EU guidance seeks to clarify role of AML/CFT compliance officers

The guidelines, published July 29, comprehensively address, for the first time at the EU level, the wider AML/CFT governance setup, the EBA stated. Once adopted, the guidelines would apply to all financial sector operators within the scope of the EU’s AML Directive.

Key provisions of the guidelines as they apply to AML/CFT compliance officers are summarized below.

Appointment: Considering the scale and complexity of the financial institution’s operations and its ML/TF risks, management should determine whether to appoint a full-time AML/CFT compliance officer or whether the role can be carried out by an employee or officer with other additional duties or functions. If the latter is the case, management should “document the reasons for its decision and justify it,” the guidance states. Care should be taken to avoid, or at least to manage, any potential conflicts of interest.

Where a financial services operator is part of a group, the guidance states “a group AML/CFT compliance officer in the parent company should be appointed to ensure the establishment and implementation of effective groupwide AML/CFT policies and procedures and to ensure that any shortcomings in the AML/CFT framework affecting the entire group or a large part of the group are addressed effectively.”

Location: Because the regime for reporting suspicious transactions is organized at the domestic level, “the AML/CFT compliance officer should normally be located in the country of establishment of the financial sector operator,” the guidance states.

Suitability, skills, and expertise: AML/CFT compliance officers should have “reputation, honesty, and integrity”; knowledge of the applicable legal and regulatory AML/CFT framework and implementation of related policies, controls, and procedures; and knowledge and understanding of the ML/TF risks associated with relevant experience regarding the identification, assessment, and management of such risks.

Roles and responsibilities: At a high level, AML/CFT compliance officers should develop and maintain an ML/TF risk assessment framework and report the results to management; ensure policies and procedures are put in place, maintained, and implemented effectively; and prepare policies and procedures to comply with customer due diligence requirements. This should all be “clearly defined and recorded,” according to the guidance.

Other responsibilities of the AML/CFT compliance officer should include:

• Carrying out sample testing;
• Monitoring the AML/CFT framework is assessed periodically and updated where necessary;
• Reporting suspicious transactions; and
• Training and educating staff about ML/TF risks.

Officers and employees acting under the direction of the AML/CFT compliance officer can be assigned certain tasks, “under the condition that ultimate responsibility for the effective fulfilment of those tasks remains with the AML/CFT compliance officer,” the guidance states. The EBA goes into more detail about the specific conditions that must be satisfied to ensure the independence of the AML/CFT compliance officer.

Seniority and authority: The AML/CFT compliance officer must have a “sufficient level of seniority,” including powers to propose “all necessary or appropriate measures to ensure the compliance and effectiveness of the internal AML/CFT measures to the management body in its supervisory and management function,” the guidance states. Processes should be put in place “to ensure that the AML/CFT compliance officer has, at all times, unrestricted and direct access to all information necessary to perform the function,” as determined by the AML/CFT compliance officer.

Additionally, the AML/CFT compliance officer should have an independent reporting line to management.

The deadline to submit comments on the draft guidelines is Nov. 2.