Response to consultation on draft Guidelines on the role, tasks and responsibilities AML/CFT compliance officers
Go back
on policies and procedures in relation to compliance management and the role and responsibilities of the AML/CFT Compliance Officer under the existing AML Directive.
For SME insurance intermediaries falling within the scope of AML rules, it is important that:
• expectations of the role, tasks and responsibilities of the AML/CFT compliance officer and the management body are proportional to their size, scope of activities and location. Changing rules comes with a cost and therefore any changes/enhancements should only be made when necessary and in so far as the benefits outweigh any negative impact.
• Expectations should be in accordance with the risk-based approach.
In this light, BIPAR welcomes the EBA statement (paragraph 4 of EBA consultation paper) that “the provisions set out in these guidelines should be applied in a manner that is effective and proportionate to the financial sector operator’s type, size, internal organisation, the nature, scope and complexity of its activities, and the ML/TF risks to which the financial sector operator is exposed”.
BIPAR would suggest introducing a more explicit the wording that reads as follows:
“the provisions set out in these guidelines should be proportionally applied and proportionally supervised in a manner that is effective in accordance with the ultimate objectives of the AML rules and proportionate to the financial sector operator’s type, size, internal organisation, the nature, scope and complexity of its activities, and the ML/TF risks to which the financial sector operator is exposed, taking into consideration the place of the operator in the value chain.
BIPAR is of the opinion that in this paragraph the proportionality principle needs to be explicitly included and it should read as follows:
“the member of the management body/senior manager to be identified as AML manager (in accordance with Article 46(4) of AML Directive (EU) 2015/849) should in particular have adequate knowledge, skills and experience regarding the identification, assessment and management of the ML/TF risks, and the implementation of AML/CFT policies, controls and procedures, with a good understanding of the financial sector operator’s business model and the sector in which the financial sector operator operates, and this proportionally to the extent to which this exposes the financial sector operator to ML/TF risks and taking into consideration the financial sector operator’s type, size, internal organisation, the nature, scope and complexity of its activities.”
For example, BIPAR suggests that attention should be paid in these AML guidelines to the fact that, while stricter requirements may derive from issues identified in the banking sector where the inherent ML/TF risk is assessed a significant or very significant, the same rules should not apply, mutatis mutandis, to some life insurance products/intermediation activities which are currently in scope and where the inherent ML/TF risk is considered “moderately significant or less significant” according to the March 2021 EBA Opinion on “ML/TF risks affecting then European Union’s financial sector”.
The specificity of some long-term life insurance intermediation activities versus daily banking operations and the fact that in life insurances also the banks and the insurers do the AML check should be taken into consideration to avoid unnecessary duplication or triplication of requirements.
BIPAR believes it is necessary to have a differentiating approach regarding the obligation to appoint an AML/CFT compliance officer based on the size as well as on the level of ML risk to which the entity in question is exposed.
Considering that life insurance intermediation present a low inherent ML risk in accordance to the March 2021 EBA Opinion on “ML/TF risks affecting then European Union’s financial sector”, and considering that a member of the governing body of the entity always undertakes the obligation to implement the AML policy (compliance manager), BIPAR believes that there is NO need to appoint a specific AML/CFT compliance officer for insurance intermediaries falling within the scope of AML rules, especially when they are micro, small and medium-sized enterprises. Having a proportional AML procedure for activities that are in scope should be sufficient. BIPAR has also highlighted this in the Commission “have your say” consultation on the proposal for a new AML Regulation.
In any event, it is necessary that a level of flexibility is accorded to micro, small and medium sized entities. BIPAR therefore endorses the draft EBA Guideline 4.2.2, paragraph 31 which specifies that “a financial sector operator should appoint an AML/CFT compliance officer unless they are a sole trader or have a very limited number of employees or members”. The guideline should explicitly mention that for those who have more than a “very limited number of employees”, the proportionality principle (see our reply under Q1) applies. Also one-director companies should have the same treatment as sole traders with regards to the obligation to appoint an AML compliance officer.
BIPAR believes that this can be justified based on the criteria laid down in the draft EBA Guideline 4.2.2, paragraph 32:
a) nature of the financial sector operator’s business and the ML/TF risks associated therewith, taking into account its geographical exposure, customer base, distribution channels and products and services offering;
b) the size of its operations in the jurisdiction, the number of its customers the number and volume of its transactions and the number of its full-time equivalent employees;
c) the legal form of the financial sector operator, including whether the financial sector operator forms part of a group.
