest for that person.