Governance: Comments and recommendations
The provisions of the Anti-Money Laundering Law relating to governance are intended to ensure the effectiveness of the AML/CFTP framework of financial institutions, which must, in particular, appoint for this purpose:
- a senior officer responsible for AML/CFTP from amongst the members of its management committee (or, where applicable, senior management) tasked specifically with ensuring the adoption of organisational AML/CFTP measures; and,
- a person responsible for implementing the AML/CFTP framework (know as the “AMLCO”) from amongst the members of the independent compliance function, responsible for the concrete steering of the AML/CFTP framework and its application.
The tasks and requirements applying to the appointment of each of these functions are set out in points 1 and 2 below.
Point 3 sets out the procedures to inform the NBB of the identity of these persons and to provide the information necessary to allow the NBB to assess compliance with the requirements associated with these appointments.
Points 4 and 5 deal with the outsourcing of AMLCO tasks and the application of the principle of proportionality, which may cause the NBB to accept governance arrangements that derogate from those that are commonly required, including, where applicable, combining the functions of the senior officer responsible for AML/CFTP and of the AMLCO.
Finally, point 6 reiterates that AML/CFTP governance requirements should be met by financial institutions in keeping with all prudential governance rules set out in sectoral prudential legislation.
1. Appointment of the senior officer responsible for AML/CFTP
1.1. Tasks
The statutory obligation to appoint a senior officer responsible for AML/CFTP stems from the transposition into national law of Directive (EU) 2015/849. It aims to strengthen the involvement of the highest hierarchical level of financial institutions in the prevention and management of ML/FTP risks.
Without prejudice to the collective responsibility of the governing bodies, the senior officer responsible for AML/CFTP is specifically entrusted with raising awareness and understanding on the part of the management committee or senior management of the impact of ML/FTP risks on the risk profile of the financial institution as a whole and of the importance of having an adequate AML/CFTP framework in place. This person shall, in particular, carry out the following tasks, as detailed on the EBA Guidelines of 14 June 2022:
- ensure that AML/CFTP policies, procedures and internal control measures are adequate and proportionate, taking into account the characteristics of the financial institution and the ML/FT risks it faces. In this respect, the senior officer responsible for AML/CFTP is expected to pay particular attention to (i) the coherence between AML/CFTP procedures and more operational procedures for each activity, and (ii) the coherence of the AML/CFTP framework and that applied within the group;
- assess, together with the management committee (or, where appropriate, senior management), whether it is possible to derogate from the rule of appointing a separate AMLCO based on the principle of proportionality (see point 5 below);
- support the management committee (or, where appropriate, senior management) in assessing the need for an AML unit to assist the AMLCO in the performance of their duties;
- ensure regular reporting to the management committee (or, where appropriate, senior management) and the board of directors on the activities carried out by the AMLCO, and provide them with sufficiently comprehensive and timely information and data on ML/FTP risks and AML/CFTP compliance, so as to enable them to perform the role and functions entrusted to them. Such information should also include the arrangements between the financial institution and the AML/CFTP supervisor and communication with CTIF-CFI, without prejudice to the confidentiality of reports on suspicious financial transactions, as well as the findings of the AML/CFTP supervisor regarding the financial institution, including any measures or sanctions imposed;
- notify the management committee (or, where appropriate, senior management) and the board of directors of serious or significant AML/CFTP problems or violations and recommend measures to remedy them; and
- ensure that the AMLCO (i) has access to all information necessary for the performance of their tasks, (ii) has sufficient human and technical resources and tools to be able to adequately carry out the tasks assigned to them, and (iii) is well-informed of AML/CFTP-related incidents brought to light by internal control systems and of the shortcomings found by national and foreign supervisory authorities while implementing AML/CFTP provisions.
The senior officer responsible for AML/CFTP serves as the main point of contact for the AMLCO within management. This person should also ensure that any AML/CFTP-related concerns of the AMLCO are properly addressed and, where this is not possible, that they are duly taken into account by the management committee or, as applicable, senior management. When the management committee or, as applicable, senior management decides not to follow the AMLCO’s recommendations, any such decision should be duly justified and documented having regard to the risks and concerns raised by the AMLCO.
1.2. Requirements applying to the appointment of the senior officer responsible for AML/CFTP
1.2.1. Financial institutions governed by Belgian law
§1. Position on the organisational chart
Pursuant to Article 9 §1 of the Anti-Money Laundering Law, financial institutions “should “appoint, among the members of their statutory governing body or, where applicable, their senior management, a person responsible, at the highest level, for supervising the implementation of and compliance with the provisions of this Law [...]”. The commentary on this provision in the explanatory memorandum to the Law states that “Where the obliged entity has a body tasked with senior management, such as a management committee, this senior officer must be appointed from amongst its members".
The sectoral prudential rules governing financial institutions require the establishment of a management committee or senior management ensure a clear distinction at the highest level between management of the business (entrusted to the management committee or the senior management) and supervision of this management (entrusted to the board of directors, consisting of a majority of non-executive directors).
The senior officer responsible for AML/CFTP must be appointed from among the members of the financial institution’s management committee; this person may thus not someone who is permanently invited to attend meetings of the management committee without voting rights). In general, this individual will be the member of the management committee with hierarchical responsibility for the independent compliance function. If the financial institution is incorporated other than in the form of a public limited company, or if, in the absence of a management committee, it is managed by a senior management, the senior officer responsible for AML/CFTP shall be a member of such senior management.
§2. AML/CFTP suitability and overlap with the fit & proper prudential assessment process
The senior officer responsible for AML/CFTP is expected to act with integrity and to possess sufficient knowledge, skills, and experience in AML/CFTP matters so as to be able to critically review the measures taken by the AMLCO and ensure compliance with the provisions of the Anti-Money Laundering Law. The NBB expects financial institutions to verify, in the first instance, the AML/CFTP suitability of the persons they are considering appointing to this function.