2/AML compliance function can be combined with other functions carried out by the same person
BIPAR welcomes the fact that this is endorsed in the draft EBA Guideline 4.2.1., paragraph 25 whereby the role of the AML compliance officer can be carried out by an employee in addition to his/her existing functions.
3/Outsourcing of AML/CFT compliance officer function should be always allowed
BIPAR believes that obliged entities, especially micro, small and medium sized entities, should be given the opportunity to outsource their AML/CFT compliance function to third-party providers or other obliged entities.
BIPAR notes draft EBA Guideline 4.2.1., paragraph 29 according to which, the AML/CFT compliance officer should be allowed to assign his/her tasks to other officers and employees acting under his/her direction and supervision, under the condition that ultimate responsibility for the effective fulfilment of those tasks remains with the AML/CFT compliance officer.
This guideline is useful for larger entities.
However, with regard to draft EBA Guideline 4.2.6. setting out provisions on outsourcing, BIPAR does not agree with prohibiting the outsourcing of the internal organisation of AML system (points (b) of paragraph 74).
Insurance intermediaries and particularly micro enterprises and SMEs will face a heavy burden and unnecessary costs if they are not able to outsource functions. Outsourcing of certain functions can result in efficiency and better results in terms of the ultimate objective of combatting ML. The possibility of outsourcing could also reduce the supervisory costs.
In this light, point (h) of paragraph 74 (EBA Guideline 4.2.6) prohibiting the outsourcing of “any other decisions which, according to their nature, should be made within financial sector operator” could lead to legal uncertainty. It is not clear which other decisions should be made within the financial sector operator and how this would be supervised/ judged.
As already mentioned, AML rules should follow to the greatest possible extent a risk-based approach and implement the proportionality principle in order to take account of the size, nature and complexity and the risk exposure of the activities in question (and the place of the operator in the chain of events) in order to allow for a level-playing field. Putting disproportionate burden on smaller or lower risk entities by imposing upon them the same rules as on larger or higher risk entities creates an un-level playing field.
Allowing for the possibility of outsourcing is a possible way to meet the ultimate objectives of AML rules without creating disproportionate administrative burden and extra costs for the obliged entities, particularly the SMEs. Low risk operators should be considered and the proportionality principle should be introduced in specific requirements.
In reality, in the insurance intermediation sector, no offer issued following the intermediary’s advice can result in any premium payment without the agreement and adequate controls related to this matter upstream, both by an insurer (creditor of the premium) and by a bank (organizer of the transfer of funds). In the pay-out phase, often many years after the conclusion of the contract, the same process (insurer- bank) is applied in reverse order. The guidelines should not lead to duplication or triplication of the checks.
Outsourcing (and the right to conclude agreement with other parties in the chain - see below) enables entities to benefit from the knowledge, competence and skills of experts.
Although BIPAR and the intermediary community is playing its role in the combat against ML, it should be considered that these guidelines will be a reference and in case of even “alleged” breach of one of the formal rules, entities are exposed to very heavy legal defence costs which may disproportional.
In particular when it concerns intermediation activities (the “in between” two parties), BIPAR is of the opinion that the AML guidelines should explicitly allow, not only for outsourcing but also for balanced “agreements” to be made between the entities in the chain of the events (or the chain of contract).
We note that in this respect (paragraph 75, point (d)) reads as follows:
“In the framework of the outsourcing of tasks of the AML/CFT compliance function, the rights and obligations of the professional and service provider as well as their roles, responsibilities and duties shall be clearly listed, distributed and defined in an outsourcing contract”.
4/Self incrimination
In draft EBA Guideline 4.2.3, paragraph 52 (2) (h) and paragraph 52 (3) (j), it seems inappropriate that the entity should be required to report the shortcomings of its control system each year as well as the improvements to be made to remedy them. This mechanism could be similar to self-incrimination which could have consequences other than administrative sanctions. We would rather opt for a kind of “anonymous” reporting system which could help entities to feed a system of “warnings” or “experiences”.
5/AML Training
According to draft EBA Guideline 4.2.4, paragraphs 57-63, “the AML/CFT compliance officer should identify what specific training is needed according to the ML/TF risks to which the persons to whom the training is provided”.
