Category: Regulations

How to Comply with AML Regulations in the Netherlands

The Netherlands has the 17th largest economy in the world by GDP and attracts an array of international businesses, including a growing number of innovative fintech service providers. As a global financial hub, the Netherlands has also become a target for money launderers and other financial criminals, who seek to exploit the country’s financial system. To meet that threat, the Netherlands’ government implements a robust anti-money laundering (AML) and counter-financing of terrorism (CFT) framework, with significant penalties for firms that fail to comply. Dutch authorities emphasise their focus on regulatory compliance: in 2021, for example, Dutch Bank ABN Amro reached a €480m settlement with prosecutors after an investigation uncovered significant AML compliance failings.

AML regulations in the Netherlands represent an ongoing challenge. To ensure your company avoids penalties, it is important to understand the Netherlands’ AML/CFT infrastructure, and what it takes to achieve compliance. 

What is the AFM?

The Netherlands’ primary financial regulator is the Authority for the Financial Markets, known as the Autoriteit Financiële Markten (AFM). Established in 2002 as a replacement for the Netherlands’ Securities Board, the AFM is an independent administrative authority that operates under the control of the Dutch Minister of Finance.

The AFM is responsible for supervising Dutch financial entities to ensure their compliance with AML regulations in the Netherlands. In that capacity, the AFM oversees the entire financial sector and its products and services, including “savings, investment, insurance, loans, pensions, capital markets, asset management, accountancy and financial reporting”. In order to achieve its supervisory objectives, the AFM has the authority to conduct inspections of Dutch financial institutions and, where necessary, enforce regulations by issuing warnings, filing reports with law enforcement agencies, and imposing fines and penalty payments. 

The AFM shares its responsibilities with the Dutch central bank: De Nederlandsche Bank (DNB). The two entities work closely together, often sharing information. While the AFM focuses on supervising businesses in the Netherlands, and “promoting fair and transparent financial markets”, the DNB focuses on providing prudential supervision. 

In conjunction with the DNB, the AFM is also responsible for issuing licences to all financial institutions that operate in the Netherlands. Firms in the Netherlands that wish to obtain a licence must meet a set of qualification criteria and complete the relevant application process. 

Key AML Regulations in the Netherlands 

The Netherlands’ main article of AML regulation is the Anti-Money Laundering and Anti-Terrorist Financing Act, known as Wet ter voorkoming van witwassen en financieren van terrorisme – Wwft. The Act requires financial institutions in the Netherlands to take a risk-based approach to AML – as mandated by the Financial Action Task Force (FATF) which means they must perform risk assessments of individual customers and implement a range of compliance measures, including:

• Identity verification: Firms in the Netherlands must establish and verify the identities of their customers as part of the customer due diligence process (CDD) in order to conduct an effective risk assessment. The identity verification process requires the collection of information such as names, addresses, dates of birth, and official company documentation. 
• Beneficial ownership verification: The CDD process should extend to the beneficial ownership of customer entities. Beneficial ownership checks are required to ensure that customers are not using corporate infrastructure or shell companies to conceal financial crimes. 
• Transaction screening: Firms in the Netherlands should screen customer transactions against the relevant risk data sources, including beneficial ownership registries, politically exposed person (PEP) lists, and sanctions lists. 
• Adverse media: Firms in the Netherlands should screen customers against global adverse media sources which may reveal changes in risk profile before that information is confirmed by official sources. Depending on risk exposure, it may be necessary to implement adverse media screening on a global scale, with name searches conducted in a range of foreign languages. 

Anti-Money Laundering Directives: As a member of the EU, the Netherlands must implement the anti-money laundering directives (AMLD). The AMLD are released periodically by the European Parliament and include a range of updated AML/CFT measures that member states must transpose into domestic legislation. The latest directive, the Sixth Anti-Money Laundering Directive (6AMLD), came into effect in June 2021, introducing the following AML/CFT measures: 

• A harmonised list of 22 predicate offences for money laundering, including the 2 new offences of environmental crime and cyber-crime. 
• An expansion of the criminal scope of money laundering. Under 6AMLD, aiding and abetting money laundering now also falls under the definition of the offence of money laundering. 
• An extension of criminal liability for money laundering to legal persons. In practice, this means that companies (including management and senior executives) may be held liable for money laundering offences committed by individual employees. 
• An increase in the criminal penalty for money laundering. Under the new rules, money laundering offences must carry a minimum prison term of 4 years. 
• New ‘dual criminality’ rules to facilitate the joint prosecution of money laundering offences in different countries. 

