EBA Guidelines On The Role And Responsibilities Of The AML/CFT Compliance Officer – Money Laundering – Luxembourg

On 14 June 2022, the European Banking Authority
(“EBA”) launched its tips on insurance policies and
procedures in relation to compliance administration and the function and
obligations of the anti-cash laundering and counter-terrorist
financing (“AML/CFT“) Compliance Officer
below Article 8 and Chapter VI of Directive (EU) 2015/849 (the

The Guidelines describe the function of the administration physique of a
credit score or monetary establishment (the
Entity“) each in its supervisory and
administration features within the AML/CFT framework. In its supervisory
features, the administration physique is notably chargeable for
overseeing and monitoring the AML/CFT inner governance and
inner management framework. In its administration features, the
administration physique is notably accountable for implementing the
organisational and operational construction essential to adjust to
the AML/CFT technique and make sure the implementation of inner
AML/CFT insurance policies and procedures. In relation extra particularly to
the function of the AML/CFT compliance officer, the Guidelines specify
that the necessity to appoint a separate AML/CFT compliance officer at
administration stage ought to be assessed. As a matter of precept, this
ought to be the case, except the related Entity is a sole dealer or
has a really restricted variety of staff or sure causes justify
the non-appointment (nature and dangers of the enterprise, dimension of
operations, authorized type of the establishment, and so on.).

Furthermore, the administration physique assesses the necessity for a
devoted AML/CFT unit to help the AML/CFT compliance officer in
finishing up his/her features. In reality, the administration physique has to
be certain that the AML/CFT compliance officer (i) has direct entry to
all the knowledge essential to carry out his/her duties, (ii) has
adequate human and technical sources and instruments to have the ability to
adequately carry out the duties assigned to him/her, and (iii) is properly
knowledgeable of the AML/CFT-related incidents and shortcomings
recognized by the inner management methods and by the nationwide and,
within the case of teams, international supervisory authorities. The member
of the administration physique or the senior supervisor the place designated for
AML/CFT is the primary contact level for the AML/CFT compliance
officer inside the administration. The member of the administration physique or
the senior supervisor the place designated for AML/CFT ought to be certain that
any AML/CFT considerations that the AML/CFT compliance officer has are
duly addressed. In the case of a major incident, the AML/CFT
compliance officer ought to have direct entry to the administration physique
in its supervisory operate.

As a part of the second line of protection, the AML/CFT compliance
officer have to be (i) unbiased from the enterprise strains or items
he/she controls, (ii) of fine reputation with applicable AML/CFT
expertise and experience and with adequate time and seniority and
(iii) working on an ongoing foundation as a part of total enterprise
continuity administration.

His/her function and obligations are clearly outlined and
documented: he/she is chargeable for monitoring whether or not the
measures, insurance policies, controls, and procedures applied by the
Entity adjust to AML/CFT obligations. More particularly, he/she
ought to (i) develop and preserve an ML/TF threat evaluation framework
on a enterprise-extensive and particular person foundation, (ii) be certain that satisfactory
insurance policies and procedures are put in place, saved updated and
applied successfully on an ongoing foundation, (iii) advise the
administration physique on measures to be taken to make sure compliance with
relevant legal guidelines, guidelines, laws and requirements, (iv) produce an
exercise report on at the least an annual foundation, which at the least
accommodates info set out below the Guidelines, and (vi) duly
inform workers in regards to the ML/TF dangers to which the Entity is

He/she can be consulted earlier than a closing resolution is taken by
senior administration on onboarding new excessive-threat prospects or
sustaining enterprise relationships with excessive-threat prospects. He/she
additionally performs particular duties relating to the reporting of suspicious
transactions as set forth within the Guidelines.

The AML/CFT compliance operate could also be mixed with the overall
compliance operate, however it have to be completely different from the audit
operate. An excellent cooperation to alternate of knowledge ought to take
place between the top of threat administration and the AML/CFT
compliance officer.

For an Entity that operates branches or subsidiaries
domestically, or in one other Member State or a 3rd nation, the
group ought to be certain that the insurance policies and procedures entities put
in place are aligned with the group’s procedures and insurance policies
to the extent permitted below relevant nationwide legislation. Furthermore,
the mum or dad Entity (i) appoints an AML/CFT compliance officer on the
stage of the mum or dad endeavor and on the stage of the group, (ii)
approves the group’s inner AML/CFT insurance policies and procedures
and (iii) units up inner AML/CFT management mechanisms at group

The group AML/CFT compliance officer has intensive powers at
group stage and cooperates totally with the AML/CFT officer of every
entity. Inter alia, he/she (i) coordinates the
enterprise-extensive evaluation of the ML/TF dangers carried out at native
stage by entities of the group, (ii) drafts a gaggle-extensive ML/TF threat
evaluation, (iii) defines group-stage AML/CFT requirements and ensures
that native, entity-stage insurance policies and procedures adjust to the
AML/CFT laws and laws relevant to every entity of
the group individually, (iv) coordinates the actions of the
numerous native AML/CFT compliance officers within the group’s
operational entities, (v) displays compliance of the branches and
the subsidiaries positioned in third nations with EU AML/CFT
provisions, (vi) ensures that the entities of the group have
satisfactory procedures on suspicious transaction report, and (vii)
produces an exercise report on at the least an annual foundation and
presents it to the group administration physique. The AML/CFT compliance
officer of a subsidiary or department ought to have a direct reporting
line with the group AML/CFT compliance officer.

Finally, the place operational features of the AML/CFT compliance
officer are outsourced, whether or not inside the group or with a service
supplier established within the EU or in third nation, the related
key rules supplied for within the Guidelines and the ESA
tips on outsourcing have to be complied with. For occasion, the
outsourcing should not concern strategic choices in relation to
AML/CFT as e. g. the approval of the enterprise-extensive ML/TF
threat evaluation or adoption of inner AML/CFT insurance policies and
procedures. In an intra-group outsourcing, the Entity identifies
and manages any conflicts of curiosity arising from an outsourcing
settlement and, the place the service supplier is established in a 3rd
county, further safeguard measures could also be taken. Finally, in all
instances, the last word duty for compliance with authorized and
regulatory obligations lies with the Entity.

More typically, the Guidelines have to be complemented by different
tips, corresponding to (i) EBA tips on inner governance, (ii)
joint EBA and ESMA tips on the evaluation of the suitability
of members of the administration physique and key operate holders, (iii)
ESMA tips on sure points of the MiFID II compliance
operate necessities, (iv) ESMA tips on outsourcing to cloud
service suppliers and (v) EIOPA tips on outsourcing to cloud
service suppliers.

The Guidelines will apply from 1 December 2022.

The content material of this text is meant to offer a basic
information to the subject material. Specialist recommendation ought to be sought
about your particular circumstances.

Leave a Reply

Your email address will not be published.