On heels of EU AML overhaul, EBA releases draft guidance, expectations for compliance officers, requirements for pan-bloc oversight, accountability, authority

The Skinny:

  • A top European banking watchdog has issued, for the first time, the overarching expectations for financial crime compliance officers with oversight duties across multiple member states – a groupwide sentinel responsible for ensuring there are no regional chinks in the bloc’s countercrime armor.
  • The European Banking Authority (EBA) issued a draft proposal – a requirement tethered to just-updated European Union (EU) anti-money laundering (AML) rules – specifically framing the “compliance management and the role and responsibilities” of the anti-money laundering/countering the financing of terrorism (AML/CFT) Compliance Officer (CO).
  • The widely-watched proposal is the first true glimpse of what is expected across the EU financial services sectors of top compliance officers, teams and decision-makers in terms of training, investigations and filing reports of suspicious activity.
  • In that same vein, the draft guidelines offer rare insight on balancing resources and results and the authority and clout needed to carry out these duties by adding more transparency, explainability and accountability to reasons why AML programs didn’t get the financial or executive support needed – or simply got overruled when trying to file reports on certain profitable clients. 

By Brian Monroe
bmonroe@acfcs.org
August 13, 2021 

A top European banking watchdog has issued, for the first time, the overarching expectations for financial crime compliance officers with oversight duties across multiple member states – a groupwide sentinel responsible for ensuring there are no regional chinks in the bloc’s countercrime armor.

The European Banking Authority (EBA) issued a draft proposal – a requirement tethered to just-updated European Union (EU) anti-money laundering (AML) rules – specifically framing the “compliance management and the role and responsibilities” of the anti-money laundering/countering the financing of terrorism (AML/CFT) Compliance Officer (CO).

The draft guidelines “comprehensively address, for the first time at the level of the EU, the whole AML/CFT governance set-up,” according to the EBA. “They set clear expectations of the role, tasks and responsibilities of the AML/CFT compliance officer and the management body and how they interact, including at group level.”

The widely-watched proposal is the first true glimpse of what is expected across the EU financial services sectors of top compliance officers, teams and decision-makers in terms of training, investigations and filing reports of suspicious activity.

In that same vein, the draft guidelines offer rare insight on balancing resources and results and the authority and clout needed to carry out these duties.

How?

By adding more transparency, explainability and accountability to any reasons why in whole or in part, AML programs didn’t receive needed funding, executive support of were overruled when trying to file reports on certain profitable clients.

“The move by the EU appears to be a step in the right direction,” said Dev Odedra, an independent AML expert, director, Minerva Stratagem Consulting and owner of fincrime compliance site, “The Laundry News.”

“If standards, such as those laid out by EU AML Directives aim to unify the approach to tackling money laundering, a unified approach to supervision does make sense,” he said.

“That is especially true compared to what currently appear as disjointed approaches to fighting financial crime and sharing information that vary widely across European jurisdictions, which have seen a number of money laundering scandals emerge lately.”

The one standout question will be “How effective will this new approach be in detecting and stopping financial crime? But that I mean, not just in following a unified approach to improve general program compliance, but tackling the issue of financial crime itself and being more effective in crushing larger, international and interconnected organized criminal groups.”

More prescriptive AML program guidelines: New possibilities, but pitfalls too

The nearly 50-page missive seeks to address some of the bloc’s historical and emerging fincrime vulnerabilities and criticism tied to recent banking scandals that saw billions of dollars in risky funds flow into and out of the bloc through large banking groups, embarrassing the institutions and regional regulators.

Cognizant of these flashpoint issues, the draft guidance is required reading for AML, fraud, sanctions, corruption and cyber defense teams as it charts out in unprecedented detail the expectations for EU AML officers, requirements for pan-bloc bank oversight, accountability and authority.

In short, the draft guidelines touch on some of the more nuanced and challenging areas of crafting fincrime compliance defenses, including working with – and in some cases challenging – the business line on risky clients.

The proposal also touches on creative tactics to capture and boost budgets and enhance the accountability of senior managers over AML, particularly when they overrule compliance teams to keep profitable whales or deny resources or requested staffing and technology upgrades.  

Such clarity is also designed to address the gaping disparities between member state compliance implementation – potentially opening the door to criminal groups always looking for the path of least resistance to launder ill-gotten gains.

Even with rising EU AML directives ratcheting up duties in recent years, there have, however, been a “number of reports that suggest” AML requirements “have been implemented unevenly across different sectors and Member States,” according to the proposed guidelines.

As well, the practical aspects of the various AML directives – now up to the sixth incarnation – are “not always applied effectively. This can have adverse consequences for the integrity of the EU’s financial system.”

In tandem, the detailed and prescriptive proposal also addresses a longstanding pressure point for fincrime compliance officers the world over – not just the EU: the importance of having a voice, a seat at the table and the ear of senior management to take their concerns seriously.  