Recent AML Developments in the Netherlands

The AFM and the DNB keep firms in the Netherlands up to date with the latest AML/CFT regulatory developments. Key recent updates include: 

• Enforcement actions: The AFM publicises enforcement actions and the monetary penalties that it imposes for compliance failures. In June 2022, the AFM imposed compliance penalties on Revo Capital Management amounting to over €150,000 for infringements of the Wwft. 
• Ukraine sanctions: Following Russia’s invasion of Ukraine in February 2022, the DNB published guidance for firms in the Netherlands regarding new sanctions against Russia and Russian individuals. 
• Fintech: The AFM and the DNB publish guidance and recommendations regarding the regulations of fintech products and services, including cryptocurrencies and cryptocurrency service providers. In 2019, for example, both regulators called for the introduction of an international regulatory framework for cryptocurrencies, and for a national licensing regime for cryptocurrency exchanges. In June 2022, the EU announced it had reached an agreement on a Europe-wide crypto regulation framework, known as Markets in Crypto Assets (MiCA). 

Next Generation Risk Management in the Netherlands 

Ripjar’s Labyrinth Screening platform can help firms in the Netherlands reduce their compliance burden and streamline their screening processes. Labyrinth Screening enables firms to search thousands of risk data sources, including foreign news sources, in real time, in 21 languages. Incorporating next generation name matching technology, Labyrinth Screening enables you to react to changes in legislation or emerging criminal methodologies quickly and efficiently and be informed as soon as your customers’ risk profiles change. 

Contact us to discuss how Ripjar can support your AML compliance in the Netherlands 

AML Regulations in France & How to Comply

One of the wealthiest countries in Europe and the world, France has an economy that attracts diverse business interests, including international banks and fintechs. Unfortunately, the prominence of its economy also makes France a target for criminals, who seek to launder money, finance terrorist activities, and commit financial crimes. 

In response to that criminal threat, the French government imposes a range of strict anti-money laundering (AML) and counter-financing of terrorism (CFT) regulations on its financial institutions. In order to avoid compliance penalties and contribute to the fight against financial crime, firms operating in France should understand how to meet those compliance obligations efficiently. 

Who are France’s Financial Regulators?

France has established a number of financial supervisory authorities. These include:

Autorité des Marchés Financiers

The Autorité des Marchés Financiers (AMF) is France’s main financial supervisory authority and is responsible for regulating the country’s “financial marketplace, its participants, and the investment products distributed via its markets”. The AMF has the authority to “monitor and where necessary, inspect, investigate and enforce” in order to ensure that firms within French jurisdiction operate in compliance with financial regulations. The AMF also participates in the development of AML/CFT regulations in Europe, and plays a role in the European Securities and Markets Authority (ESMA). 

Autorité de Contrôle Prudentiel et de Résolution

An independent administrative authority, the Autorité de Contrôle Prudentiel et de Résolution (ACPR) is responsible for regulating France’s banking and insurance businesses under the direct authority of the Banque de France. Like the AMF, the ACPR focuses on protecting France’s financial stability by monitoring compliance with AML/CFT regulations, maintaining a dialogue with financial sector organisations, and representing France in global financial organisations. 

Traitement du renseignement et action contre les circuits financiers clandestins

The Traitement du renseignement et action contre les circuits financiers clandestins (TRACFIN) operates under the authority of the French Ministry of Finance. Its mission is to maintain the health of the French economy by fighting against financial crime, money laundering and the financing of terorism. Under that remit, TRACFIN is responsible for the analysis and investigation of suspicious activity reports submitted by French financial institutions. 

Financial Action Task Force

As a member of the Financial Action Task Force (FATF), the French government transposes FATF guidance into domestic legislation, to be enforced by financial authorities such as the AMF. Accordingly, firms in France must take certain fundamental regulatory steps to achieve regulatory compliance, including developing an AML/CFT solution, taking a risk-based approach to AML/CFT, and appointing a money laundering officer responsible for overseeing internal compliance processes and communicating with financial authorities. 

