Following its supranational risk assessment (SNRA) in 2019, the EU reported that a number of member states were not implementing Anti-Money Laundering Directive 2015/849 evenly or effectively, and identified specific failures in the appointment of AML/CFT compliance officers.
After further analysis of the risk assessment’s findings, the EU requested that the European Banking Authority (EBA) develop guidance that ‘clarifies the role of AML/CFT officers in credit and financial institutions’.
Under the text of the Directive, the EU requires ‘the appointment of a compliance officer ‘at management level’ as part of a firm’s internal AML policies, controls, and procedures. The directive defines the compliance officer as as a ‘senior management’ employee with ‘sufficient knowledge of the institution’s money laundering and terrorist financing risk exposure and sufficient seniority to take decisions affecting its risk exposure’. The directive does not go into any further detail regarding the day-to-day duties of the AML/CFT compliance officer, nor does it define the officer’s wider responsibilities or their relationship with financial authorities.
To address the potential lack of regulatory clarity, the EBA published its AML/CFT compliance officer guidance in 2022.
What is an AML/CFT Compliance Officer?
An anti-money laundering/counter-financing of terrorism (AML/CFT) compliance officer is the individual responsible for the implementation of their firm’s AML/CFT compliance programme. In the EU, that means they must ensure their firm is operating in alignment with the rules and regulations set out in the Anti-Money Laundering Directives (AMLD), monitoring and reporting suspicious activities to the appropriate financial intelligence unit (FIU), and ensuring that their organisation is not allowing criminals to misuse their products and services.
The complexity of the EU’s AML/CFT compliance landscape means that the AML Compliance Officer role can be challenging: with the release of the EBA guidance, firms that operate within the EU and the EEA should ensure they understand what the compliance officer does, and how they fit within their firm’s infrastructure.
AML Compliance Officer Role and Responsibilities
Referencing Directive 2015/849, the EBA stressed that its guidelines on the role and responsibilities of the AML/CFT compliance officer should be interpreted proportionally by individual institutions, taking into account factors such as company size, industry, and complexity.
The directive frames the ‘management body’ and ‘senior managers’ as important components of their firm’s AML/CFT infrastructure, stating that entities must ‘obtain approval from their senior management’ for the AML policies, controls and procedures that they implement, and that senior management employees must ‘monitor and enhance’ those measures. However, the directive does not set out in detail the management body’s relationship with its AML/CFT compliance officer – who must be appointed as part of those policies, controls, and procedures.
With that in mind, the EBA organised its guidance into two categories:
- Role and responsibilities of the management body/senior AML/CFT manager
- Role and responsibilities of the AML/CFT compliance officer
The EBA sets out the role and responsibilities of both the management body and the AML/CFT compliance officer in detail in its 2022 guidance. Rather than representing ‘new’ additions to existing guidelines (characterised as sufficient ‘at the time’) the EBA stresses that the 2022 provisions ‘complement requirements in other sectoral laws that relate to credit or financial institutions’ governance and risk management systems, and suitability requirements for senior function holders’.
Key highlights of the EBA’s 2022 guidance are as follows.
The Role of the Management Body/Senior AML/CFT Manager
The EBA’s guidelines set out the role of a firm’s management body and senior AML/CFT manager within its internal AML/CFT framework. The EBA states that ‘the management body should be responsible for approving the credit or financial institution’s overall AML/CFT strategy and for overseeing its implementation’. Key aspects of a management body’s AML/CFT role include:
- Providing oversight of AML/CFT policies and assessing the effectiveness of those policies through internal and external audits.
- Ensuring that individuals responsible for AML/CFT functions possess sufficient knowledge, experience and skills to perform their duties effectively.
- Ensuring that individuals responsible for AML/CFT functions are kept informed of business decisions or any other factors that affect compliance risk.
- Reviewing any activity reports that the firm’s AML/CFT officer submits.
- Managing human and technical resources in order to facilitate effective AML/CFT operations.
The Role of the AML/CFT Compliance Officer
The EBA notes several important factors that firms must take into account when appointing an AML/CFT compliance officer, including the scale and complexity of their financial operations and their operational exposure to criminal risk. The character and ability of an AML/CFT officer is also important: the EBA’s guidance emphasises the need for officers to have the expertise and authority to carry out their duties effectively, have no conflicts of interest, and have the availability to communicate with the relevant FIU.
The guidelines also note that the appointment of an AML/CFT compliance officer should be proportional to a firm’s compliance needs. Smaller firms and sole traders, for example, may choose not to appoint an AML/CFT officer as long as they set out their justification for doing so in writing.
The EBA notes that firms must clearly define and document their AML/CFT officer’s role and responsibilities. Under the requirements of the EU’s AMLD, AML/CFT compliance officers must:
- Develop a risk assessment framework specific to the risks that their firm faces.
- Develop AML/CFT policies suitable for their firm’s risk exposure and appetite for risk.
- Screen customers and transactions, including monitoring high-risk customers, sanctions lists, politically exposed persons (PEP) lists, and adverse media stories.
- Monitor AML/CFT compliance in line with the latest AMLD regulations on an ongoing basis.
- Communicate clearly with the firm’s internal management body, including submitting an annual AML/CFT activity report (which will be made available for competent authorities).
- Report suspicious customer transactions to the relevant FIU.
- Train compliance employees and promote AML/CFT compliance awareness in line with the latest regulations.