EBA’s new AML Guidelines – A double-edged sword?

This article was originally published in Thomson Reuters Regulatory Intelligence.

Along with the development of technology, progress and globalisation sustained by business agreements and transactions concluded all over the world, there are also certain misconducts and one will notice fraud increasing daily. In an effort to achieve a common better understanding by competent authorities and financial sector operators of the anti-money laundering regulatory framework, the European Banking Authority (“EBA”) has launched, on 2 August, 2021, a public consultation paper on the Guidelines regarding the policies and procedures in relation to compliance management and the role and responsibilities of the AML/CFT Compliance Officer under Article 8 and Chapter VI of Directive (EU) 2015/849 (the “Guidelines”).

It is noteworthy to mention that the money laundering and terrorist financing field is strongly regulated by the European Union (“EU”) through several directives, among which Directive (EU) 2015/849 of May 20, 2015 (the “Directive 2015/849”).

In a nutshell, the Guidelines aim to provide a better understanding over a certain topic included in Directive 2015/849, namely to clarify and elaborate the role and responsibilities of:

Nevertheless, as discussed herein below, the rationale behind the publication of the Guidelines was derived from EU Member States and financial sector operators’ practice when implementing Directive 2015/849.

• Rationale

Starting with 2015, there have been a number of reports indicating that the requirements set out in Directive 2015/849 have been implemented and applied unevenly or ineffectively by the Member States.

With respect to the Compliance Officer, the “motto” of the Guidelines, Directive 2015/849 provides that the appointment of the same should be performed by the obliged entities only under certain circumstances, where appropriate with regard to the size and nature of the business. Given this rather general wording, certain financial sector operators did not comply with the same and, on the basis of their own analysis, considered that there was no need to appoint a Compliance Officer.

However, the Guidelines came to shed some light over this interpretative obligation, explaining that the appointment of a Compliance Officer is mandatory for all the financial sector operators, whilst other obliged entities (like independent legal professionals,       estate agents, etc.) should still carry out this proportionality test.

Considering the above, it is still not clear how the other obliged entities can properly understand and apply their obligations regarding the Compliance Officer, since the phrase “the size and nature of the business” is rather vague and has an orientation character.

Hence, it can be argued that, for the time being, the common ground for the appointment or not of a Compliance Officer should be the best practice in this field adopted by the other obliged entities of the Member States. In addition to that, the Guidelines can offer certain direction with respect to the general responsibilities and role of such Compliance Officer when appointed.

• Effective and proportionate application

Another overarching statement involves the effective and proportionate application of the Guidelines themselves. As pointed out therein, proportionality and effectiveness are to be assessed by reference to the financial sector operator’s type, size, internal organisation, nature, scope and complexity of its activities, as well as the money laundering and/or terrorist financing risks to which the financial sector operator is exposed.

Whereas proportionality is easier to infer, the question raises how effectiveness is going to be assessed on the basis of the above-mentioned criteria.

From our standpoint, effectiveness shall imply high quality in terms of AML/CFT control procedures, which may be achieved by way of ensuring adequate resources, hiring suitably qualified staff, adapting the corporate governance documents and developing internal reporting policies, so as to ensure clear responsibilities for the senior management and create an efficient reporting flow, aimed at identifying information highlighting money laundering and/or terrorist financing concerns.

In that same vein, effectiveness may also stem from the appropriate interaction between the supervisory authorities and the senior management of the financial sector operators concerned, which reinforces the need for the latter’s involvement in AML/CFT issues, clear responsibilities and even a direct line with AML/CFT responsible staff.

It should be pointed out that these precise matters have been previously identified as shortcomings, being the very reason why these Guidelines were issued in the first place.

• Consequence of group compliance requirements

On the grounds of the obligation imposed by the Directive 2015/849 for groups of companies to appoint a compliance officer at the parent company level, having the role of ensuring compliance with AML/CFT programs developed at group level for all subsidiaries worldwide, certain points might be worth considering.

On the one hand, this obligation may have an impact on the business relations between the EU and the United Kingdom (or any other third country), in terms of whether subsidiaries located in such third jurisdictions may have an obligation to appoint a local compliance officer so as to ensure compliance with the above mentioned requirements for their parent companies based in EU Member States, respectively whether parent companies based in third jurisdictions may have an obligation to appoint a global compliance officer so as to ensure compliance of subsidiaries located in EU Member States with the requirements thereunder.

In addition, it is our opinion that the EU Directive 2015/849 also imposes groups of companies to implement effective AML/CFT programs in accordance with EU law at the level of majority owned subsidiaries located in third countries, including where the regulations of the respective third jurisdictions prevent such measures being applied with the rigor imposed by the same.  

Nonetheless, the authorities of EU Member States also have the obligation, according to the Guidelines, to review the implementation of this AML/CFT compliance function by financial sector operators in their jurisdiction and may even impose administrative sanctions of a maximum amount of at least EUR 5,000,000 or 10% of the operators’ total annual turnover for breaches of their obligations under Directive 2015/849 that are serious, repeated, systematic, or a combination thereof.

It remains to be seen whether the appointment of a compliance officer may be considered such a substantial part of the AML/CFT policies required to be implemented at group level, so as to grant EU Member States’ authorities objective reasons to perform the extraterritorial interventions allowed under Directive 2015/849.

•  Remarks

Even though these Guidelines are a first true glimpse of what is expected from financial sector operators in relation to AML/CFT, certain aspects, such as the mandatory appointment of a Compliance Officer by other obliged entities, the criteria ensuring an effective and proportionate application of the same, or the extent to which extraterritoriality may be enforced thereunder still remain unclear.

Time will show whether the EBA’s endeavour will have the expected impact, or rather the answers thus provided will leave room for new questions triggering the need to issue additional guidelines to the Guidelines.