Fincrime compliance leaders “need to have a sufficient level of seniority, which entails the powers to propose, on their own initiative, all necessary or appropriate measures to ensure the compliance and effectiveness of the internal AML/CFT measures to the management body in its supervisory and management function.”

The guidelines offer more concrete boundaries relating to how various hierarchical levels of compliance should be acting, interacting and communicating with domestic and pan-bloc regulators, financial intelligence units and law enforcement.  

The draft guidelines also “specify the tasks and role of the member of the management board, or the senior manager where no management board exists, who are in charge of AML/CFT overall, and on the role of group AML/CFT compliance officers.”

The updated draft guidelines also make some declarative statements on common compliance practices to maximize resources, such as outsourcing data gathering, analysis or investigative duties.

Some of AML program prongs regulators don’t want shuffled down the line include: validating risk assessment and transaction monitoring systems, reporting suspicious transactions and accepting high risk customers, just to name a few.

Next Steps: The proposed EU AML guidelines for compliance officers

Comments to the draft Guidelines can be sent by clicking on the “send your comments” button on the EBA’s consultation page. 

The deadline for the submission of comments is 2 November 2021. 

All contributions received will be published following the close of the consultation, unless requested otherwise. 

The EBA will hold a virtual public hearing on the draft Guidelines on September 28, 2021 from 10:00 to 12:00 Paris time. The dial-in details will be communicated to those who have registered for the meeting.  

Don’t get tripped up with new, updated terminologies: Official offices, officer duties

The strengthened EU AML guidelines focus on more forcefully deputizing certain fincrime compliance officers, and others, at varying levels of the organization, with particular attention paid to large banking groups working across the bloc – and beyond.

Here is a glimpse of some of the key terms:

AML/CFT Compliance officer

This is the person at the top of the AML hierarchy, responsible for ensuring compliance with regional fincrime compliance directives, and now, the stronger EU-wide initiatives.

Groupwide AML officer

Under current EU AML rules, the institution is charged with effectively mitigating ML/TF risks at both entity level and group level.

Where a financial services operator is part of a group, a Group AML/CFT compliance officer in the parent company should be appointed to ensure the establishment and implementation of effective group-wide AML/CFT policies and procedures – an update under one of the refreshed guidelines.

The management body and/or senior manager in charge of AML/CFT compliance

This could be the chief compliance officer, or similar high-level individual with authority to communicate laterally, to other C-suite executives, about the needs of the AML team – potentially budget decision-makers – and take concerns, fears and failings upward to the board of directors.

Management body in its supervisory function

Means the management body acting in its role of overseeing and monitoring management decision-making.

Management body in its management function

Means the management body responsible for the day-to-day management of the financial sector operator.

Competent authorities

These are the member state regulators having oversite of banking groups in their jurisdiction. 

Interlinked initiatives: big swings to see big picture, but also parse out finer points

The latest proposal comes on the heels of an expansive bloc-wide EU AML update released last month to improve the fight against financial crime, including by upgrading rules and regulations, empowering new pan-bloc regulators, while putting more pressure on member-state examiners to find scandals before they make the papers.  

In the AML update, the EU is also working to better illumine the dark corners of criminal finance by evaporating beneficial ownership opacity, trimming cash use and shining the light on the real individuals engaged in virtual currency transactions with a ban on anonymous crypto wallets and a limit of paying more than 10,000 euros in cash – for anything.

To read the full release, click here.

The genesis of the updates: refreshed recommendations to focus on effectiveness from global watchdog groups, terror attacks in and out of the bloc and, in large measure, to multiple banking scandals that saw hundreds of billions of dollars in suspicious funds from more dubious jurisdictions flow through member states.

At the still-rumbling epicenter of the scandals is Danske Bank, which is under investigation in several countries, including the United States, tied to more than 200 billion euros ($220 billion) of transactions through its branch in Estonia between 2007 and 2015.

Many of those transfers the bank has openly admitted were suspicious in nature and tied to higher risk regions, including Russia.

Other banks linked to Danske and the Russian funds flows, including Swedbank, SEB and others, have paid nearly half a billion dollars in AML penalties and seen top executives and board members sacrificed at the altar of progress in a show of fealty to please regulators and assuage multi-jurisdictional law enforcement investigators.

Even prior to the EU banking scandals making global headlines, top officials had uncovered cracks in the countercrime foundation.

In a 2017 Joint Opinion, the European Supervisory Authorities (ESAs) considered that the Union’s financial sector was exposed to money laundering and terrorist financing (ML/TF) risks arising from “ineffective AML/CFT systems and controls.”

Findings from national supervisors “pointed to a number of causes for these shortcomings,” according to the ESAs.

“These included senior management of some financial sector operators affording low priority to AML/CFT issues, in particular when paired with a corporate culture that pursues profits at the expense of robust compliance.”