And, “the AML/CFT compliance officer prepares and implements, in cooperation with the human resources department of the financial sector operator, an annual plan of training and education of staff”.
To recall that the proportionality principle applies also with regards to training, as provided in Article 46(1) of 4th AML Directive, BIPAR suggests that paragraphs 62 and 63 read as follows:
62. “The AML/CFT compliance officer should identify what specific training is needed according to the ML/TF risks to which the persons to whom the training is provided and according to the obliged entity’s risks, nature and size”.
63. “The AML/CFT compliance officer, where applicable, prepares and implements, in cooperation with the human resources department of the financial sector operator, an annual plan of training and education of staff”.
A “one size fits all” approach when exercising supervisory powers should be avoided. In terms of proportionality, the supervision of an entity should focus on the facts and not on the formalities. This needs also to be seen in conjunction with the risk-based approach and the proportionality principle that should be clearly reflected in the whole AML legal framework.
The business models of obliged entities and their exposure to ML/TF risks are very diverse depending on the sector within which they are carrying out their activities (e.g. banking services, insurance services, etc). The diverse ML/TF risk exposure of each sector and operator and their place in the value chain should be always taken into account by the supervisors so that supervision focuses on the final objectives of the AML rules being to avoid ML.
BIPAR would like to highlight the importance of the role that the national competent authorities play since they can benefit from their understanding of their respective local market and the direct communication with the obliged entities established in their national market. BIPAR believes that the combat against ML is a joint combat of authorities and industry and that together can play an important role in creating awareness and give good “guidance” in order to avoid Money Laundering. Cooperation in this respect is as important as enforcement.
1. Do you have any comments on the section ‘Subject matter, scope and definitions’?
BIPAR welcomes the opportunity to provide feedback with regards to the EBA Draft Guidelineson policies and procedures in relation to compliance management and the role and responsibilities of the AML/CFT Compliance Officer under the existing AML Directive.
For SME insurance intermediaries falling within the scope of AML rules, it is important that:
• expectations of the role, tasks and responsibilities of the AML/CFT compliance officer and the management body are proportional to their size, scope of activities and location. Changing rules comes with a cost and therefore any changes/enhancements should only be made when necessary and in so far as the benefits outweigh any negative impact.
• Expectations should be in accordance with the risk-based approach.
In this light, BIPAR welcomes the EBA statement (paragraph 4 of EBA consultation paper) that “the provisions set out in these guidelines should be applied in a manner that is effective and proportionate to the financial sector operator’s type, size, internal organisation, the nature, scope and complexity of its activities, and the ML/TF risks to which the financial sector operator is exposed”.
BIPAR would suggest introducing a more explicit the wording that reads as follows:
“the provisions set out in these guidelines should be proportionally applied and proportionally supervised in a manner that is effective in accordance with the ultimate objectives of the AML rules and proportionate to the financial sector operator’s type, size, internal organisation, the nature, scope and complexity of its activities, and the ML/TF risks to which the financial sector operator is exposed, taking into consideration the place of the operator in the value chain.
2. Do you have any comments on Guideline 4.1 ‘Role and responsibilities of the management body in the AML/CFT framework and of the senior manager responsible for AML/CFT’?
According to draft EBA Guideline 4.1.4, paragraph 17, “the member of the management body/senior manager to be identified as AML manager (in accordance with Article 46(4) of AML Directive (EU) 2015/849) should in particular have adequate knowledge, skills and experience regarding the identification, assessment and management of the ML/TF risks, and the implementation of AML/CFT policies, controls and procedures, with a good understanding of the financial sector operator’s business model and the sector in which the financial sector operator operates, and the extent to which this exposes the financial sector operator to ML/TF risks.”BIPAR is of the opinion that in this paragraph the proportionality principle needs to be explicitly included and it should read as follows:
“the member of the management body/senior manager to be identified as AML manager (in accordance with Article 46(4) of AML Directive (EU) 2015/849) should in particular have adequate knowledge, skills and experience regarding the identification, assessment and management of the ML/TF risks, and the implementation of AML/CFT policies, controls and procedures, with a good understanding of the financial sector operator’s business model and the sector in which the financial sector operator operates, and this proportionally to the extent to which this exposes the financial sector operator to ML/TF risks and taking into consideration the financial sector operator’s type, size, internal organisation, the nature, scope and complexity of its activities.”
