On 2 August 2021, the European Banking Authority (EBA) launched a public consultation on draft guidelines on policies and procedures in relation to compliance management and the role and responsibilities of the AML/CFT compliance officer under Article 8 and Chapter VI of the Fourth Money Laundering Directive (Directive (EU) 2015/849) (Draft Guidelines).
The Fourth Money Laundering Directive requires that Member States ensure that firms appoint an AML/CFT compliance officer at the management level "where appropriate with regard to the size and nature of the business."1 The Directive also requires Member States to ensure that, "where applicable", firms that have a management body identify the member of the management body who is ultimately responsible for compliance with AML/CFT requirements.2
The EBA notes, however, that there has been a number of reports suggesting that the requirements set out in the Fourth Money Laundering Directive have been implemented unevenly across different sectors and Member States, which ultimately has adverse consequences for the integrity of the EU's AML framework.
The purpose of the Draft Guidelines is to set clear expectations of the role and responsibilities of the AML/CFT compliance officer and the management body with regards to AML/CFT (or the senior manager where no management body exists).
The EBA expects the Draft Guidelines to be applied in a manner that is effective and proportionate to a firm's type, size, internal organisation, the nature, scope and complexity of its activities and the ML/TF risks to which the firm is exposed.
The Draft Guidelines, when finalised, will apply to all financial services firms regulated by the Central Bank of Ireland.
Key Areas addressed by the Draft Guidelines
The Draft Guidelines are divided into four sections addressing the following key points:
1. The roles and responsibilities of the management body in the AML/CFT framework and of the senior manager responsible for AML/CFT
This section addresses the collective responsibilities and role of the management body with respect to AML/CFT. It also sets out the specific role and tasks of the member of the management body or senior manager responsible for AML/CFT.
2. The role and responsibilities of the AML/CFT compliance officer
This section specifies the need to appoint an AML/CFT compliance officer at a level which allows the compliance officer to propose, on his/her own initiative, all necessary or appropriate measures to ensure the compliance and effectiveness of the firm's internal AML/CFT measures to the management body. The Draft Guidelines state, crucially, that "a financial sector operator should appoint an AML/CFT compliance officer unless they are a sole trader or have a very limited number of employees or members."
This section sets out the suitability requirements for the role of AML/CFT compliance officer and explains the roles and responsibilities of the person employed in this role. The EBA notes that the role of AML/CFT compliance officer may be combined with other management functions as long as the minimum criteria specified in Guideline 4.2 are observed. This section also proposes a list of information that, at a minimum, should be included in the activity report by the AML/CFT officer, to be reviewed by the management body at least once a year.
Finally, this section provides guidance regarding the outsourcing of the operational functions of the AML/CFT compliance officer, noting that the ultimate responsibility for those outsourced functions remains with the firm.
3. The organisation of the AML/CFT compliance function at group level
This section addresses the role of the management body for AML/CFT at group level and the appointment of a group AML/CFT officer. The Draft Guidelines recommend that where a firm is part of a group, a group AML/CFT compliance officer should be appointed to ensure the establishment and implementation of effective group-wide AML/CFT policies and procedures. This section also addresses the appropriate reporting lines in respect of the compliance officer role at group level in order to ensure that shortcomings in the AML/CFT framework affecting the entire group are addressed effectively.
4. The review of the AML/CFT compliance function by competent authorities
This section addresses the approach that should be taken by competent authorities to investigate the measures a firm has taken to ensure that the AML/CFT compliance officer meets the conditions relating to integrity, expertise and knowledge of the legal and regulatory AML/CFT framework, either at appointment or at a later stage. This section provides that a competent authority may make a recommendation to the relevant prudential supervisor on whether the individual should be replaced, or advise that conditions be imposed on the individual, where the individual is a key function holder.
The Draft Guidelines can be accessed here.
The EBA has invited comments from stakeholders on the Draft Guidelines. Comments may be submitted via a consultation form, which can be accessed here. The closing date for receipt of comments is 2 November 2021.
The EBA will publish the finalised guidelines following conclusion of the public consultation. The competent authorities must then notify the EBA whether they comply or intend to comply with the finalised guidelines. We expect the Central Bank of Ireland to notify the EBA of its intention to comply with the finalised guidelines in full.
1. Article 8(4)(a) Directive (EU) 2015/849 implemented in Ireland by Section 54(7) of the Criminal Justice (Money Laundering and Terrorist Financing Act 2010, as amended.
2. Article 46(4) Directive (EU) 2015/849 implemented in Ireland by Section 54(8) of the Criminal Justice (Money Laundering and Terrorist Financing Act 2010, as amended.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.