As a member of the management committee (or of senior management), the senior officer responsible for AML/CFTP must undergo an assessment of their integrity, knowledge, skills and experience (a “fit & proper” assessment) as required by the sectoral prudential rules. It should be noted that this assessment falls within the remit of the prudential supervisor and is thus carried out by either the NBB or, for credit institutions and in accordance with the applicable rules on the allocation of powers, the European Central Bank. For more information on this subject, see Communication NBB_2022_34 of 20 December 2022 on the update of the fit & proper manual.
Given this overlap, financial institutions are expected to:
- explicitly mention on the “new appointment’ fit & proper form for a candidate management committee member, the fact that this person is also called upon to exercise the function of senior officer responsible for AML/CFTP; or,
- immediately notify the NBB by e-mail of the appointment of a current member of the management committee or senior management as the senior officer responsible for AML/CFTP.
The procedures described in point 3 below apply to the abovementioned notifications.
§3. Absence of conflicts of interest
The senior officer responsible for AML/CFTP should be appointed such that conflicts of interest that could jeopardise their AML/CFTP-related tasks do not arise as a result of this person’s other responsibilities. The NBB therefore recommends ensuring that the senior officer responsible for AML/CFTP does not combine this function with other responsibilities that generate ML/FT risks (e.g. a commercial function).
1.2.2. Belgian branches of financial institutions governed by foreign law
§1. Position on the organisational chart
For branches established in Belgium of financial institutions governed by the law of an EEA country or a third country, the senior officer responsible for AML/CFTP is appointed from amongst the branch’s managers. It should be recalled that branches are required to have their own management and organisational structure on the Belgian territory, in accordance with sectoral prudential rules.
§2. AML/CFTP suitability, absence of conflicts of interest and possible overlap with the “fit & proper prudential assessment process
§§ 2 and 3 of point 1.2.1 above apply to the AML/CFTP suitability and absence of conflicts of interest on the part of the senior officer responsible for AML/CFTP at a branch.
Where the branch is that of a financial institution governed by:
- the law of a third country, the senior officer responsible for AML/CFTP, in his or her capacity as manager of the branch, must undergo the fit & proper assessment required by the sectoral prudential rules; these financial institutions are expected to comply with the first or second indent of the fourth subparagraph of § 2 of point 1.2.1, as appropriate;
- the law of an EEA country, the fit & proper prudential assessment falls within the remit of the prudential authority of the home state; these financial institutions are expected to notify the NBB immediately of the appointment of a senior officer responsible for AML/CFTP for the branch in Belgium.
The procedures described in point 3 below apply to the abovementioned notifications
2. Appointment of the AMLCO
2.1. Tasks
As part of thef second line of defence, the AMLCO is responsible for implementing and guiding the financial institution’s AML/CFTP framework. The role and responsibilities of the AMLCO should be clearly defined and documented. More specifically, the AMLCO is entrusted with the following tasks, as detailed in the EBA Guidelines of 14 June 2022:
- developing and maintaining an ML/FT risk assessment framework for the carrying out of the overall and of the individual risk assessments;
- implementing the organisational measures listed in Article 8 of the Anti-Money Laundering Law, ensuring that they are regularly evaluated and, if necessary, modified or updated;
- proposing the adjustments required in the event of changes to the statutory or regulatory requirements or ML/FT risks, and proposing the best way to remedy any deficiencies or shortcomings revealed by monitoring and supervisory action;
- monitoring the effective application of AML/CFTP controls by business and internal units, which make up the first line of defence;
- providing advice before employees at a sufficiently senior level take final decisions on whether to enter into or continue business relationships with high-risk customers, in accordance with the financial institution’s risk-based internal AML/CFT policies and procedures. If employees do not follow the AMLCO’s advice, they should properly document their decision and specify how they intend to mitigate the risks raised by the AMLCO;
- analysing atypical transactions and situations in which due diligence requirements could not be fulfilled (in accordance with Articles 45 and 46 of the Anti-Money Laundering Law);
- deciding, where necessary, to report suspicions to CTIF-CFI (in accordance with Article 47 of the Anti-Money Laundering Law and provisions implementing Article 54 of the Law). In this respect , the AMLCO autonomously decides to report suspicions to CTIF-CFI without having to first submit this decision to the senior officer responsible for AML/CFTP;
- responding to requests for additional information by CTIF-CFI (in accordance with Articles 48 and 49 of the Anti-Money Laundering Law);
- educating and training the financial institution’s staff and, where applicable, agents and distributors on the institution’s AML/CFTP framework;
- developing an annual AML/CFTP monitoring programme covering, in particular, the application of the required AML/CFTP measures by staff, agents and distributors who are in contact with customers;
- ensuring a proper flow of AML/CFTP-related information within the financial institution and the reporting to the management bodies (the board of directors and the management committee/senior management), as well as to the supervisory authorities. In this respect, the AMLCO shall prepare and submit at least once a year an activity report for the attention of the management committee (or senior management in the absence of a management committee) and to the board of directors (see point 2.5 below). In addition, the AMLCO should in any event bring the following to the attention of the senior officer responsible for AML/CFTP: (a) areas where AML/CFTP control measures should be implemented or improved; (b) proposals for appropriate improvements in line with point (a); (c) a progress report on the main remediation programmes, at least annually as part of the aforementioned activity report, and information provided on an ad hoc basis or periodically, depending on the improvements, on the level of exposure to ML/FTP risks and the measures taken or recommended to manage these risks effectively; and (d) whether sufficient human and technical resources have been allocated to the AMLCO and whether these need to be supplemented.
2.2. General principles
Pursuant to Article 9 §2 of the Anti-Money Laundering Law, financial institutions should appoint one or more persons tasked with implementing and guiding the AML/CFTP framework (“AMLCO”). In practice, financial institutions generally appoint an AMLCO who, depending on the nature or size of the financial institution and on its ML/FT risk profile, is either head of an AML unit or works alone.
