ALM regulatory


EBA issues draft guidelines on the role of AML and CFT compliance officers

On July 2021, the EBA (The European Banking Authority) issued a consultation paper on draft Guidelines on policies and procedures in relation to compliance management and the roles and responsibilities of the AML and CFT Compliance Officer. The draft Guidelines are intended as one step towards ensuring that the EU Directive on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing ((EU) 2015/849) is applied more consistently and effectively across member states and sectors.


The purpose of the new draft

The Background and Rationale for the Draft Guidelines note that some financial institutions do not place adequate priority on AML and CFT obligations and have inadequate controls around the topic. Furthermore, in some cases, national supervisory authorities have not been interacting with financial institution senior management on AML and CFT issues, due to the AML and CFT compliance officer in these institutions being placed too low in the organization for adequate impact. In response to these issues, the draft Guidelines issued by the EBA seek to set expectations regarding the role and responsibilities of a financial sector operator’s management body or senior manager in relation to AML, CFT and the roles and responsibilities of the AML and CFT compliance officer.  

Importantly, though the draft Guidelines are intended to be proportional and to speak to all financial sector operators, there is specific attention paid to multi-national financial institutions organized in a group structure. The EBA notes that several AML and CFT failures in multinational companies have resulted from inadequate management information and lack of reporting lines between local offices and the management body of the group as a whole. The draft Guidelines note the need for effective mitigation of ML and TF risks at both entity level and group level. Specifically, an AML or CFT compliance officer should be appointed in the parent company to ensure the establishment and implementation of effective group-wide AML and CFT policies and procedures.  


New requirements for AML and CFT compliance officers

The remaining portions of the draft Guidelines are dedicated to setting out specific tasks and responsibilities of the financial sector operator, the member of management responsible for AML and CFT, and the AML or CFT compliance officer, with the overall theme of the draft Guidelines being that financial sector operators must assign responsibility for compliance to persons with adequate knowledge, experience, and influence in the company to be effective.  
For companies with a management body that oversees and monitors management decision-making, that body should approve AML and CFT policies, and must possess adequate knowledge, skills and experience to understand the ML and TF risks related to the financial sector operator’s activities and business model, including the knowledge of the national legal and regulatory framework. Where no management body is in place, the financial sector operator should appoint a senior manager responsible for implementation of the AML and CFT laws, regulations, and administrative provisions.  

There must be a member of the management body or a senior manager who is principally responsible for AML and CFT, and this person should ensure that the management body, where it exists, is aware of the organizations ML and TF risks and obligations, and advises the financial sector operator on meeting those obligations and maintaining an effective set of AML and CFT controls, including advising the management body on the need to appoint a separate AML and CFT compliance officer. This responsible member of the management body or senior manager should be the main point of contact for the AML and CFT compliance officer and should make sure that concerns of the compliance officer are duly considered by the management body.  

Where an AML and CFT officer is appointed, this person should have the necessary knowledge and understanding of local AML and CFT laws and regulations and have access to all required internal documents and systems for performing its tasks and meeting requests from the local FIU. The compliance officer should maintain a risk assessment framework and report the results of the ML and TF risk assessment to management, prepare and maintain adequate policies and procedures, monitor compliance, and ensure that staff of the financial sector operator is sufficiently trained to manage ML and TF risks effectively.  

The draft guidelines are currently under development. 

Oliko tieto hyödyllistä?