Developments in technology, together with globalisation, have been accompanied by the proliferation of certain types of misconduct, with instances of fraud sometimes appearing to increase on a daily basis.

In an effort to improve competent authorities' and financial sector operators' understanding of the anti-money laundering (AML) regulatory framework, on August 2 the European Banking Authority (EBA) launched a public consultation paper on draft guidelines regarding the policies and procedures in relation to compliance management, and the role and responsibilities of the anti-money laundering and countering the financing of terrorism (AML/CFT) compliance officer under Article 8 and Chapter VI of Directive (EU) 2015/849 (the guidelines).

Money laundering and terrorist financing is strongly regulated by the European Union (EU) through several directives, including the EU Fourth Anti-Money Laundering Directive 2015/849 of May 20, 2015 (Directive 2015/849). In a nutshell, the draft guidelines aim to clarify and elaborate on the role and responsibilities of:

  1. the AML/CFT compliance officer (the compliance officer); and
  2. the responsibilities of the management body in terms of AML/CFT, or of the senior manager (where no management body exists).

The proposals set out in the guidelines have been derived from EU member states' and financial sector operators' experience of implementing Directive 2015/849 to date.


There is evidence to suggest that, from the start, member states applied the requirements set out in Directive 2015/849 unevenly or ineffectively. The guidelines address Directive 2015/849's provision that obliged entities must appoint compliance officers only under certain circumstances, where it is appropriate with regard to the size and nature of the business. Certain financial financial sector operators appear to have taken the view that there was no need for them to appoint a compliance officer.

The guidelines attempt to clarify the interpretation of this obligation, explaining that the appointment of a compliance officer is mandatory for all financial sector operators, while other obliged entities (such as independent legal professionals, estate agents, etc.) must base their decision on the proportionality criteria.

It remains unclear, however, quite how other obliged entities should interpret the obligation to appoint a compliance officer, since the phrase "the size and nature of the business" is rather vague. It can, therefore, be argued that, for the time being, the common ground for the appointment - or not - of a compliance officer should be the best practice in this field adopted by other obliged entities in the member state. The guidelines also offer a certain amount of direction on the general responsibilities and role of any compliance officer subsequently appointed.

Effective and proportionate application

Another overarching statement involves the effective and proportionate application of the guidelines themselves. As the EBA points out in the guidelines, proportionality and effectiveness are to be assessed by reference to the type, size, internal organisation, nature and scope of the financial institution, and the complexity of its activities, as well as the money laundering and/or terrorist financing risks to which it is exposed.

While proportionality is easier to infer, this raises the question of how effectiveness will be assessed on the basis of the above- mentioned criteria.

From the authors' standpoint, effectiveness implies high-quality AML/CFT control procedures, which may be achieved by ensuring adequate resources, hiring suitably qualified staff, adapting the financial institution's corporate governance documents and developing internal reporting policies. Such measures should ensure clear responsibilities for senior management and create efficient reporting flows to help highlight money laundering and/or terrorist financing concerns.

In that same vein, effectiveness may also stem from appropriate interaction between supervisory authorities and financial

institutions' senior management, reinforcing the need for the latter to be fully involved in AML/CFT issues, to have clear responsibilities and even to have a direct line of sight to the staff responsible for AML/CFT.

It is precisely these areas which have previously been identified as shortcomings, and which prompted the need for these guidelines in the first place.

Consequence of group compliance requirements

The obligation imposed by Directive 2015/849 for groups of companies to appoint a compliance officer at parent company level - to ensure compliance with AML/CFT programs developed at group level for all subsidiaries worldwide - throws up a number of considerations for financial sector operators.

First, this obligation may affect business relations between the EU and the UK (or any other third country) in terms of whether subsidiaries located in such third jurisdictions may have an obligation to appoint a local compliance officer to ensure compliance with the requirements for their parent companies based in EU member states, and respectively whether parent companies based in third jurisdictions may have an obligation to appoint a global compliance officer to ensure compliance on the part of subsidiaries located in EU member states with the requirements.

In addition, the authors consider that Directive 2015/849 requires groups of companies to implement effective AML/CFT programs in accordance with EU law at the level of majority-owned subsidiaries located in third countries, including where the regulations of the respective third jurisdictions prevent such measures from being applied with the rigour required by the directive.

The guidelines nonetheless also oblige the competent authorities of EU member states to review the implementation of any such AML/ CFT compliance function by financial sector operators in their jurisdictions. Competent authorities may even impose administrative sanctions of up to 5,000,000 euros, or 10% of the operators' total annual turnover, for breaches of their obligations under Directive 2015/849 that are serious, repeated, systematic, or a combination thereof.

It is unclear as yet whether the appointment of a compliance officer may be considered so substantial a part of the AML/CFT policies required to be implemented at group level that it mandates competent authorities to perform the extraterritorial interventions allowed under Directive 2015/849.


The guidelines are the first true glimpse of what is expected from financial sector operators in relation to AML/CFT, but certain aspects remain unclear, such as the mandatory appointment of a compliance officer by other obliged entities, the criteria which will be used to ensure an effective and proportionate application of any such requirement, or the extent to which extraterritoriality may be enforced.

Time will show whether the EBA's efforts will have the desired effect, or whether they have only thrown up yet more questions, triggering the need to issue additional or revised guidelines.

The EBA will hold a virtual public hearing on the draft guidelines on September 28, from 10am to 12pm Paris time. The dial-in details will be communicated to those who have registered.

The consultation on the guidelines is open until November 2.

Originally published by Thomson Reuters.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.