Circular on Anti-Money Laundering Officer

Transcription

1 Circular on Anti-Money Laundering Officer for the Prevention of Money Laundering and Terrorist Financing

2 Table of contents Table of contents Introduction Legal basis General part Organisational integration of the AML-Officer in the company Role of the AML-Officer The AML-Officer s powers Specific part Compatibility of functions Compatibility of the functions of AML-Officer and compliance officer pursuant to WAG Compatibility of the AML-Officer position and employment in internal audit department Compatibility of AML-Officer position and position as employee in legal department/front office Compatibility of AML-Officer position and position as managing director/management board member Outsourcing General Limits on outsourcing Required measures on site Design of outsourcing agreement

3 1. Introduction 1 The aim of this Circular is to provide the parties addressed with assistance in establishing the function of an anti-money laundering official, ensuring that the function is equipped with the level of authority needed to meet the statutory requirements. 2 This Circular replaces the FMA Circular on the compatibility of internal auditing / anti-money laundering official / compliance officer of 30 March The legal basis for the establishment of a special officer to ensure adherence with Articles 40 et seq. of the Bankwesengesetz (BWG; Banking Act) and Articles 98a et seq. of the Versicherungsaufsichtsgesetz (VAG; Insurance Supervision Act) for the purposes of tackling money laundering and terrorist financing is provided in Article 41 para. 4 no. 6 BWG and Article 98h para. 1 no. 6 VAG. The rules essentially comprise the obligation on the part of supervised companies to appoint within the company a special officer who is responsible for ensuring that the due diligence obligations related to combating money laundering and terrorist financing are fulfilled. 4 The special officer pursuant to Article 41 para. 4 no. 6 BWG and Article 98h para. 1 no. 6 VAG is generally referred to as the Geldwäschereibeauftragter (GWB), the anti-money laundering officer ( AML-Officer ). The German abbreviation GWB is also used in some instances by the legislator (see explanations on the government bill in annex 286 to the shorthand verbatim records of the National Council, 23rd legislative period, page 10). For the purposes of this Circular, the English term used is Anti-Money Laundering-Officer or AML- Officer. 5 This Circular is directed at all Austrian credit institutions as well as credit institutions from EEA Member States, inasmuch as these are active in Austria either through branches under the freedom of establishment or directly provide services under the freedom to provide services. 6 It is also aimed at all Austrian investment firms and investment service providers as well as investment firms from EEA Member States, inasmuch as these are active in Austria through branch offices under the freedom of establishment. 1 7 This Circular is also directed at all Austrian payment institutions as well as payment institutions from EEA Member States, inasmuch as these are active in Austria either through 1 See Articles 6 and 12 para. 4 of the Wertpapieraufsichtsgesetz 2007 (WAG 2007; 2007 Securities Supervision Act). 3

4 branches under the freedom of establishment or directly provide services under the freedom to provide services. 2 8 Furthermore, this Circular is addressed to all Austrian electronic money institutions and electronic money institutions from EEA Member States that are active in Austria either through branches under the freedom of establishment or directly provide services under the freedom to provide services. 3 9 This Circular is also aimed at all insurance undertakings offering life assurance in Austria, as well as at insurance undertakings from EEA Member States that are active in Austria through a branch or under the freedom to provide services and at insurance undertakings from third countries that are active in Austria through a branch. It is also intended to apply to subsidiaries and branches of Austrian insurance undertakings in third countries. 10 In the following the parties addressed by this Circular are referred to uniformly as supervised (or outsourcing) companies. To the extent that a distinction is made between institutions as referred to in paras. 5 to 8 and insurance undertakings as referred to in para. 9, this is expressed using the wordings supervised companies pursuant to BWG for the former and insurance undertakings for the latter. 11 Financial institutions pursuant to Article 1 para. 2 BWG are equally subject to the due diligence obligations specified in the BWG for the purposes of combating money laundering and terrorist financing. The contents of this Circular may thus also provide financial institutions with assistance in applying the specific provisions of law. Financial institutions as defined in Article 1 para. 2 BWG are covered by the term supervised companies. 12 It is the responsibility of the individual supervised companies to more specifically implement the recommendations contained in this Circular in accordance with the type, size, business structure and risk potential of the company in the particular case. 13 This Circular reflects the FMA s legal opinion on the statutory due diligence obligations for the purposes of combating money laundering and terrorist financing. The legal basis is not affected thereby. No rights or obligations beyond those defined in the statutory provisions may be deduced from this Circular. 14 Where expressions relating to persons are given only in the male form hereinafter, they are to be considered to apply equally to males and females. The respective gender-specific form is used when reference is made to specific persons. 2 3 See Article 19 para. 5, Article 12 paras. 3 and 6 of the Zahlungsdienstegesetz (ZaDiG; Payment Services Act). See Article 13 para. 1 and Article 9 para. 2 of the E-Geldgesetz 2010 (E-GeldG 2010; 2010 E-Money Act). 4