The NBB recommends the centralised model, which consists of appointing a single person to serve as AMLCO, from amongst the members of the independent compliance function.
Where the financial institution's organisational structure so justifies (e.g. an business line-based organisation), it is possible to assign this function to several persons, each with their own area of expertise (decentralised model), provided:
- each AMLCO meets the AML/CFTP suitability requirements referred to in point 2.3 below and has the necessary hierarchical level and powers to ensure the effective, independent and autonomous exercise of the AMLCO function. Specifically, none of the AMLCOs may depend hierarchically on an operational business unit or function); and
- efficient coordination structures have been put in place to ensure the overall coherence of the AML/CFTP framework within the financial institution.
The practise observed by the Bank of appointing AML correspondents within the commercial departments of a financial institution, with whom the AMLCO cooperates to carry out certain tasks, could prove suitable for ensuring effective and appropriate implementation of ML/FT preventive measures, depending on the specific characteristics of the financial institution concerned.
However, the AMLCO function cannot under any circumstances be split between a member of the compliance function and AML correspondents from the commercial department who report hierarchically to the head of that department. In that case, the hierarchical relationship does not allow the NBB to consider that the requirements in terms of independence and autonomy of the AMLCO function, as set out in Article 9 §2, third subparagraph, point 2° of the Anti-Money Laundering Law, are met, notwithstanding the existence of two reporting lines (i.e., to the compliance officer for the performance of AML/CFTP tasks and to the head of the commercial department for other tasks and functions). When such an organisation is implemented, the AMLCO should remain fully responsible for the entire function, including those tasks for which the AMLCO cooperates with AML correspondents.
2.3. Requirements applying to the appointment of the AMLCO
Pursuant to the third subparagraph of Article 9 §2 of the Anti-Money Laundering Law, and in order to ensure the effective, independent and autonomous exercise of this function, the AMLCO should possess:
- the required professional integrity,
- adequate expertise and knowledge of the Belgian statutory and regulatory AML/CFTP framework,
- the necessary degree of availability, and
- the necessary hierarchical level and powers within the institution, including the power to propose, at his ir her own initiative, to the board of directors and the management committee or, if applicable, to senior management, all necessary or useful measures to guarantee the compliance and effectiveness of the AML/CFTP framework.
2.3.1. Financial institutions governed by Belgian law
§ 1. Position on the organisation chart
The AMLCO should be appointed from amongst the members of the compliance function. This selection should be made by the financial institution’s management committee or, in the absence of a management committee, by its senior management. The AMLCO may be the head of the compliance function (“N-1”) ora staff member of the compliance function (“N-2”), in the case of a medium-sized or large company.
The financial institution’s internal procedures should ensure that the AMLCO has direct and unrestricted access at all times to all information necessary to perform his/her duties. The AMLCO shall decide which information (s)he considers relevant in this respect.
In the event of a major incident, the AMLCO should be able to report and have direct access to the board of directors.
The AMLCO should be appointed from among the financial institution’s staff who are physically based in Belgium, without prejudice to the principle of proportionality. This condition is derived from the territorial scope of application of the Anti-Money Laundering Law, compliance with which the AMLCO is responsible for ensuring, and from the requirement set out in Article 9 §2, third subparagraph, point 2° of the Anti-Money Laundering Law, pursuant to which the AMLCO must have, in particular, knowledge of the Belgian statutory and regulatory AML/CFTP framework and the necessary availability to ensure the effective, independent and autonomous performance of his or her tasks. If this requirement is derogated from on the basis of the principle of proportionality, the financial institution should have in place the necessary systems and controls to ensure that the AMLCO has access to all information and systems required to perform his or her duties and that the AMLCO is available to meet with CTIF-CFI and the supervisory authority without delay. The financial institution must also be able to provide the supervisor with evidence that the measures put in place by the institution are adequate and effective.
As stated under point 2.2, the AMLCO function cannot be assigned to AML correspondents, for the reasons set out therein.
§ 2. AML/CFTP suitability and possible overlap with the "fit & proper” prudential assessment process
- The AMLCO heads the compliance function.
The AMLCO is expected to meet the AML/CFTP suitability requirements set out in point 2.3 above, and financial institutions are expected to verify the AML/CFTP suitability of the persons they intend to appoint to this position.
An AMLCO who also heads the compliance function of a financial institution must undergo the assessment of integrity, knowledge, skills, and experience (“fit & proper” assessment) required by sectoral prudential rules. It should be recalled that this assessment falls within the remit of the prudential supervisor and is thus carried out by either the NBB or, for credit institutions and in accordance with the applicable rules on the allocation of powers, the European Central Bank. For more information on this subject, see Communication NBB_2022_34 of 20 December 2022 on the update of the fit and proper manual.
Given this overlap, financial institutions are expected to:
- explicitly mention on the “new appointment” fit & proper form for a candidate for head of an independent control function, the fact that this person is also called upon to perform the function of AMLCO; and
- immediately notify the NBB by e-mail of the appointment as AMLCO of the current head of an independent control function.
The procedures set out under point 3 below apply to the abovementioned notifications.
Since 1 June 2018, candidates for head of the compliance function of credit institutions governed by Belgian law, stockbroking firms governed by Belgian law, and insurance companies governed by Belgian law have been required to pass the NBB/FSMA aptitude test, which also covers AML/CFTP. Passing the test demonstrates knowledge of the Belgian statutory and regulatory AML/CFTP framework, required for the AMLCO function. However, it does not demonstrate that all criteria set out in Article 9, § 2 of the Anti-Money Laundering Law have been met.
- The AMLCO is a staff member of the compliance function.
Medium-sized or large financial institutions with a compliance team may appoint an AMLCO from among the members of this compliance (N-2). The AMLCO is expected to meet the AML/CFTP suitability requirements set out under point 2.3 above, and financial institutions are expected to verify the AML/CFTP suitability of the persons they intend to appoint to this position.