What are France’s Key AML/CFT Regulations?

French AML/CFT compliance involves the following key regulations and controls: 

French Law: The French Monetary and Financial Code and the French Criminal Code criminalise money laundering and terrorism financing in France. 

The AMF General Regulation: The General Regulation sets out the AML/CFT compliance rules that all French institutions must follow. The AMF regularly updates the general regulation to incorporate changes to French and European law. 

AMF Recommendations: The AMF periodically releases specific guidance on aspects of AML/CFT laws. Recent AMF recommendations include: 

• AMF Doc-2019-15: Guidance on implementing a risk-based approach to AML/CFT. 
• AMF Doc-2019-16: Guidance on establishing beneficial ownership. 
• AML Doc-2019-17: Guidance on screening for politically exposed persons (PEP). 
• AML Doc-2019-18: Guidance on the reporting of suspicious activity to TRACFIN. 

The Sixth Anti-Money Laundering Directive: As an EU member-state, France must implement the anti-money laundering directives (AMLD) which are updated regularly to ensure regulatory parity across the continent. The latest directive is the Sixth Anti-Money Laundering Directive (6AMLD) which came into effect on 3 June 2021 and introduced the following key regulatory changes: 

• A harmonised list of 22 money laundering predicate offences, including the two new predicate offences of environmental crime and cyber-crime. 
• An expansion of the definition of money laundering to include aiding and abetting. 
• An extension of criminal liability for money laundering to include legal persons such as companies – effectively ensuring management employees share responsibility for the criminal actions of individual employees. 
• Increased punishments for money laundering, including a minimum prison sentence of four years. 
• The introduction of information sharing requirements between different EU jurisdictions to better facilitate criminal convictions. 

How to Comply with French AML Regulations

AML compliance should be a significant priority for firms in France. Under the risk-based approach, firms must conduct risk assessments of individual customers and implement automated software systems capable of managing the data collection requirements of French AML regulations. In practice, an effective AML/CFT solution in France involves:

• Customer identification: Firms should conduct suitable customer due diligence (CDD) to identify their customers and build accurate risk profiles. 
• Beneficial ownership: Firms should conduct beneficial ownership checks to ensure that customers are not using corporate structures or shell companies to disguise money laundering.
• Transaction screening: Firms should screen customer transactions against relevant lists and registers – including politically exposed persons (PEP) lists, beneficial ownership registers, and international sanctions lists, such as the EU’s consolidated list. 
• Adverse media screening: Changes in customer risk profiles may be reported in media sources before they are confirmed by official sources. With that in mind, firms in France should implement an adverse media screening solution to capture stories from around the world that involve their customers. 

Recent AML/CFT Developments in France

The AMF publishes the latest updates to French AML/CFT regulation on its news page. Key recent developments include: 

• MiCA: In July 2022, the AMF publicised the provisional agreement on the EU’s new crypto regulatory framework, known as Markets in Crypto Assets (MiCA). The framework will regulate crypto-assets and stablecoins across the bloc, along with new compliance requirements for cryptocurrency exchanges. The framework will replace France’s existing PACTE law. 
• ESG data: In June 2022, the AMF reiterated its call for a Europe-wide regulatory framework for environmental social and governance (ESG) data. The call reflects the increasing significance of ESG data in financial risk management. The AMF suggested that a centralised EU ESG data resource would guarantee “harmonised supervision”. 
• Ukraine sanctions: Following Russia’s unprovoked invasion of Ukraine, the AMF publicised guidance for French firms regarding the enforcement of sanctions against Russia and against Russian individuals. In April 2022, the AMF issued guidance on new economic sanctions against Russia which directly affected French asset management companies.  

Next Generation Compliance

Our Labyrinth Screening platform enables firms in France and around the world to enhance their AML/CFT compliance performance. Labyrinth Screening incorporates next generation machine learning technology to match customer names across thousands of global data sources, including PEP lists, sanctions lists and adverse media sources, in 21 languages. Use our cutting-edge risk management technology to adapt to new regulations and emerging risks in a challenging global landscape. 