5 2. Legal basis 15 In accordance with the provisions of Article 41 para. 4 no. 6 BWG and Article 98h para. 1 no. 6 VAG, supervised companies are required to appoint a special officer dedicated to ensuring compliance with the relevant provisions of the BWG and VAG with regard to combating money laundering and terrorist financing. The amendment of the BWG (Federal Law Gazette I No. 37/2010) and of the VAG (Federal Law Gazette I No. 37/2010) implemented the note contained in the FATF Mutual Evaluation Report on Austria of 2009 on FATF Recommendation 15. The provisions have been fleshed out by specifying the rights of inspection and intervention held by the special officer in each case as follows: 16 The position of the special officer should be set up in such a way that the officer is only responsible to the managing directors (or management board) and is required to report directly, without going through any intermediate levels, to these managing directors (or management board). 17 The special officer should be given free access to all information, data, records and systems with any potential link to money laundering or terrorist financing. 18 Additionally, these officers must be given sufficient levels of authority to fulfil their role. 19 The supervised companies must take appropriate organisational steps to ensure that the duties of the special officer can be fulfilled on site at any time. 5

6 3. General part 3.1. Organisational integration of the AML-Officer in the company 20 The position of the AML-Officer should be set up in such a way that the officer is only responsible to the managing directors (or management board) and is required to report directly, without going through any interim levels, to these managing directors (or management board). In order to guarantee the flow of information between the supervised company and the supervisory authority, the names of the AML-Officer and his deputy (and/or any changes to the appointments) should be communicated to the FMA. 21 In those cases in which the AML-Officer also carries out other duties or functions within the company (e.g. the AML-Officer is a member of the legal department and also responsible to a different unit from an organisational perspective), corresponding organisational measures and/or internal rules are required in order to ensure that the employee, in his capacity as AML-Officer, is only accountable to and required to report to the managing directors (or management board) Role of the AML-Officer 22 The AML-Officer s role is to ensure compliance within the company with the due diligence obligations relating to combating money laundering and terrorist financing (Articles 40 et seq. BWG and Articles 98b et seq. VAG). The actions required in this regard should either be carried out by the AML-Officer himself or arranged by him, in which case their implementation should subsequently be reviewed by the AML-Officer. Measures and rules should be in place with regard to deputising arrangements in order to ensure that such compliance is guaranteed at all times. 23 The AML-Officer s remit usually includes in particular: serving as the company s central internal and external contact person for questions relating to the prevention or combating of money laundering and terrorist financing; preparing a risk analysis for the company pursuant to Article 40 para. 2b BWG and Article 98b para. 4 VAG: introducing and developing appropriate strategies, processes and (IT) systems to guarantee that due diligence obligations are upheld in order to prevent or combat money laundering and terrorist financing; creating and developing internal bodies of rules (manuals, work instructions etc.) on how to prevent or combat money laundering and terrorist financing; 6