Not heading an independent control function, the “fit & proper” prudential assessment and the aptitude test referred to above will usually not apply in respect of the N-2 AMLCO. Financial institutions concerned are expected to notify the NBB immediately by e-mail of the appointment of the N-2 AMLCO. The procedures described under point 3 below apply to this notification.
The financial institution should ensure that the AMLCO works on an ongoing basis as part of its overall business continuity management. It should consider the possibility that the AMLCO may exit their position and ensure that there is an available replacement with the required AML/CFTP expertise to whom the AMLCO’s duties can be delegated should the AMLCO be absent for a period of time or should their integrity be called into question. Financial institutions are expected to report such circumstances and the identity of the person acting for the AMLCO immediately by e-mail, as described under point 3 below.
§ 3. Availability
AMLCOs should have sufficient time to perform their tasks properly. In this respect, please refer to point 2.4.2 on the organisational arrangements to support the AMLCO function.
Entrusting the AMLCO function to a person who performs it on a full-time basis may be disproportionate in small financial institutions and/or those that are exposed to low ML/TF risks. In such cases, combining the function of AMLCO with that of senior officer responsible for AML.CFTP may be considered for reasons of proportionality, as described under point 5.5 below.
§ 4. Language skills
The AMLCO is expected to demonstrate a sufficient professional command of one of Belgium’s national languages, having regard in particular to the knowledge of the Belgian statutory and regulatory AML/CFTP framework required of AMLCOs and in view of the tasks with which the AMLCO is entrusted (see point 2.1). It may be acceptable for the AMLCO to have only a command of a language that is customary in international circles when the financial institution concerned can demonstrate, on the one hand, that the conditions to apply the principle of proportionality are met and, on the other hand, that this command alone is not such as to jeopardise the AML/CFTP suitability of the AMLCO, including the requirement of knowledge of the Belgian statutory and regulatory framework, or the effective performance of the AMLCO’s duties.
2.2.2. Belgian branches of financial institutions governed by foreign law
The AML/CFTP suitability requirement set out under point 2.3 apply.
For the reasons set out in §1 of point 2.3.1 and subject to the application of the principle of proportionality (see point 5), the NBB considers that the AMLCO of the Belgium branch of a financial institution governed by the law of an EEA country or of a third country should be appointed from among those staff members who are physically based at the branch in Belgium (and not from among employees who work physically at the parent company), having regard to the territorial scope of application of the Anti-Money Laundering Act, the statutory requirement of knowledge of the Belgian statutory and regulatory AML/CFTP framework, and the availability required of the AMLCO.
When the AMLCO also heads the compliance function of the Belgian branch of a financial institution governed by the law of a third country, the AMLCO must undergo the fit & proper prudential assessment referred to in §2 of point 2.3.1. In view of this overlap, financial institutions concerned are expected to mention explicitly on the “new appointment” fit & proper form for a candidate for an independent control function the fact that this person is also called upon to perform the AMLCO function.
In all other cases, the NBB must be notified immediately by e-mail of the appointment of the AMLCO.
The procedures set out under point 3 below apply to the abovementioned notifications.
2.4. Organisation
2.4.1. Adequacy of human and technical resources
The governing bodies of financial institutions (the board of directors and the management committee or senior management) should ensure that the AMLCO has at all times adequate human and material resources that enable him to comply effectively with the applicable statutory and regulatory AML/CFTP obligations. The resources allocated to AML/CFTP must be proportionate to the ML/FT risks.
2.4.2. AML unit or stand-alone AMLCO
Depending on the nature and size of the financial institution and its ML/FT risk profile, the AMLCO may either head an AML within the compliance function or act on a stand-alone basis.
§ 1. AML unit
The NBB recommends setting up an AML unit within the compliance function focusing on the obligations provided for by or under the Anti-Money Laundering Law when the financial institution is large and/or has a high ML/TF risk profile. This unit is headed by the AMLCO and should be composed of persons with integrity and adequate knowledge of AML/CFTP matters. In this respect, the NBB recommends that the AMLCO be involved in the procedures relating to the recruitment and assignment of employees to the AML unit. The AMLCO coordinates the work of the unit and plays a central role in its most important decisions (e.g. reporting to CTIF-CFI). The AMLCO may combine this role with that of head of compliance, provided that the AML unit includes one or more people dedicated solely to the management of AML/CFTP-related issues.
§ 2. Stand-alone AMLCO
In smaller financial institutions and/or those with a low ML/FT risk profile, the AMLCO may be the sole person responsible for AML/CFTP matters. In this case, the AMLCO is a function in its own right and cannot, in principle, be combined with other functions except with that of senior officer responsible for AML/CFTP as described under point 5.5).
2.4.3. Interactions with AML correspondents who are in direct contact with customers
In order to carry out customer and transaction due diligence properly, it may be necessary for the AMLCO to appoint AML correspondents within the financial institution’s departments or external distributors, who can act as intermediaries for AML/CFTP matters. In this respect, the AMLCO should recruit people with a suitable profile and ensure that they receive, upon recruitment and subsequently on an ongoing basis, useful training specifically adapted to the tasks expected of them in terms of due diligence.
2.5. Activity report by the AMLCO
Article 7 of the Anti-Money Laundering Regulation of the NBB requires the AMLCO to establish an activity report and send it to the management committee (or to the senior management if there is no management committee) and to the board of directors at least once a year. A copy of this report should be sent to the NBB (see the page Reporting by financial institutions).
This report is an important document for the management bodies, as it allows them to properly perform their tasks. The objective is to periodically inform these bodies at the highest level of the obliged financial institution of the nature and intensity of the ML/FT risks to which it is exposed, and of the measures taken or recommended by the AMLCO to reduce and effectively manage these risks. Notwithstanding the great importance of AML/CFTP to prudential supervision (from the perspective of the compliance function), the objectives set out in the Anti-Money Laundering Law also aim to combat crime, which justifies AML/CFTP receiving a specific treatment and special attention. The NBB therefore asks that the AMLCO’s annual activity report is established separately from the annual activity report of the compliance function.
