NFU welcomes the possibility to answer to this consultation and provide input to the revised Guidelines. With that in mind, we find the following:
- under ´Legal basis´, point 14, there is an addition made that ´For this purpose, parent undertakings and subsidiaries subject to Directive 2013/36/EU must ensure that internal governance arrangements, processes and mechanisms in their subsidiaries are consistent, well- integrated and adequate´. The first two requirements are prescribed in the Directive, and ´adequate´ is added to refer to ´and that any data and information relevant to the purpose of supervision can be produced´ (Article 109 (2)). ´Adequate´ might therefore not fully encompass the Directive requirement, but rather ´sound´, ´solid´ or similar.
- under ´Rationale and objectives of the guidelines´, point 21, the segment ´In this context, the guidelines clarifies in line with Directive 2013/36/EU that identifying, managing and mitigating money laundering and financing of terrorism risk is part of sound internal governance arrangements and credit institutions risk management framework´ would benefit from the addition of the word ´preventing´, so that it reads ´... that preventing, identifying, managing and mitigating money laundering ...´. The element of prevention is also added with the new Article 56 (g) in the Directive.
- under ´Definitions´, we find that adding a definition on ´Management Body´ and ´Senior Management´ would be helpful, after the definitions for ´Risk Appetite´, ´Risk Capacity´, and ´Risk Culture´; and before the definition of ´Staff´.
We find that it is positive to include the notion that AML/TF measures are part of the institutions´ governance arrangements. Further to the formulation, we would suggest including procedures and specific channels for reporting breaches. Such structures would further strenghten the efforts of institutions in preventing and managing AML/TF. Therefore, the sentence would read: ´d. an adequate and effective internal governance and internal control framework as defined in Title V, including procedures and specific, independent and protected channels for reporting breaches, to ensure compliance with applicable requirements also in the context of the prevention of money laundering and terrorism financing´.
It is important to highlight that ensuring protection against retaliation and anonymity of employees who report breaches remains a challenge. Likewise, external threats from criminals engaged in AML/TF is also an important issue.
The addition of the ESG considerations is a good way forward for integrating sustianability-minded actions. However, we find that the aim should not only be a sustainable business model, but also the development of a long-term perspective and sustainable corporate governance, which would have a spill-over effect into all areas of work for the company, including the successful attraction, retention and re/up-skilling of employees.
Additionally, we see the mention of the ESG considerations throughout the document to be quite limited, for example, further in elaborating the responsibilities of the different roles and committees.
N/A
N/A
N/A
N/A
N/A
Given the dynamics of ML/TF developments, in the phrasing of the last paragraph concerning staff, it would be beneficial to expand to continuous efforts by companies i.e. so it reads ´Credit institutions should take continuous measures to ensure that their staff is made aware of such ML/TF risks and the impact that ML/TF has on the credit institution and the integrity of the financial system´.
- under ´Legal basis´, point 14, there is an addition made that ´For this purpose, parent undertakings and subsidiaries subject to Directive 2013/36/EU must ensure that internal governance arrangements, processes and mechanisms in their subsidiaries are consistent, well- integrated and adequate´. The first two requirements are prescribed in the Directive, and ´adequate´ is added to refer to ´and that any data and information relevant to the purpose of supervision can be produced´ (Article 109 (2)). ´Adequate´ might therefore not fully encompass the Directive requirement, but rather ´sound´, ´solid´ or similar.
- under ´Rationale and objectives of the guidelines´, point 21, the segment ´In this context, the guidelines clarifies in line with Directive 2013/36/EU that identifying, managing and mitigating money laundering and financing of terrorism risk is part of sound internal governance arrangements and credit institutions risk management framework´ would benefit from the addition of the word ´preventing´, so that it reads ´... that preventing, identifying, managing and mitigating money laundering ...´. The element of prevention is also added with the new Article 56 (g) in the Directive.
- under ´Definitions´, we find that adding a definition on ´Management Body´ and ´Senior Management´ would be helpful, after the definitions for ´Risk Appetite´, ´Risk Capacity´, and ´Risk Culture´; and before the definition of ´Staff´.