7 reviewing whether the measures and processes implemented by the company to prevent or combat money laundering and terrorist financing are appropriate as a means of complying with the statutory provisions (this review process may also include ongoing checks and spot checks, for example); defining and implementing a list of measures for the areas covered by enhanced due diligence obligations; monitoring business relationships that are subject to enhanced due diligence obligations (e.g. higher risk classification, PEP etc.); reviewing and approving or rejecting new business relationships that are classed as representing an elevated risk or with regard to which the customer advisor has requested a review; blocking and releasing suspicious transactions; processing peculiarities that arise during ongoing monitoring of business relationships, implementing research and follow-up research to resolve the reasons for any peculiarities; arranging for measures to be applied in the company s branches and subsidiaries in third countries that are at least as stringent as those applied in the company itself; developing, organising and implementing employee training; reporting suspicious transactions and/or carrying out enquiries in order for transactions to be approved pursuant to Article 41 BWG or Article 98f VAG; setting up systems to enable the company to respond quickly and comprehensively to enquiries from the Financial Intelligence Unit (FIU) or from the FMA; scheduled and ad hoc reporting to the management/management board; reporting to the authorities responsible for combating money laundering and terrorist financing pursuant to Article 9, final sentence of Regulation (EC) No. 1781/2006 on information on the payer accompanying transfers of funds The AML-Officer s powers 24 The AML-Offcer must be given the level of authority needed to fulfil his remit: free access to all information, data, records and systems with any potential link to money laundering or terrorist financing or that are used to combat money laundering and terrorist financing, particularly for the purposes of carrying out verification activities; option of contacting the managing directors or the management board at any time; option of blocking transactions or accounts and of ordering relevant measures; option of rejecting new business relationships or of terminating existing relationships in accordance with the legal parameters; comprehensive rights to instruct employees in the relevant area of responsibility; freedom to decide on whether to submit to the authorities responsible for combating money laundering and terrorist financing a suspicious transaction report or a report pursuant to Article 9, final sentence of Regulation (EC) No. 1781/2006 on information on the payer accompanying transfers of funds. 7

8 25 For the purposes of clarifying the position, remit and powers of the AML-Officer, it is vital that his place in the company s organisational structure, his essential tasks and his individual powers be defined in writing. 26 Responsibility for penal administrative measures remains with the persons authorised to represent the company externally despite the transfer of tasks or powers to the AML-Officer. 8

9 4. Specific part 4.1. Compatibility of functions 27 In practice the question often arises as to the compatibility of certain functions and activities (e.g. the AML-Officer is also the compliance officer pursuant to WAG or works in the internal audit department 5 or in the legal department or in the front office 6 or is also a managing director or member of the management board 7 ). To ensure that the AML-Officer is independent, anti-money laundering-related tasks should as a general rule be carried out within an independent framework that is kept separate from other fields of activity. Different functions can in any event only be deemed to be compatible if exercising such a dual function does not impair the AML-Officer s independence and if sufficient resources are available for the proper fulfilment of the assigned areas of responsibility Compatibility of the functions of AML-Officer and compliance officer pursuant to WAG The same person may as a general rule perform the function of the AML-Officer and the compliance officer pursuant to WAG 2007 if there are sufficient resources to guarantee proper fulfilment of the assigned tasks and duties. With regard to the limits to the compatibility of functions for which the compliance officer pursuant to WAG 2007 is responsible, reference is made to the statutory requirements of WAG Compatibility of the AML-Officer position and employment in internal audit department 29 Given that the internal audit department is also responsible for the proper fulfilment of all due diligence obligations with regard to the prevention of money laundering and terrorist financing, and in view of the ban on self-auditing, provision must be made for a fundamental segregation of the tasks of the internal audit department on the one hand and the tasks of the AML-Officer on the other. 30 In keeping with the principle of proportionality, smaller supervised companies may, on an exceptional basis, decide to link the activity of the AML-Officer with the function of the See See See See See also the FMA Circular relating to the organisational requirements of WAG 2007 in relation to compliance, risk management and internal audit. 9