Contact us to discuss how Ripjar can support your AML compliance in France

AML Compliance in Austria: An Overview

One of the wealthiest countries in Europe and the world, Austria is a business destination for hundreds of multinational organisations including banks and fintechs. While Austria’s economic status attracts international investment, it also creates a range of criminal challenges, including money laundering and the financing of terrorism.

To address those threats and protect its financial system, the Austrian government has implemented a range of strict anti-money laundering (AML) and counter-financing of terrorism (CFT) regulations. As a member of the European Union, Austria’s AML/CFT landscape is aligned with the rest of the bloc – which means that it also implements the EU’s Anti-Money Laundering Directives. 

In order to comply with Austrian AML/CFT regulations, companies in Austria must understand their regulatory obligations, and their relationship with regulatory authorities. 

What is the FMA?

The Financial Market Authority (FMA) is Austria’s financial supervisory authority. Established in 2002, the FMA provides supervision for all financial service providers in Austria, including banks, insurance companies, pension companies and investment firms. The FMA works to ensure that Austrian companies comply with the country’s financial regulations and implement suitable internal measures and controls to detect and prevent money laundring and terrorism financing. 

As an ‘integrated’ authority, the FMA handles all regulatory procedures ‘under one roof’ – from issuing licences to obligated entities and conducting ongoing supervision, to working with law enforcement authorities in AML/CFT investigations. 

The FMA also works with its international counterparts, particularly those across the EU, to serve the interest of Austria, and to contribute to the global fight against money laundering. 

What are Austria’s Key AML Regulations?

Austria’s EU membership requires it to implement the money laundering regulations set out in the Anti-Money Laundering Directives (AMLD) in its domestic AML/CFT legislation. Austria is also a member of the Financial Action Task Force (FATF) which imposes a number of fundamental AML/CFT requirements, including the need to treat money laundering as a crime, to establish a national AML/CFT supervisory authority, and for firms to take a risk-based approach to AML/CFT. 

WIth those requirements in mind, Austria has criminalised money laundering under its criminal code and has implemented the following key AML/CFT regulations: 

• The Financial Markets AML Act: The AML Act is intended to prevent the misuse of Austria’s financial system for money laundering and terrorism financing – and was introduced in 2017 following the EU’s Fourth AMLD. The Act requires companies in Austria to put suitable risk-based AML/CFT measures and controls in place and to report suspicious activity to the FMA. 

• The Beneficial Owners Register Act: In response to the Fifth AMLD requirement that member states create publicly available beneficial ownership registers, Austria passed the Beneficial Owners Register Act.

The FMA has issued a range of supplementary AML/CFT regulations in order to address money laundering and terrorism financing threats, including: 

• Regulation on Savings Associations (SpVV)
• School Savings Schemes Due Diligence Regulation (Schulspar-SoV)
• Online Identification Regulation (Online-IDV)
• Regulation on Due Diligence for Fiduciary Accounts (AndKo-SoV)
• Corporate Provision Funds Risk Analysis and Due Diligence Regulation (BVK-RiSoV)
• Life Insurance Due Diligence Regulation (LV-SoV)

How to Ensure Your AML Compliance in Austria

Following FATF Guidance, the FMA requires firms in Austria to put a risk-based AML/CFT solution in place to detect and address criminal threats. The risk-based approach requires firms to conduct risk assessments on individual customers in order to build an accurate risk profile and identify higher risk customers that warrant more intensive AML/CFT scrutiny. With those considerations in mind, AML compliance in Austria should entail the following processes: 

• Identity verification: Firms should establish and verify the identities of their customers by collecting suitable customer due diligence information such as names, addresses, dates of birth, and relevant company information. Beneficial ownership should also be established. 
• Transaction screening: Firms should screen customer transactions for signs of suspicious activity that may be indicative of money laundering. 
• Sanctions screening: Firms must ensure that they are not doing business with the targets of international sanctions. Accordingly, they should screen customers against relevant international sanctions lists, including the EU consolidated list. 
• PEP screening: Politically exposed persons (PEP) such as elected officials, government employees, or members of the military pose a higher risk of money laundering. Firms should screen their customers against PEP lists at onboarding and throughout the business relationship.  
• Adverse media: Many news outlets report on AML/CFT risks factors, such as sanctions risk or involvement in organised crime, before that information is confirmed by official sources. With that in mind, firms should implement an adverse media screening solution in order to capture news stories from around the world that involve their customers. Adverse media screening software should be able to search across foreign language news sources and take into account the relevance and quality of those sources. 

