The year 2022 has brought a new wave of financial crime enforcement with Anti-Money Laundering (AML), Know-Your-Customer (KYC) and Countering the Financing of Terrorism (CFT) fines skyrocketing after a lull period during the COVID-19 pandemic. Fines have risen over 50% globally compared to 2021 and show no sign of slowing down in 2023. C-level executives from financial institutions worldwide are becoming increasingly willing to accept fines, as part of their business costs. However, the European Banking Authority (EBA) has gone beyond just imposing fines and released new guidelines on the role and responsibilities of the AML/CFT Compliance Officer (June 2022, applicable December 2022) that increase the responsibilities of financial institutions with regards to their AML and CFT obligations. EBA aims to increase personal accountability of the management body by imposing additional responsibilities on the AML/CFT Compliance Officers. Avantage Reply has a dedicated team of experts who follow the latest regulatory developments and practices in order to develop custom-made approaches and help address AML/CFT regulatory requirements.
The new EBA guidelines aim to provide more detailed guidance to financial institutions and their compliance officers in establishing and maintaining an effective AML/CFT compliance program. The guidelines are expected to have a significant impact on the role and responsibilities of the AML/CFT Compliance Officers in financial institutions across the European Union.
Whilst previously compliance officers were responsible for supporting financial institutions in their understanding of laws and regulations, the new guidelines give them additional personal accountability. In particular, it forces financial institutions to ensure that compliance officers are sufficiently qualified and gives sufficient authority to guide senior management through the necessary steps for AML/CFT compliance and to challenge them, where necessary. Compliance officers must also have direct access to the senior management and the Board of Directors and be able to provide independent advice and challenge the decision-making processes.
The guidelines also require to have a comprehensive understanding of the financial institution's business and its risk profile. The officers must identify, assess, and manage AML/CFT risks, including implementing and testing policies, procedures, and controls.
Finally, it aims at increasing the financial institution’s awareness of AML/CFT practices at all levels of the organisation. For example, institutions must develop risk culture linked to AML/CFT and produce an annual review and activity reports containing necessary information in line with the EBA’s expectations.
The EBA Guidelines also have an important impact on the manner in which branches and subsidiaries are to be handled in regards to AML/CFT. For many years, branches and subsidiaries have been able to act relatively independent from the group with only limited AML/CFT impacts appearing in the consolidated reporting. The new guidelines reinforce the EBA’s holistic approach to governance and analysis by increasing the financial institutions obligations towards their branches and subsidiaries.
Now, the AML/CFT Compliance Officer is responsible for overseeing the compliance of branches and subsidiaries with the policies and procedures set at the group level. To ensure compliance, internal control processes must be established and a local AML/CFT Compliance Officer should be appointed.
The group AML/CFT Compliance Officer should have sufficient power to assess AML/CFT risks company-wide, including at the subsidiary level. To achieve this, the local branch AML/CFT Compliance Officer’s work should be coordinated and aligned with the group's policies and regulations.
Each subsidiary should produce its own annual reporting on AML/CFT risks, in addition to the group's overall reporting. The local AML/CFT Compliance Officer should have a direct reporting line to the group’s AML/CFT Compliance Officer, ensuring clear communication and compliance with the group's policies and regulations.
In addition to the previously mentioned aspects of the new guidelines, it is important to mention that EBA uses the new guidelines to keep a close watch and set rules around the outsourcing practices in the industry. The regulator expects financial institutions and the AML/CFT Compliance Officers to remain accountable and ensure their compliance with applicable AML/CFT laws and regulations as they are the ones who know best their AML/CFT risk exposure. Only certain, and non-critical, AML/CFT tasks could be outsourced. The AML/CFT Compliance Officer should assess the outsourcing arrangements and ensure that the outsourced entity has the necessary expertise, resources, and procedures in place to perform such tasks effectively. Outsourcing agreements should include clear and specific provisions regarding the outsourced tasks, the scope of work, the obligations of the outsourced entity, and the service level agreements. It is important that an appropriate framework and controls are put in place to ensure that any outsourced AML/CFT tasks are performed in accordance with the institution's AML/CFT internal policies and procedures as well as applicable laws and regulations.
Overall, the new EBA guidelines are yet another important step taken by the regulator in the escalation of both personal and corporate accountability for financial institution, especially so for AML/CFT practices.
The general direction towards stricter regulation shows little sign of slowing down, especially in the European context of the looming FATF (Financial Action Taskforce) inspections. One should expect that the Luxembourgish regulator (CSSF) might have a special interest in the topic as the country continues to show its eagerness to demonstrate the right regulatory framework is in place to fight the Money Laundering and the Financing of Terrorism, in a bid to host the EU’s proposed new anti-money laundering watchdog, the Anti-Money Laundering Authority (AMLA).