The NBB recommends that the AMLCO’s annual activity report contains at least the following information:
This description should include a brief description of the human and technical resources allocated to AML/CFTP by the financial institution, and the confirmation that these resources appear sufficient or, if that is not the case, an assessment of the additional resources that are deemed necessary to enable the financial institution to meet its AML/CFTP obligations;
Where the financial institution has tasked its senior officer responsible for AML/CFTP with performing the functions of AMLCO in accordance with Article 9 §3 of the Anti-Money Laundering Law, the annual activity report should contain the confirmation that the circumstances justifying this decision have remained unchanged or, if that is not the case, a description of the measures that the institution has taken or will take to respond to the changing circumstances;
Where the financial institution has decided to outsource all or some of the tasks of the AMLCO function to a third party or to another entity of the group, the AMLCO’s annual activity report should mention the checks performed with regard to the performance of the service provider as well as any significant incidents that have occurred in the past year in the context of the outsourcing, and contain an assessment of the completeness, timeliness and quality of the performance of the subcontractor and, where appropriate, a description of the measures taken or proposed to take full account of this assessment;
Where appropriate, it could be useful for the AMLCO’s annual activity report to be based on the responses provided by the financial institution to the periodic or thematic questionnaires established by the NBB and completed by the institution in the past year. In this respect, see the page Reporting by financial institutions.
The principle of proportionality should be applied when establishing the annual activity report. The level of information to be included in it may vary depending on the scale and diversity of the ML/FT risks to which the financial institution is exposed. For instance, the NBB expects the AMLCO’s annual activity report to be much more detailed in case of a financial institution carrying out diversified and large-scale activities, including high-risk activities, than in case of a financial institution that offers a more limited range of products and services associated with lower risks on a smaller scale. In any case, however, the level of information provided in the annual activity report should be sufficient to enable the financial institution’s senior management to form a view of the nature and intensity of the ML/FT risks to which it is exposed, as well as of the adequacy and efficiency of the ML/FT prevention mechanisms implemented in the institution and, where appropriate, of the improvements to be made to them.
In order to better guarantee the quality of the activity reports produced by the AMLCOs of financial institutions and to ensure that these reports provide an effective added value for the senior management of the financial institutions to which they are addressed, in particular by avoiding that these reports are limited to referencing the content of internal policies and procedures or that they omit important information and, in general, with a view to increasing their relevance, the NBB has drawn up an AMLCO report template:pdf - word
The NBB invites financial institutions to adopt this template, with a view to:
- explicitly mention on the “new appointment” fit & proper form for a candidate for head of an independent control function, the fact that this person is also called upon to perform the function of AMLCO; and
- immediately notify the NBB by e-mail of the appointment as AMLCO of the current head of an independent control function.
- The AMLCO is a staff member of the compliance function.
- an explicit statement of whether or not a review of the overall risk assessment imposed by Article 16 of the Anti-Money Laundering Law was required for the reporting year as well as a justification of the decision taken;
- the main conclusions of the update of the overall risk assessment required on the basis of Article 16 of the Anti-Money Laundering Law, where such an update has been performed in the past year;
- a brief description of the AML/CFTP organisation structure and, where appropriate, of any significant changes made in the past year and of the underlying reasoning, distinguishing in particular between the organisation of the supervision by the persons who are in direct contact with customers or instructed with carrying out their transactions, and the organisation of the functions of the AMLCO;
- a brief description of any changes made to the risk-based approach implemented and to the policies, procedures, implementation processes and AML/CFTP-related internal control measures, as well as the reasoning behind these changes;
- a structured overview of the work carried out by the AMLCO in the past year, including information on:
- the nature, number and amount of the atypical transactions detected and transmitted to the AMLCO for analysis,
- the nature, number and amount of the atypical transactions effectively analysed by or under the authority of the AMLCO,
- the nature, number and amount of the reports of suspicious transactions to the CTIF-CFI (broken down by country of operation),
- the number and nature of monitoring missions carried out to verify the implementation of policies, control measures and procedures by employees, agents, distributors and service providers, as well as the adequacy of monitoring resources deployed by the financial institution for AML/CFTP purposes,
- the nature and amount of the trainings provided and of the awareness-raising actions undertaken, and
- a description of any other measures adopted by the AMLCO;
- an analysis of any AML/CFTP-related developments or trends and specific methods and means found with regard to, in particular, the type of customers, the type of transactions, the currencies concerned, or all other relevant information;
- supervisory activities undertaken by the supervisor, including communications with the financial institution, as well reports submitted, violations identified and sanctions imposed, measures taken by the financial institution to remedy the violations identified and the current stage of such remedial action, without prejudice to any other periodic reports that may be required in the event of a supervisory activity or remedial action; and
- all other useful information on the operation of the AMLCO function and the measures to prevent ML/FT.
- achieving an overall improvement in the quality of the AMLCO’s activity report and, consequently, in the awareness of the senior management of financial institutions with regard to AML/CFT issues;
- secondarily, enabling the NBB to adopt a harmonised and coherent approach to processing the information reported to it annually in the area of AML/CFT by the financial institutions under its supervision (to this end, the NBB invites the AMLCOs of these financial institutions to provide it with a copy of their activity report in .docx file format - see the page Reporting by financial institutions).
3. Procedures to inform the NBB of the identity of the appointed persons and provide the information required to assess these appointments
3.1. Persons who are also candidates for a function subject to a fit & proper assessment
Financial institutions are expected to expressly mention on the ‘new appointment’ fit & proper form the fact that the candidate in question is also called upon to perform the function of senior officer responsible for AML/CFTP and/or AMLCO.
