The Central Bank of Ireland (CBI) has consistently reinforced the importance of the compliance function in regulated entities, and in particular in the context of credit institutions and payment businesses where the risk of AML/CFT is high.
Earlier this year (April 2022), as part of its fitness and probity regime, the CBI appointed a compliance officer with specific responsibility for AML/CFT. In June 2021, the CBI published a revised set of Anti-Money Laundering and Counter-Terrorist Financing Guidelines for the Financial Sector to help credit and financial institutions understand their AML/CFT obligations under Part 4 of the Criminal Justice (Money Laundering and Financing of Terrorism) Act 2010. identified by BCI as a result of supervisory missions with designated persons who are required to register with BCI under the AML/CFT regime.
From 2017 to date, the CBI has imposed fines of approximately €7.2 million on regulated entities for breaching AML requirements, further demonstrating the CBI’s continued focus on compliance by businesses of their AML/CFT requirements.
Recognizing the persistent degree of AML/CFT risk within the financial system in the region (and also globally), the EU has continued to improve the regulatory framework designed to limit opportunities for malicious actors to use the financial system. for activities related to AML/CFT1.
Considering the importance of compliance with AML/CFT requirements in the banking sector, the European Banking Authority (EBA) has published guidelines which detail the role and responsibilities of the AML/CFT officer2. The guidelines are mainly anchored in the requirements of Articles 8(4) and 46(4) of EU Directive 2015/849.3 (AMLD4).
The EBA believes that the guidance is necessary as it has become aware of a number of reports suggesting that the requirements set out in AMLD4 “have been implemented unevenly across different sectors and Member States, and that they do not are not always effectively applied.”4 The EBA expects the guidelines to create a common understanding by competent authorities (in Ireland, the CBI) and financial institutions of the governance arrangements required, and lead to more consistent application and implementation of the requirements. anti-money laundering legislation. /CFT.
The Guiding Principles aim to focus on three main areas: (i) the role of the management body, (ii) the role of the compliance officer and (iii) the compliance function at group level.
Role and responsibilities of the management body in the context of AML/CFT
When selecting a member of the management body responsible for AML, Guideline 4.1 states that certain criteria must be met, such as sufficient knowledge, skills and experience in AML and implementation. implementation of AML policies, as well as sufficient time and resources to carry out their mission. functions.
If there is no governing body in place within the institution concerned, a senior manager must be appointed. These individuals should ensure that the management body or senior management is aware of the impact of anti-money laundering risks, that internal anti-money laundering policies are adequate and proportionate and that there are periodic reports to the board of directors on the activities of the compliance officer. They should also inform the board of any serious anti-money laundering concerns and/or violations and recommend solutions.
The management body itself should ensure that it is informed of the outcome of an enterprise-wide risk assessment and monitor the adequacy and effectiveness of anti-money laundering policies. ‘silver.
The roles and responsibilities of the AML/CFT compliance officer
When deciding whether or not to appoint an AML compliance officer, the guidelines advise companies to consider the scale and complexity of their operations. If a company decides not to appoint a compliance officer, it must document the reasons for not doing so and refer to the nature of its activity, its size and its legal form.
A compliance officer should have the skills, time, resources, reputation, and understanding of AML policies necessary to perform their duties. A compliance offer must also have sufficient authority to propose the necessary and appropriate measures to ensure compliance with AML obligations and be independent of the businesses it controls. The company should also ensure that the compliance officer has unrestricted access to all relevant information and can report directly to the management body if necessary.
The Guidelines also define (in Guideline 4.2) the responsibilities of an AML compliance officer, including:
- developing and maintaining a risk assessment framework;
- ensure that adequate anti-money laundering policies are in place, maintained and effectively implemented on an ongoing basis;
- advise senior management before a final decision is made on the engagement of new high-risk clients;
- monitor anti-money laundering policies and procedures for compliance;
- advise the management body on the measures to be taken;
- produce an annual activity report;
- report suspicious transactions to the national financial intelligence unit; and
- oversee internal anti-money laundering training and awareness.
Organization of the AML/CFT compliance function at group level
If a parent company of a group of companies is a credit institution or a financial institution, its management should ensure that the entities of the group carry out their AML risk assessments in a coordinated manner, while taking into account their individual risks.
Guideline 4.3 advises parent companies to appoint a member of their management body to be responsible for anti-money laundering at that level, as well as a group AML compliance officer to oversee compliance at that level. of the group.
The responsibilities of the Group Compliance Officer should include:
- lead a business assessment of the AML risks of the group’s entities at the local level;
- drafting of a group-wide AML risk assessment;
- define group-level AML standards that also ensure compliance with local laws and regulations;
- coordinate the work of the local AML compliance officers of a branch or subsidiary in order to ensure a consistent approach throughout the group; and
- produce an annual activity report for management.
The Guidelines are addressed to “Credit Institutions or Financial Institutions” (as defined in AMLD45) which effectively encompasses all entities regulated by the CBI, including banks, payment firms, investment firms, insurers, brokers, etc., where AML/CFT risks are prevalent. Regulated entities can learn valuable lessons from the EBA’s guidance and are likely to find it useful when seeking to strengthen their own AML/CFT frameworks and approach to compliance.
The guidelines apply from 1 December 2022, and competent authorities and financial institutions are required to “do their utmost to comply with the guidelines”. National authorities are expected to inform EBA if they comply with the guidelines or adequately explain the reasons for their non-compliance.