Recent AML/CFT Developments in Austria

While 6AMLD is now in effect, the EU recently announced an overhaul of its AML/CFT framework. The update will introduce ‘an ambitious package of legislative proposals’ and serve as an update to 6AMLD. As an EU member, Austria must implement the regulatory requirements of the updated 6AMLD, which include: 

• The introduction of cross-border asset registers. 
• A proposal for an Financial Intelligence Unit (FIU) joint analysis framework to aid cross-border AML investigations across the EU. 
• New guidance on the type of information that should be held in beneficial ownership registers.
• The establishment of a public body with a duty of oversight over self-regulatory bodies.
• The introduction of National Risk Assessments (NRA) to be conducted every four years.
• New whistleblower protections including strengthened data privacy rules.

Next Generation AML Technology

Ripjar’s Labyrinth Screening solution has been designed to enhance the risk management process and make AML/CFT compliance in Austria faster and simpler. Harness next generation name-matching software to screen customers in real time, drawing data from global sanctions, watch lists and adverse media sources across 21 languages. Use AI-enabled AML technology to inform risk decisions and ensure your business stays ahead of its obligations in a changing regulatory landscape. 

Contact us to discuss how Ripjar can support your AML compliance in Austria. 

AML Regulations in the USA

As the largest and most influential economy in the world, the United States addresses financial criminal threats by enforcing strict anti-money laundering (AML) and counter-financing of terrorism (CFT) regulations. Research suggests that up to $300 billion is laundered in the US annually, with AML compliance costing US firms up to $25.3 billion per year. 

Given the criminal threat, the US AML/CFT regulations involve a range of important reporting and record-keeping obligations which are based on standards set out by the Financial Action Task Force (FATF). Violations of AML regulations in the US are serious crimes and may result in financial penalties and even prison sentences for implicated individuals. If you do business in the US, it’s important that you develop a strong understanding of the relevant AML/CFT laws, become familiar with US financial regulators, and ensure that your business is able to meet its regulatory obligations on an ongoing basis.  

Who are the USA Financial Regulators?

The Financial Crimes Enforcement Network

The USA’s principal financial regulator is the Financial Crimes Enforcement Network (FinCEN) which operates under the authority of the Department of the Treasury and serves as the USA’s Financial Intelligence Unit (FIU). FinCEN’s stated mission is to ‘safeguard the financial system from illicit use and combat money laundering and promote national security through the collection, analysis, and dissemination of financial intelligence and strategic use of financial authorities’.

FinCEN provides oversight for all banks and financial institutions in the US as part of the global fight against money laundering and the financing of terrorism. Its responsibilities involve the collection of transaction data from US firms and the distribution of that data for law enforcement purposes. Where necessary, FinCEN partners with law enforcement agencies at the state and federal levels, to aid criminal investigations. FinCEN also cooperates with its international counterparts in order to help fight global financial crime. 

The Office of Financial Assets Control

The Office of Financial Assets Control (OFAC) oversees the US sanctions programmes, ensuring that US firms comply with the trade prohibitions on targets set out in the relevant sanctions lists. The US maintains a number of sanctions lists, but its principal list is the Specially Designated Nationals (SDN) and Blocked Persons List. The SDN list includes the names of persons designated for economic sanctions on one of the US global sanctions programmes. 

What are the Key US AML Regulations?

The Bank Secrecy Act

The primary article of AML legislation in the US is the Bank Secrecy Act (BSA). Introduced in 1970, the BSA imposes reporting and record-keeping obligations on US banks and financial institutions in order to prevent criminals using their products and services to launder money. Under the BSA, institutions must implement internal AML controls including monitoring their customers and transactions for suspicious activity, and reporting suspicious activity to FinCEN. 