In such cases, submission of the fit & proper form to the prudential supervisory authority entails provision of the identity of the candidate for senior officer responsible for AML/CFTP and/or AMLCO to the NBB it its capacity as the AML/CFT supervisory authority/
3.2. Other cases
In other cases, financial institutions are expected to notify the NBB immediately of the appointment of a senior officer responsible for AML/CFTP or AMLCO function at [email protected]. The NBB should also be notified of any changes in circumstances relating to the effective performance of these tasks by persons already appointed.
3.3. Information required to assess appointments
In the cases referred to under both points 3.1 and 3.2, the notification should mention the date on which the individual will effectively take up the position and the date on which the appointment decision was adopted by the financial institution. The notification must be accompanied by the following information:
- contact details (telephone, e-mail) for the person concerned;
- any other positions held by the person concerned within the financial institution or other entities of the group;
- the CV of the person concerned.
Financial institutions are expected to compile, at the time of appointment, a file containing supporting documents demonstrating compliance with the requirements of Article 9 of the Anti-Money Laundering Law, including a justification for application of the principle of proportionality, where relevant.
This file, including any necessary updates to the information contained therein, should be sent to the NBB upon request. If necessary, the NBB may set up an interview.
3.4. Special case - vacancies
Financial institutions must comply at all times with the requirements of the Anti-Money Laundering Law, including the provisions on governance.
A vacancy, even an unplanned one, does not exempt financial institutions from compliance with this obligation, and it is incumbent upon them to adopt all necessary measures to fill the vacancy as soon as possible, as well as all measures necessary to ensure the effectiveness of their AML/CFTP system in the meantime.
Financial institutions are expected to notify any vacancy to the NBB immediately at [email protected], indicating the cause of the vacancy and the abovementioned interim measures.
4. Outsourcing of tasks of the AMLCO function
Insofar as the financial institution remains fully responsible for the AMLCO function, it could be permitted, pursuant to the principle of proportionality and/or for reasons of efficiency, to outsource the executive tasks of the AMLCO function that are assigned to it by the Anti-Money Laundering Law and the Anti-Money Laundering Regulation of the NBB, in full or in part to a third party or to another entity belonging to the same group.
For more information on the principles and concrete arrangements such an outsourcing should comply with, see the page Performance of obligations by third parties.
5. Application of the principle of proportionality
On the basis of the principle of proportionality, the governance obligations set out above may be nuanced in certain financial institutions governed by Belgian law or establishments in Belgium of financial institutions governed by foreign law (branches or agents/distributors of payment or electronic money institutions) that are small or medium sized and/or that fall within the scope ratione personae of the Anti-Money Laundering Law, but do not conduct activities in Belgium and/or are not (or only to a very limited extent) exposed to ML/FT risks in Belgium.
This can be illustrated by two specific and non-exhaustive examples:
-
A credit institution or stockbroking firm governed by foreign law opens a branch in Belgium where the employees are tasked solely with finding potential customers in Belgium. However, the Belgian branch does not enter into business relationships with these customers, does not open accounts for these customers in Belgium, nor is it involved in providing financial services to these customers. Its task stops as soon as the interested potential customers have been directed to the financial institution’s registered office in its country of origin (possibly through its website), which will establish the business relationship and carry out the transactions. Moreover, the Belgian branch in no way intervenes in the implementation of the measures taken by the foreign institution to comply with the anti-money laundering legislation applicable in its country of origin (customer due diligence measures, customer acceptance, transaction monitoring, etc.), unless, where appropriate, solely to collect information on the new Belgian customers of the foreign financial institution, in accordance with the latter’s instructions, and only to submit this information to it (generally through its IT system). The business relationship is established and the AML/CFT measures are implemented directly between the foreign institution and the Belgian customers, pursuant to the national anti-money laundering legislation and regulations applicable to it in its country of establishment.
-
A foreign supervisory authority notifies the NBB that a foreign payment institution will be offering financial services in Belgium through agents established there. On the basis of the notification received, the NBB should normally register the foreign payment institution on the official list of European payment institutions carrying out their activities in Belgium. Pursuant to the European Anti-Money Laundering Regulation and the Belgian Anti-Money Laundering Law, the payment institution will fall within the scope ratione personae of the Belgian Anti-Money Laundering Law and will be subject to the NBB’s supervision. Where appropriate, this European payment institution will be required to establish a “central contact point” in Belgium (see the page dedicated to central contact points. However, further investigation by the NBB shows that the Belgian agent of the foreign payment institution is tasked only with providing technical support to the foreign institution’s Belgian customers (e.g. installing and repairing payment terminals) and that the Belgian agent therefore in no way intervenes in providing financial services to these customers nor is responsible for the correct implementation of the anti-money laundering legislation. It is also possible that the Belgian agent does intervene in collecting customer information for new Belgian customers of the foreign payment institution for the sole purpose of transmitting that information to the payment institution (generally through its IT system), but that further customer due diligence measures, the decision to accept the customer and the adoption of ongoing due diligence measures are left completely to the foreign institution’s registered office.
In the cases described above, the NBB considers that the activities carried out by these foreign institutions in Belgium are not (or only to a very limited extent) exposed to any ML/FT risk, given that the financial services are exclusively or primarily provided from abroad and strongly resemble financial services offered from abroad under the freedom to provide services without a physical establishment in Belgium.
The NBB therefore considers that institutions which are subject ratione personae to the Belgian anti-money laundering legislation but which are small or medium sized and/or conduct activities in Belgium – through their establishment – that are not (or only to a very limited extent) exposed to specific ML/FT risks, can apply the principle of proportionality, in particular:
- by combining the functions of senior AML/CFTP officer and AMLCO;
- by outsourcing all or certain tasks of the AMLCO function;
- by simultaneously combining the functions of senior officer responsible for AML/CFTP and AMLCO and outsourcing all or part of the AMLCO’s tasks;
- by submitting a request for derogation from certain reporting obligations to the NBB (for more information on the reporting obligations and the request for derogation, see the page Reporting by financial institutions).