For example, BIPAR suggests that attention should be paid in these AML guidelines to the fact that, while stricter requirements may derive from issues identified in the banking sector where the inherent ML/TF risk is assessed a significant or very significant, the same rules should not apply, mutatis mutandis, to some life insurance products/intermediation activities which are currently in scope and where the inherent ML/TF risk is considered “moderately significant or less significant” according to the March 2021 EBA Opinion on “ML/TF risks affecting then European Union’s financial sector”.
The specificity of some long-term life insurance intermediation activities versus daily banking operations and the fact that in life insurances also the banks and the insurers do the AML check should be taken into consideration to avoid unnecessary duplication or triplication of requirements.
3. Do you have any comments on Guideline 4.2 ‘Role and responsibilities of the AML/CFT compliance officer’?
1/SME insurance intermediaries should not be obliged to appoint AML/CTF compliance officerBIPAR believes it is necessary to have a differentiating approach regarding the obligation to appoint an AML/CFT compliance officer based on the size as well as on the level of ML risk to which the entity in question is exposed.
Considering that life insurance intermediation present a low inherent ML risk in accordance to the March 2021 EBA Opinion on “ML/TF risks affecting then European Union’s financial sector”, and considering that a member of the governing body of the entity always undertakes the obligation to implement the AML policy (compliance manager), BIPAR believes that there is NO need to appoint a specific AML/CFT compliance officer for insurance intermediaries falling within the scope of AML rules, especially when they are micro, small and medium-sized enterprises. Having a proportional AML procedure for activities that are in scope should be sufficient. BIPAR has also highlighted this in the Commission “have your say” consultation on the proposal for a new AML Regulation.
In any event, it is necessary that a level of flexibility is accorded to micro, small and medium sized entities. BIPAR therefore endorses the draft EBA Guideline 4.2.2, paragraph 31 which specifies that “a financial sector operator should appoint an AML/CFT compliance officer unless they are a sole trader or have a very limited number of employees or members”. The guideline should explicitly mention that for those who have more than a “very limited number of employees”, the proportionality principle (see our reply under Q1) applies. Also one-director companies should have the same treatment as sole traders with regards to the obligation to appoint an AML compliance officer.
BIPAR believes that this can be justified based on the criteria laid down in the draft EBA Guideline 4.2.2, paragraph 32:
a) nature of the financial sector operator’s business and the ML/TF risks associated therewith, taking into account its geographical exposure, customer base, distribution channels and products and services offering;
b) the size of its operations in the jurisdiction, the number of its customers the number and volume of its transactions and the number of its full-time equivalent employees;
c) the legal form of the financial sector operator, including whether the financial sector operator forms part of a group.
2/AML compliance function can be combined with other functions carried out by the same person
BIPAR welcomes the fact that this is endorsed in the draft EBA Guideline 4.2.1., paragraph 25 whereby the role of the AML compliance officer can be carried out by an employee in addition to his/her existing functions.
3/Outsourcing of AML/CFT compliance officer function should be always allowed
BIPAR believes that obliged entities, especially micro, small and medium sized entities, should be given the opportunity to outsource their AML/CFT compliance function to third-party providers or other obliged entities.
BIPAR notes draft EBA Guideline 4.2.1., paragraph 29 according to which, the AML/CFT compliance officer should be allowed to assign his/her tasks to other officers and employees acting under his/her direction and supervision, under the condition that ultimate responsibility for the effective fulfilment of those tasks remains with the AML/CFT compliance officer.
This guideline is useful for larger entities.
However, with regard to draft EBA Guideline 4.2.6. setting out provisions on outsourcing, BIPAR does not agree with prohibiting the outsourcing of the internal organisation of AML system (points (b) of paragraph 74).
Insurance intermediaries and particularly micro enterprises and SMEs will face a heavy burden and unnecessary costs if they are not able to outsource functions. Outsourcing of certain functions can result in efficiency and better results in terms of the ultimate objective of combatting ML. The possibility of outsourcing could also reduce the supervisory costs.
In this light, point (h) of paragraph 74 (EBA Guideline 4.2.6) prohibiting the outsourcing of “any other decisions which, according to their nature, should be made within financial sector operator” could lead to legal uncertainty. It is not clear which other decisions should be made within the financial sector operator and how this would be supervised/ judged.