The Patriot Act

In 2001, following the September 11 terror attacks, the US passed the USA Patriot Act as an amendment to the BSA. The Patriot Act introduced new powers for US law enforcement agencies when investigating suspected terrorism financing. In particular, the Patriot Act imposes a range of customer due diligence (CDD) and screening responsibilities on US companies, and focuses on international transactions and business relationships. The Patriot Act imposes criminal and financial penalties for persons found to be in violation of CFT compliance rules. 

AMLA 2020

In 2021, the US introduced the Anti-Money Laundering Act (AMLA) 2020. The Act was held up as the most significant reform to US AML/CFT legislation since the implementation of the Patriot Act, and a means to manage the threats posed by new technologies and criminal methodologies. Amongst the regulatory measures introduced by AMLA were new beneficial ownership rules to prevent the misuse of shell companies, increased money laundering penalties, new whistleblower protections, and expanded international information sharing rules. 

US AML Compliance

As an FATF member state, the US requires firms to take a risk-based approach to AML/CFT. This means that they must assess their customers at onboarding to establish the level of compliance risk they present, and then deploy AML/CFT measures in proportion to that risk. In practice this means that firms may subject higher risk customers to more intense monitoring and screening measures. 

With that in mind, an effective US AML compliance programme should feature: 

• Customer identification: Firms in the US must establish and verify the identities of their customers in order to conduct an effective risk assessment. The customer due diligence process should involve the collection of names, addresses, dates of birth, and beneficial ownership information. 
• Transaction screening: US firms must screen their customers’ transactions for signs of suspicious activity, including unusual transaction patterns, transactions with high risk customers and jurisdictions, or transactions involving sanctions targets. 
• Politically exposed persons: Government officials represent an elevated risk of money laundering. With that in mind, US firms should screen customers against politically exposed persons (PEP) lists to determine the level of compliance risk they present. 
• Sanctions screening: US firms must screen their customers against the relevant sanctions lists, including the SDN list, and the UNSC sanctions list. 

Enhanced due diligence

Under the risk-based approach to AML/CFT, the US requires firms to subject higher risk customers to enhanced due diligence (EDD) measures. The EDD process should include a greater degree of AML/CFT scrutiny, stronger identity verification measures, and checks into the source of customer funds and wealth. Enhanced due diligence measures might also include PEP screening and sanctions screening. 

Adverse media checks

Criminal activity and other compliance related risks may be reported in news media before they are confirmed by official sources. Accordingly, the enhanced due diligence process may also include adverse media checks, which require firms to search a range of news sources for customer involvement in negative stories. 

In the US, adverse media screening may involve searching non-English news sources, which means that firms must implement suitable screening technology to match customer names in foriegn languages. Adverse media screening technology is essential to the US AML compliance process: with that in mind, Ripjar’s next generation risk screening solution enables your firm to capture breaking news stories from across the world in real time, reduce false positive hits, and ensure that your compliance team is informed as soon as a customer’s risk profile changes. 

Contact us to discuss how Ripjar can support your AML compliance in the USA 

New EBA Guidelines on the Role of the AML/CFT Compliance Officer

Following its supranational risk assessment (SNRA) in 2019, the EU reported that a number of member states were not implementing Anti-Money Laundering Directive 2015/849 evenly or effectively, and identified specific failures in the appointment of AML/CFT compliance officers. 

After further analysis of the risk assessment’s findings, the EU requested that the European Banking Authority (EBA) develop guidance that ‘clarifies the role of AML/CFT officers in credit and financial institutions’. 

Under the text of the Directive, the EU requires ‘the appointment of a compliance officer ‘at management level’ as part of a firm’s internal AML policies, controls, and procedures. The directive defines the compliance officer as as a ‘senior management’ employee with ‘sufficient knowledge of the institution’s money laundering and terrorist financing risk exposure and sufficient seniority to take decisions affecting its risk exposure’. The directive does not go into any further detail regarding the day-to-day duties of the AML/CFT compliance officer, nor does it define the officer’s wider responsibilities or their relationship with financial authorities. 

To address the potential lack of regulatory clarity, the EBA published its AML/CFT compliance officer guidance in 2022. 

What is an AML/CFT Compliance Officer?

An anti-money laundering/counter-financing of terrorism (AML/CFT) compliance officer is the individual responsible for the implementation of their firm’s AML/CFT compliance programme. In the EU, that means they must ensure their firm is operating in alignment with the rules and regulations set out in the Anti-Money Laundering Directives (AMLD), monitoring and reporting suspicious activities to the appropriate financial intelligence unit (FIU), and ensuring that their organisation is not allowing criminals to misuse their products and services.