5.1. Assessment of the principle of proportionality in AML/CFTP
The NBB verifies whether the conditions for the application of the principle of proportionality in AML/CFTP are met, particularly on the basis of the following indicative criteria:
a) the nature of the institution, taking into account its prudential status, its legal form, whether or not it belongs to a group, and its business model;
b) the size of the institution, taking into account its balance sheet total, its turnover, the number of its full-time equivalent employees and its management structure;
c) the nature and complexity of its transactions from the perspective of the ML/FT risks to which it is exposed; and
d) in the case of an establishment in Belgium of a financial institution governed by foreign law (of another EEA country or of a third country), the reasons for creating the Belgian establishment and the functions and tasks assigned to it, particularly in the context of the implementation of the institution’s AML/CFT policies and procedures.
In any case, a financial institution intending to make use of this possibility should be able to demonstrate to the NBB that its intended proportionate terms for the implementation of its obligations are appropriate in view of, in particular, the criteria above.
5.2. Combination of the functions of senior officer responsible for AML/CFTP and AMLCO
On the basis of the principle of proportionality, Article 9 §3 of the Anti-Money Laundering Law enables financial institutions to have the function of senior officer responsible for AML/CFTP and of AMLCO performed by the same person, where justified by the nature or size of the obliged entity.
If a financial institution wishes to make use of this possibility, it is expected to compile a dossier in which (i) it demonstrates that this choice meets the proportionality criteria set out in point 5.1 above and (ii) it specifies why it wishes to apply Article 9 §3 of the Anti-Money Laundering Law. This dossier should be available for submission to the NBB at its first request. Furthermore, the institution should regularly reassess whether the circumstances which justified the application of Article 9 §3 of the Anti-Money Laundering Law still apply. If not, the financial institution should take the measures necessary for the separate appointment of a senior officer responsible for AML/CFTP in accordance with Article 9 §1 of the Anti-Money Laundering Law, on the one hand, and of an AMLCO in accordance with Article 9 §2 of the Anti-Money Laundering Law, on the other. In addition, the financial institution should immediately notify the NBB.
If the possibility to combine functions as laid down in Article 9 §3 of the Anti-Money Laundering Law is used, the senior officer acting as AMLCO should be appointed among the members of the financial institution’s management committee or its senior management, or among the branch’s managers. A fit & proper screening should be performed and it should be ensured that the senior officer acting as AMLCO cannot be affected by conflicts of interest as a result of any other responsibilities. The rules set out in point 1.1 above regarding the senior officer responsible for AML/CFTP apply by analogy.
The senior officer acting as AMLCO should perform the tasks referred to in points 1.2 and 2.2 above.
5.3. Outsourcing
Pursuant to the principle of proportionality and/or for reasons of efficiency, financial institutions may be authorised to use outsourcing. Please refer to point 4 above and to the page Performance of obligations by third parties.
5.4. Simultaneous use of the possibility to (i) combine the functions of senior officer responsible for AML/CFTP and AMLCO and (ii) outsource all or part of the AMLCO’s tasks
Financial institutions governed by Belgian law or branches established in Belgium of a very small size that have a low ML/FT risk profile may make simultaneous use of the possibilities specified in points 5.2 and 5.3 above on the basis of the principle of proportionality.
In that case, the financial institutions concerned (governed by Belgian law or branches) should compile a dossier in which they demonstrate that the conditions set out in points 5.2. and 5.3. are met. This dossier should be available for submission to the NBB at its first request.
In that case, the senior officer acting as AMLCO (member of the management committee or of the senior management) within the financial institution or the branch should have the ultimate responsibility for all important AML/CFTP-related decisions, in addition to its task to monitor the quality of the outsourced services).
5.5. Combination of functions by the AMLCO
As mentioned above, in large financial institutions and/or in institutions with a high ML/FT risk profile, the AMLCO is generally at the head of an AML unit comprised of multiple members. In that case, the AMLCO function can only be combined with the function of person responsible for the compliance function.
For medium-sized financial institutions and/or institutions with a standard ML/FT risk profile, the AMLCO to be appointed may work alone. In that case, the AMLCO function is a full-fledged function that cannot be combined with other functions (apart from the compliance function).
However, in financial institutions governed by Belgian law or branches established in Belgium by foreign financial institutions of a small size and/or institutions with a low ML/FT risk profile, it may be disproportionate to entrust the AMLCO function to a person who performs it on a full-time basis. In that case, it may be appropriate to attribute this function to a person who only performs it part-time, in combination with other functions in the Belgian entity concerned or in other entities of the same group. The NBB considers that such governance rules, which are applied on the basis of the principle of proportionality, require that the following conditions, which result from the nature of the AMLCO function and from the application of Article 9 §2 of the Anti-Money Laundering Law, be met:
- These governance rules meet the proportionality criteria set out in point 5.1 above;
- The other functions performed by the person concerned in the same entity or in another entity of the same group are not such as to expose them to conflicts of interest; from this viewpoint, the functions of AMLCO or of person responsible for the compliance function in another entity of the same group may be considered compatible with the function of AMLCO of the Belgian entity;
- The person concerned should spend sufficient time performing the AMLCO function in the Belgian entity in order to meet the availability condition set out in Article 9 §2 (3rd subparagraph) (2) of the Anti-Money Laundering Law;
- If the person concerned does not usually perform the AMLCO function in the Belgian entity, this geographic distance is without prejudice to the effective performance of this function, to the availability and to the knowledge of the Belgian statutory and regulatory ML/FTP prevention framework, which are required by Article 9 §2 (3rd subparagraph) (2) of the Anti-Money Laundering Law.
A financial institution wishing to apply these governance rules should compile a dossier demonstrating that all these conditions are met. This dossier should be available for submission to the NBB at its first request.
