Response to consultation on draft Guidelines on the role, tasks and responsibilities AML/CFT compliance officers
Go back
EFI welcomes the opportunity to contribute to this consultation given that clear guidance for competent authorities is critical to achieving consistency across jurisdictions, thereby strengthening AML/CFT defences.
In our experience, given the dynamic regulatory risk environment faced by the financial sector, reviewing and refreshing the importance of the various AML/CFT compliance roles, responsibilities, and accountabilities is helpful.
Definitions
It is considered helpful, in definitions, to separate the responsibilities within the management body that are attributable to the supervisory and management functions. This separation of responsibilities helps firms to build a robust and risk focussed governance framework.
It is essential that firm’s governance frameworks are robust and risk focussed such that compliance issues are identified and articulated on a timely basis with any remedial activity prioritised in accordance with the risk assessment. The additional guidance is helpful to the regulated sector and contributes to the AML/CFT risk-based approach, in particular:
4.1.2 13 (a)
Ensuring that the AML/CFT risk assessment is separately communicated to the management body, and not simply subsumed within a general Risk Management Assessment should ensure that AML/CFT risks are known and understood.
4.1.2 13 (b)
Responsibility to ensure that the AML/CFT policies and procedures are adequate and effective and that any remedial activities are deployed on a risk assessed basis helps to articulate the importance of the AML/CFT Compliance Officer’s activities.
4.1.2 13 (c)
It is helpful in strengthening AML/CFT defences to introduce a specific requirement to review periodically (at least annually) on a risk assessed basis the AML/CFT activity report of the AML/CFT Compliance Officer.
4.1.2 13 (d)
The clarification of AML/CFT regulatory expectation is helpful regarding the assessment of the AML/CFT function. There are jurisdictional differences that competent authorities will need to navigate, dovetailing AML/CFT compliance requirements with other similar regimes locally implemented. For example, in the UK, the Senior Managers and Certification regime requires senior managers considered to be performing key roles within a firm to receive PRA or FCA approval before starting their roles. Each senior manager has a statement of responsibilities that clearly says what they are responsible and accountable for. Persons responsible for AML compliance currently fall within this senior manager regime.
EFI considers it helpful to reiterate in guidance the types of evidence expected to support completion of the above actions.
EFI considers this guidance to be helpful. However, consideration could also be given in guidance to assessment of continued competency whilst in the role.
Tasks and role
‘Unconditional and direct access to all information’ is a very clear statement to assist the individual in their role.
Guidance would be helpful regarding the regularity of risk assessment, policy and procedure reviews. It is helpful to outline the regulatory expectation regarding the regularity of progress reports for ‘significant’ remedial programmes. However, defining what constitutes ‘significant’ either in relation to size or risk will help to clarify the intention of this paragraph. The ‘2019 Report from the Commission to the European Parliament on the assessment of recent alleged money laundering cases involving EU credit institutions’ indicated the three lines of defence governance framework can be misunderstood or omitted. Further guidance may be helpful.
1. Do you have any comments on the section ‘Subject matter, scope and definitions’?
Subject MatterEFI welcomes the opportunity to contribute to this consultation given that clear guidance for competent authorities is critical to achieving consistency across jurisdictions, thereby strengthening AML/CFT defences.
In our experience, given the dynamic regulatory risk environment faced by the financial sector, reviewing and refreshing the importance of the various AML/CFT compliance roles, responsibilities, and accountabilities is helpful.
Definitions
It is considered helpful, in definitions, to separate the responsibilities within the management body that are attributable to the supervisory and management functions. This separation of responsibilities helps firms to build a robust and risk focussed governance framework.
2. Do you have any comments on Guideline 4.1 ‘Role and responsibilities of the management body in the AML/CFT framework and of the senior manager responsible for AML/CFT’?
Role of management body in its supervisory Function in the AML/CFT FrameworkIt is essential that firm’s governance frameworks are robust and risk focussed such that compliance issues are identified and articulated on a timely basis with any remedial activity prioritised in accordance with the risk assessment. The additional guidance is helpful to the regulated sector and contributes to the AML/CFT risk-based approach, in particular:
4.1.2 13 (a)
Ensuring that the AML/CFT risk assessment is separately communicated to the management body, and not simply subsumed within a general Risk Management Assessment should ensure that AML/CFT risks are known and understood.
4.1.2 13 (b)
Responsibility to ensure that the AML/CFT policies and procedures are adequate and effective and that any remedial activities are deployed on a risk assessed basis helps to articulate the importance of the AML/CFT Compliance Officer’s activities.
4.1.2 13 (c)
It is helpful in strengthening AML/CFT defences to introduce a specific requirement to review periodically (at least annually) on a risk assessed basis the AML/CFT activity report of the AML/CFT Compliance Officer.
4.1.2 13 (d)
The clarification of AML/CFT regulatory expectation is helpful regarding the assessment of the AML/CFT function. There are jurisdictional differences that competent authorities will need to navigate, dovetailing AML/CFT compliance requirements with other similar regimes locally implemented. For example, in the UK, the Senior Managers and Certification regime requires senior managers considered to be performing key roles within a firm to receive PRA or FCA approval before starting their roles. Each senior manager has a statement of responsibilities that clearly says what they are responsible and accountable for. Persons responsible for AML compliance currently fall within this senior manager regime.
EFI considers it helpful to reiterate in guidance the types of evidence expected to support completion of the above actions.
3. Do you have any comments on Guideline 4.2 ‘Role and responsibilities of the AML/CFT compliance officer’?
Suitability skills and expertiseEFI considers this guidance to be helpful. However, consideration could also be given in guidance to assessment of continued competency whilst in the role.
Tasks and role
‘Unconditional and direct access to all information’ is a very clear statement to assist the individual in their role.
Guidance would be helpful regarding the regularity of risk assessment, policy and procedure reviews. It is helpful to outline the regulatory expectation regarding the regularity of progress reports for ‘significant’ remedial programmes. However, defining what constitutes ‘significant’ either in relation to size or risk will help to clarify the intention of this paragraph. The ‘2019 Report from the Commission to the European Parliament on the assessment of recent alleged money laundering cases involving EU credit institutions’ indicated the three lines of defence governance framework can be misunderstood or omitted. Further guidance may be helpful.