EBA Guidance on the Role of AML Officers

On 29 July 2021 the European Banking Authority (EBA) launched a public consultation on its newly proposed guidelines for the role, tasks and responsibilities of AML/CTF compliance officers.

In its official Consultation Paper, the EBA recognises how specific requirements set out in Directive (EU) 2015/849 – aka AMLD4 – have been implemented unevenly across different sectors and EU Member States. As the status quo can have adverse consequences for the integrity of the financial system, the EBA is now proposing a set of guidelines to address the entire AML/CFT governance set-up at a systemic level.

Stakeholders involved and their responsibilities

The proposed guidelines include very detailed requirements for the following stakeholders within the regulated firm:

• The management body, wherever applicable
• The senior manager responsible for AML/CFT (the document also specifies how to identify the right candidate for this role where no management body is in place)
• Separate AML/CFT compliance officers

Key responsibilities of the management body or of the senior manager responsible for AML/CFT include:

1. Approval of the AML/CFT policies, controls and procedures for the organisation;
2. Overseeing of the AML/CFT policy and procedure implementation;
3. Review – at least once a year – of the activity report by the AML/CFT compliance officer;
4. Request for frequent interim updates for activities that expose financial sector operators to higher ML/TF risks;
5. Assessment – at least once a year – of the effective functioning of the AML/CFT compliance function, focusing in particular on the adequacy of the human and technical resources allocated to the compliance officer;
6. Timely and direct access to relevant reports such as the activity report of the AML/CFT officer, the report of the internal audit function, the findings and observations of external auditors, as well as the findings of the competent authority, relevant communications with the FIU and supervisory measures or sanctions imposed.

Among the tasks assigned to the compliance officer there are:

1. The development of a risk assessment framework;
2. The preparation of specific policies and procedures to be applied across the organisation;
3. The establishment of risk-based rules on how to deal with different types of customers, including high-risk customers;
4. The planning and implementation of strategies to monitor compliance across the organisation;
5. Various reporting activities to the management body;
6. The implementation of training and awareness-raising campaigns of AML/CFT risks to be disseminated across the organisation.

Finally, where a financial services operator is part of a group, the organisation should appoint an overall AML/CFT compliance officer in the parent company to ensure the effective implementation of group-wide AML/CFT policies and procedures.

Next steps

The draft guidelines are now published for a three-month public consultation, ending on 2 November 2021. You can access the full consultation paper and learn how to submit your contributions at this link. After assessing all consultation responses, the EBA will finalise its new requirements, to be applied to all financial sector operators that are within the scope of the EU’s AML Directive.

It is the first time that the EBA has proposed requirements for the role of compliance professionals at the EU-level. Such attention and recognition demonstrate how the responsibility and influence of compliance experts has increased drastically within financial institutions, in line with the rise of more stringent AML regulations and the increase of personal liability for senior management in the case of non-compliance.