New European Guidelines on role and responsibilities of the AMLCO

On 14 June 2022, EBA published Guidelines on the role and responsibilities of the AML/CFT compliance officer (AMLCO) of credit & financial institutions (FIs). Guidelines set clear expectations of the role, task & responsibilities of an AMLCO and specify the FI’s obligations regarding requirement implementation. The goal of the Guidelines  is to ensure a common interpretation and adequate implementation of AML/CFT governance across EU in line with EU AML Directive.

1. BA Guidelines on role and responsibilities of the AML/CFT Compliance Officer

On June 14th, 2022, the European Banking Authority (“EBA”) published new Guidelines on the role and responsibilities of the AML/CFT Compliance officer (“AMLCO”) as well as internal policies, controls and procedures, in accordance with its legal duty to prevent money laundering and terrorism financing.

These Guidelines apply to credit and financial institutions (“FI(s)”) - those within the scope of the AML/CFT regulation - and are also addressed to local financial authorities.

The Guidelines specify the role and responsibilities of the AMLCO and the management body (or the senior manager responsible for AML/CFT where no management body is in place)  .

In its supervisory function, the management body is responsible for overseeing and monitoring the AML/CFT internal governance and internal control framework. In its management function, the management body is notably in charge of implementing the organizational and operational structure to comply with the AML/CFT strategy.

The Guidelines clarifies that when management body decides to assign duties of the AMLCO to an executive or employee who already has other responsibilities, it should identify and review potential conflicts of interest and take the necessary steps to avoid them or, where this is not possible, to manage them. In addition, the management body should ensure that this person can devote sufficient time to the duties of the AMLCO.

When the FI is part of a group, the Guidelines require the designation of a group AMLCO and specify that person’s duties and responsibilities (see section 3).

These Guidelines complement requirements in other sectoral laws that relate to FIs governance and risk management systems, and suitability requirements for senior function holders, and will apply as of December 1st, 2022.

2. Appointment, role and responsibilities of the AMLCO

The main requirements of the EBA Guidelines regarding the AMLCO can be categorized in different sub-sections.

By  December 1st, 2022 at the latest, the National Bank of Belgium (NBB) and the Financial Services and Markets Authority (FSMA), each for the respective FIs under their supervision, will consider such criteria (non-exhaustive list) within the controls and inspections of FIs AML/CFT compliance.

3. Organization of the AMLCO role at group level

The Guidelines provide specific rules on the roles and responsibilities of the AMLCO when the FI is organized as a group.

Therefore, where an FI operates branches or subsidiaries domestically or in another Member State, the group must ensure that the policies and procedures of the entities are aligned with those of the group within the scope of national law. In addition, the ultimate parent entity must designate an AMLCO at the ultimate parent and group level.

The ultimate parent must also approve internal AML/CFT policies and procedures of the group and establish internal AML/CFT control mechanisms at the group level.

In this context, the group AMLCO has broad powers at the group level and cooperates fully with the AMLCO of each entity. He/she prepares a group-wide ML/TF risk assessment, sets group-wide AML/CFT standards and ensures that local entity policies and procedures comply with AML/CFT laws and regulations applicable to each group entity.

Broadly, the group-wide AMLCO performs the task of centralizing procedures and information, as well as coordinating the activities conducted by the respective AMLCO of the group's entities.

4. What impact should you expect as an FI?

FIs are required to assess whether the current function of AMLCO, including the group’s AMLCO if any, complies with the Guidelines, and to be able to demonstrate their credentials in the event of an audit or inspection.

In addition, when deciding on the appointment of the AMLCO, the FI will need to demonstrate to the competent authority that it has considered the scale and complexity of its structure and its ML/TF risk exposure.

In this context, the management body will be required to consider the following criteria when appointing the AMLCO:

• the nature of the FI’s business and the ML/TF risks associated therewith, taking into account its geographical exposure, customer base, distribution channels, and service offering
• the size of the FI’s operations in the jurisdiction, the number of its customers, the number and volume of its transactions and the number of its full-time equivalent employees
• the legal form of the FI, including whether it is part of a group.

As a consequence, when performing the assessment of the AMLCO tasks, procedures and policies in place, and reviewing their current AML/CFT framework based on the principle of proportionality, the structure of their company and their exposure to ML/TF risk, some FIs will be required to appoint a new AMLCO in the coming months, in accordance with the Guidelines requirements.

Regarding the appointment of this new AMLCO, FIs should keep in mind that the NBB – for FIs under its supervision - expects to be notified without delay of any change in that regard. This notification should include an organizational chart, the curriculum vitae of the new AMLCO and clarify if he/she performs another function which could give rise to a conflict of interest for that person.