As already mentioned, AML rules should follow to the greatest possible extent a risk-based approach and implement the proportionality principle in order to take account of the size, nature and complexity and the risk exposure of the activities in question (and the place of the operator in the chain of events) in order to allow for a level-playing field. Putting disproportionate burden on smaller or lower risk entities by imposing upon them the same rules as on larger or higher risk entities creates an un-level playing field.
Allowing for the possibility of outsourcing is a possible way to meet the ultimate objectives of AML rules without creating disproportionate administrative burden and extra costs for the obliged entities, particularly the SMEs. Low risk operators should be considered and the proportionality principle should be introduced in specific requirements.
In reality, in the insurance intermediation sector, no offer issued following the intermediary’s advice can result in any premium payment without the agreement and adequate controls related to this matter upstream, both by an insurer (creditor of the premium) and by a bank (organizer of the transfer of funds). In the pay-out phase, often many years after the conclusion of the contract, the same process (insurer- bank) is applied in reverse order. The guidelines should not lead to duplication or triplication of the checks.
Outsourcing (and the right to conclude agreement with other parties in the chain - see below) enables entities to benefit from the knowledge, competence and skills of experts.
Although BIPAR and the intermediary community is playing its role in the combat against ML, it should be considered that these guidelines will be a reference and in case of even “alleged” breach of one of the formal rules, entities are exposed to very heavy legal defence costs which may disproportional.
In particular when it concerns intermediation activities (the “in between” two parties), BIPAR is of the opinion that the AML guidelines should explicitly allow, not only for outsourcing but also for balanced “agreements” to be made between the entities in the chain of the events (or the chain of contract).
We note that in this respect (paragraph 75, point (d)) reads as follows:
“In the framework of the outsourcing of tasks of the AML/CFT compliance function, the rights and obligations of the professional and service provider as well as their roles, responsibilities and duties shall be clearly listed, distributed and defined in an outsourcing contract”.
4/Self incrimination
In draft EBA Guideline 4.2.3, paragraph 52 (2) (h) and paragraph 52 (3) (j), it seems inappropriate that the entity should be required to report the shortcomings of its control system each year as well as the improvements to be made to remedy them. This mechanism could be similar to self-incrimination which could have consequences other than administrative sanctions. We would rather opt for a kind of “anonymous” reporting system which could help entities to feed a system of “warnings” or “experiences”.
5/AML Training
According to draft EBA Guideline 4.2.4, paragraphs 57-63, “the AML/CFT compliance officer should identify what specific training is needed according to the ML/TF risks to which the persons to whom the training is provided”.
And, “the AML/CFT compliance officer prepares and implements, in cooperation with the human resources department of the financial sector operator, an annual plan of training and education of staff”.
To recall that the proportionality principle applies also with regards to training, as provided in Article 46(1) of 4th AML Directive, BIPAR suggests that paragraphs 62 and 63 read as follows:
62. “The AML/CFT compliance officer should identify what specific training is needed according to the ML/TF risks to which the persons to whom the training is provided and according to the obliged entity’s risks, nature and size”.
63. “The AML/CFT compliance officer, where applicable, prepares and implements, in cooperation with the human resources department of the financial sector operator, an annual plan of training and education of staff”.
4. Do you have any comments on Guideline 4.3 ‘Organisation of the AML/CFT compliance function at group level’?
No comment.5. Do you have any comments on Guideline 4.4 ‘Review of the AML/CFT compliance function by competent authorities’?
Please also refer to our general comment above (see our answer under Q1). BIPAR believes the guidelines should explicitly provide for proportionate supervision.A “one size fits all” approach when exercising supervisory powers should be avoided. In terms of proportionality, the supervision of an entity should focus on the facts and not on the formalities. This needs also to be seen in conjunction with the risk-based approach and the proportionality principle that should be clearly reflected in the whole AML legal framework.
The business models of obliged entities and their exposure to ML/TF risks are very diverse depending on the sector within which they are carrying out their activities (e.g. banking services, insurance services, etc). The diverse ML/TF risk exposure of each sector and operator and their place in the value chain should be always taken into account by the supervisors so that supervision focuses on the final objectives of the AML rules being to avoid ML.
BIPAR would like to highlight the importance of the role that the national competent authorities play since they can benefit from their understanding of their respective local market and the direct communication with the obliged entities established in their national market. BIPAR believes that the combat against ML is a joint combat of authorities and industry and that together can play an important role in creating awareness and give good “guidance” in order to avoid Money Laundering. Cooperation in this respect is as important as enforcement.