The complexity of the EU’s AML/CFT compliance landscape means that the AML Compliance Officer role can be challenging: with the release of the EBA guidance, firms that operate within the EU and the EEA should ensure they understand what the compliance officer does, and how they fit within their firm’s infrastructure.

AML Compliance Officer Role and Responsibilities 

Referencing Directive 2015/849, the EBA stressed that its guidelines on the role and responsibilities of the AML/CFT compliance officer should be interpreted proportionally by individual institutions, taking into account factors such as company size, industry, and complexity. 

The directive frames the ‘management body’ and ‘senior managers’ as important components of their firm’s AML/CFT infrastructure, stating that entities must ‘obtain approval from their senior management’ for the AML policies, controls and procedures that they implement, and that senior management employees must ‘monitor and enhance’ those measures. However, the directive does not set out in detail the management body’s relationship with its AML/CFT compliance officer – who must be appointed as part of those policies, controls, and procedures. 

With that in mind, the EBA organised its guidance into two categories:

• Role and responsibilities of the management body/senior AML/CFT manager
• Role and responsibilities of the AML/CFT compliance officer

The EBA sets out the role and responsibilities of both the management body and the AML/CFT compliance officer in detail in its 2022 guidance. Rather than representing ‘new’ additions to existing guidelines (characterised as sufficient ‘at the time’) the EBA stresses that the 2022 provisions ‘complement requirements in other sectoral laws that relate to credit or financial institutions’ governance and risk management systems, and suitability requirements for senior function holders’.

Key highlights of the EBA’s 2022 guidance are as follows.

The Role of the Management Body/Senior AML/CFT Manager

The EBA’s guidelines set out the role of a firm’s management body and senior AML/CFT manager within its internal AML/CFT framework. The EBA states that ‘the management body should be responsible for approving the credit or financial institution’s overall AML/CFT strategy and for overseeing its implementation’. Key aspects of a management body’s AML/CFT role include: 

• Providing oversight of AML/CFT policies and assessing the effectiveness of those policies through internal and external audits. 
• Ensuring that individuals responsible for AML/CFT functions possess sufficient knowledge, experience and skills to perform their duties effectively. 
• Ensuring that individuals responsible for AML/CFT functions are kept informed of business decisions or any other factors that affect compliance risk. 
• Reviewing any activity reports that the firm’s AML/CFT officer submits.
• Managing human and technical resources in order to facilitate effective AML/CFT operations.

The Role of the AML/CFT Compliance Officer

The EBA notes several important factors that firms must take into account when appointing an AML/CFT compliance officer, including the scale and complexity of their financial operations and their operational exposure to criminal risk. The character and ability of an AML/CFT officer is also important: the EBA’s guidance emphasises the need for officers to have the expertise and authority to carry out their duties effectively, have no conflicts of interest, and have the availability to communicate with the relevant FIU. 

The guidelines also note that the appointment of an AML/CFT compliance officer should be proportional to a firm’s compliance needs. Smaller firms and sole traders, for example, may choose not to appoint an AML/CFT officer as long as they set out their justification for doing so in writing. 

The EBA notes that firms must clearly define and document their AML/CFT officer’s role and responsibilities. Under the requirements of the EU’s AMLD, AML/CFT compliance officers must: 

• Develop a risk assessment framework specific to the risks that their firm faces. 
• Develop AML/CFT policies suitable for their firm’s risk exposure and appetite for risk. 
• Screen customers and transactions, including monitoring high-risk customers, sanctions lists, politically exposed persons (PEP) lists, and adverse media stories. 
• Monitor AML/CFT compliance in line with the latest AMLD regulations on an ongoing basis. 
• Communicate clearly with the firm’s internal management body, including submitting an annual AML/CFT activity report (which will be made available for competent authorities). 
• Report suspicious customer transactions to the relevant FIU. 
• Train compliance employees and promote AML/CFT compliance awareness in line with the latest regulations. 

To learn more about how Ripjar’s solutions can support AML/CFT compliance officers, get in touch today.