5.6. Senior officer responsible for AML/CFTP and AMLCO in European financial institutions providing services in Belgium solely through (tied) agents or distributors
For
- European credit institutions and stockbroking firms that use a tied agent established in Belgium to perform investment services and/or activities there,
- European credit institutions that use an agent established in Belgium to provide services there consisting of receiving deposits or other repayable funds, and
- European payment institutions or electronic money institutions respectively providing payment services or distributing electronic money in Belgium solely through agents or distributors,
the obligations to appoint a senior officer responsible for AML/CFTP and an AMLCO as laid down in Article 9 of the Anti-Money Laundering Law should be interpreted taking into account the specific characteristics of the presence of these financial institutions on the Belgian territory as well as the principle of proportionality.
The NBB should in any case be informed of the identity and the function of the persons who, at the head office of each of these institutions and in accordance with the law applicable in their country of origin:
- are responsible at the highest level for ensuring that the provisions of the Anti-Money Laundering Law and the other statutory and regulatory provisions referred to in the first subparagraph of Article 9 §1 of the Law are implemented and complied with in Belgium;
- perform the function of AMLCO, pursuant to Article 9 §2 of the Law.
With regard to the obligation to designate a central contact point (see Article 15 of the Anti-Money Laundering Law), please refer to the page dedicated to central contact points.
5.7. Reporting to the NBB
For the possibility of requesting a derogation from certain reporting obligations to the NBB, see the page Reporting by financial institutions.
6. Other governance requirements
The specific AML/CFTP-related governance requirements should be integrated harmoniously into all prudential governance rules applicable to the different sectors concerned.
6.1. AML/CFTP tasks of the board of directors
A financial institution’s board of directors has the following AML/CFTP tasks:
- deciding on the overall ML/FT risk management strategy of the financial institution concerned. The board of directors should therefore have appropriate knowledge, skills and experience to form an overall view of the policy implemented and the ML/FT risks associated with the activities performed and the business model, including knowledge of the statutory and regulatory framework for the prevention of ML/FTP;
- validating the institution’s AML/CFTP policy (see the page Policies, procedures, processes and internal control measures);
- being informed of the results and updates of the institution’s overall ML/FT risk assessment;
- reviewing the AMLCO’s activity report at least once a year and, more frequently in the interim, taking note of activities that expose the financial institution to higher ML/FTP risks;
- assessing at least once a year the proper functioning of the compliance function, including its AML/CFTP component - inter alia on the basis of the conclusions of any internal and/or external audits performed on it - ensuring in particular the adequacy of the human and technical resources allocated to the AMLCO function.
The board of directors should have access to and consider high-quality and detailed data and information so that it is able to perform its AML/CFTP tasks effectively. At a minimum, the board of directors should have timely and direct access to the AMLCO’s activity report, the report of the internal audit function, the findings and conclusions of external auditors where applicable, as well as findings of the supervisor, relevant communications with CTIF-CFI and supervisory measures or administrative sanctions imposed.
6.2. AML/CFTP tasks of the management committee
A financial institution’s management committee or, if it does not have a management committee, its senior management has the following AML/CFTP tasks:
- implementing, at the instigation of the senior officer responsible for AML/CFTP, the organisational and operational AML/CFTP structure necessary to comply with Article 8 of the Anti-Money Laundering Law and with the AML/CFTP strategy defined by the board of directors, paying particular attention to the adequacy of the human and technical resources allocated to the AMLCO function;
- approving the internal AML/CFTP procedures (see the page Policies, procedures, processes and internal control measures, which stipulates that minor changes to these procedures can be validated by the senior officer responsible for AML/CFTP);
- implementing adequate AML/CFTP-related internal control mechanisms (see the page Policies, procedures, processes and internal control measures);
- approving the AMLCO’s annual activity report and being in regular contact with the AMLCO;
- annually assessing the efficiency of its governance system, including the AML/CFTP policy; and
- ensuring proper AML/CFTP reporting to both the board of directors and the NBB.
- ensuring that any outsourcing of the AMLCO’s operational tasks complies with applicable regulations (see point 1 of the page Performance of obligations by third parties), and that it receives regular reports from the service provider.
6.3. Adherence to compliance rules
Since the AML/CFTP policy should be integrated into the compliance function, the principles included in Circular NBB_2012_14 are applicable. Moreover, the prudential rule stipulating that all independent control functions should form a coherent whole, also applies, requiring a good interaction between the compliance function and the risk management function with respect to ML/FT risks (but without creating a hierarchy between these independent control functions).
Although ML/FT risk management is the subject of specific reports submitted to the NBB, the NBB expects the compliance function to also cover this aspect in the context of its reporting on compliance. However, the use of cross-references is allowed in this reporting for AML/CFTP-related aspects.
Reference documents:
- Guidelines of the European Banking Authority of 25 February 2019 (EBA/GL/2019/02) on outsourcing arrangements (for credit institutions, stockbroking firms, payment institutions and electronic money institutions);
- Circular NBB_2018_25 regarding suitability of directors, members of the management committee, responsible persons of independent control functions and senior managers of financial institutions;
- Circular NBB_2012_14 on the compliance function;
- the sectoral circulars on outsourcing:
- for credit institutions and stockbroking firms: Circular PPB_2004_5 regarding sound management practices in outsourcing by credit institutions and investment firms,
- for insurance companies: Circular NBB_2016_31 on the prudential expectations of the NBB as regards the governance system for the insurance and reinsurance sector,
- for payment institutions and electronic money institutions: the aforementioned Circular PPB_2004_05, which is made applicable by Circulars NBB_2015_09 on the prudential status of electronic money institutions and NBB_2015_10 on the prudential status of payment institutions,
- for settlement institutions: Circular PPB_2007_5 on internal control and internal audit, compliance function, prevention policy, sound management practices in outsourcing;
- The sectoral circulars on governance:
- for credit institutions, stockbroking firms, payment institutions and electronic money institutions, settlement institutions and assimilated institutions: the governance manual,
- for insurance companies: the aforementioned Circular NBB_2016_31.
Disclaimer: This English text is an unofficial translation and may not be used as a basis for resolving any dispute.