New EBA Guidelines regarding AML Officer
The European Banking Authority (EBA) published Guidelines on policies and procedures for compliance management and the role and responsibilities of the Anti-Money Laundering Officer (AML Officer) on 14th June 2022.
These will come into force on 1st December 2022 and apply to all financial sector entities falling within the scope of the Anti-Money Laundering Directive (AMLD). In this post, we have summarized the main changes for the AML officers and the responsible management bodies based on the Guidelines.
Criteria for the appointment of an AML officer
First, the EBA Guidelines clarify that the appointment of an AML officer depends on the scale and complexity of the business activity and the identified money laundering and terrorist financing risks. Where the money laundering risk is low, it should be possible for obliged credit and financial institutions not to appoint an AML officer and to delegate the relevant duties to one member of the management body.
If an AML officer is appointed, the governing body should determine whether this function will be performed on a full-time basis or whether the task can be performed by an employee on a part-time basis in addition to his or her existing functions. In any case, when appointing an employee, the governing body should ensure that potential conflicts of interest are avoided. Alternatively, it is possible to outsource the tasks to a third party.
If the management body decides not to appoint an AML officer, the reasons for the decision should be documented. In addition to the type of business activity, the relevant risk factors (country risk, customer risk, sales channels, products and services), the number of customers, the transaction volume and the number of employees should also be taken into account.
Requirements for the AML officer
According to the EBA Guidelines, the AML officer has a management function. This means that he can propose to the governing body, on his own initiative, any necessary or appropriate measures to ensure compliance with and effectiveness of internal anti-money laundering and counter-terrorist financing measures. He should normally work in the country of establishment of the obliged entity. If ML/TF risk and national law permits, the AML officer may also be based in another country.
Furthermore, the EBA Guidelines clarify that the roles of the AML officer and the general compliance function can be performed jointly.
The other requirements are in line with previous supervisory practice. This is hardly surprising, as the requirements are based on the 4th Money Laundering Directive (AMLD4), which was published back in 2015. For example, the AML officer must
- be of good repute, probity and integrity,
- have appropriate skills and expertise,
- understand the business model of the credit or financial institution and the risks involved,
- have relevant experience in relation to GW/TF, and
- have sufficient time and rank to perform his/her duties effectively.
Responsibilities of the AML Officer
The role and responsibilities of the AML Officer shall be clearly defined and documented. The AML Officer shall be primarily responsible for the following tasks:
- Developing enterprise and customer level risk assessment framework.
- Developing AML/CFT policies and procedures, updating and ensuring their effective and continuous implementation.
- Advise senior management prior to making a decision to add new high risk customers or maintain high risk business relationships. If management does not comply with the AML officer's decision, it should document its decision and define risk mitigation measures.
- Monitor the institution's compliance and effective application of controls and recommend corrective actions (2nd line of defense).
- Reporting to the governing body on risks, resources, policies and procedures. EBA guidelines provide minimum information to be included in the activity report.
- Reporting suspicious transactions to the Financial Intelligence Unit (FIU).
- Conduct training and awareness raising activities.
Requirements for the competent management body
For the purposes of preventing money laundering and terrorist financing, the EBA Guidelines distinguish between the management body in its supervisory function and the management body in its governance function. The management body in its supervisory function is responsible for overseeing and monitoring the implementation of internal policies and procedures. In addition, the AML compliance function shall be assessed at least annually.
The management body in its governance function, on the other hand, is responsible for implementing the policies (including ensuring sufficient human and technical resources), reviewing the AML officer's annual activity report and reporting to the competent authorities.
The EBA guidelines will apply from 1st December 2022 and bring some new requirements for the AML officer and the management body of credit and financial institutions. It is worth addressing the topic, as the supervisory authorities will certainly take the new requirements into account in their audit activities.
How can we help you?
With our comprehensive know-how in the area of prevention of money laundering and terrorist financing, we can provide you with competent support in adapting your process descriptions, strategies and controls to the new requirements. We look forward to receiving your inquiry.
Contact persons: Mag. Sanijel Ficulovic and Dr. Bernd Fletzberger