10 internal auditor in the institution or undertaking, in which case the following considerations can play a key role in the decision: Business area of supervised company Total assets Number of employees Scope and complexity of transactions relevant to money laundering Membership in a company group Internal structure and organisation In determining whether the functions can be merged on the basis of a company s size, the size categories defined in Article 42 para. 6 BWG should be used as a guide in relation to supervised companies that fall within the scope of the BWG. This must not, however, replace an individual review in each case to make sure that, even if the respective size limits are not exceeded, the functions are not incompatible with each other. 31 In order to comply with the ban on self-auditing, any (permitted) merger of functions is subject to the corresponding organisational prerequisites. These must be defined accordingly and ensured by the supervised company. For example, where the function of the AML- Officer and that of the internal auditor are being performed in parallel, and given that the internal audit department is also responsible for the proper fulfilment of all due diligence obligations relating to the prevention of money laundering and terrorist financing, the ban on self-auditing means that the money laundering-related tasks must be reviewed by an appropriately trained employee of the credit institution or insurance undertaking (e.g. another employee working in the internal audit department) or by an external third party (e.g. auditor, audit association 9 ) Compatibility of AML-Officer position and position as employee in legal department/front office 32 With regard to the compatibility of the function of the AML-Officer with other activities in the company (e.g. working in the legal department or front office), particular account must be taken of any notable conflicts of interest that arise. Simultaneous activities as AML-Officer and as front-office employee should be viewed particularly critically in this regard. 33 In the event that the AML-Officer also performs another function in the company at the same time or carries out other activities within the company, guarantees must always be in place to ensure that the individual concerned is not influenced or impeded in his function as AML- Officer by any conflicts of interest. For the purposes of ensuring that he remains independent, the AML-Officer must be equipped with sufficient resources and powers. 9 Where the audit association is assigned the task of internal auditing, the ban on self-auditing must be taken into account, i.e. the auditor involved in the internal audit of a supervised company may not at the same time act as a bank auditor in the supervised company. 10

11 34 With regard to the compatibility of the function of AML-Officer with other activities in smaller companies, the information provided under para. 30 applies accordingly Compatibility of AML-Officer position and position as managing director/management board member 35 The AML-Officer function may only be performed by a managing director or management board member in exceptional cases, in view of statutory provisions stating that the position of AML-Officer should be established in such a way that the AML-Officer is responsible to the managing directors or management board and must report directly to them without having to go through any intermediate levels. The wording implies a hierarchical relationship ( responsible to the management board ) whilst the fact that the AML-Officer is required to report directly to the management board logically requires that this reporting obligation apply to a person other than a board member. Additionally, given his major area of responsibility, a managing director or management board member will generally lack the necessary time to meet the full scope of obligations associated with the function of AML- Officer. 36 In keeping with the principle of proportionality, very small institutions and/or companies (a rule of thumb would be the equivalent of six full-time employees) may, on an exceptional basis, have a managing director or management board member fulfil the function of the AML- Officer if the extremely limited staff size makes it difficult to split up the functions and it does not appear appropriate given the high level of involvement on the part of the managing director of a very small institution or on the part of the management board of a very small company. 37 The supervised company should notify the FMA in good time that the function of AML-Officer is being performed by the managing director/management board member, including a clear explanation of the reasons for this decision and documentary evidence of the extent to which in this specific case it makes sense for the function of the AML-Officer to be exercised by the managing director/management board member in keeping with the principle of proportionality. Where necessary, the FMA will review as part of its supervisory activity the extent to which the exercising of the AML-Officer function by the managing director or management board member is justified in the individual case. It is recommended that the reasons for the decision be documented. 38 Where the function of the AML-Officer and that of managing director/management board member is being exercised by one and the same person, the supervised company must always ensure that the managing director/management board member actually has the required time to meet the full scope of obligations associated with the function of AML-Officer (to the extent not outsourced; see also 4.2). Additionally, due account should be taken of any conflicts of interest that could arise from a potential combination of functions. 11

12 4.2. Outsourcing General 39 The statutory provisions of Article 41 para. 4 no. 6 BWG and Article 98h para. 1 no. 6 VAG demand that the position of a special officer be created within the company. It is also stipulated that companies must introduce appropriate organisational measures in order to ensure that these tasks can be fulfilled on site at all times. 40 Neither the BWG nor the VAG specifies a general ban on the outsourcing of the tasks or position of AML-Officer. 41 The terms of Article 41 para. 4 BWG and Article 98h para. 1 VAG focus on the creation of an effective and efficient system for preventing and combating money laundering and the financing of terrorism. Such a system is not restricted to individual company level but may also be created at the level of a group or sector where appropriate. The AML-Officer function can be positioned in a central AML unit that pools specialist knowledge and information in order to guarantee effective action against money laundering for the companies in the group or sector concerned. Within such structures, the resulting synergy effects are utilised in order to develop uniform internal principles, processes and controls to avoid money laundering and terrorist financing and, subsequently, to agree on uniform measures with regard to workflows and codes of conduct for those companies with a similar economic strategy, business focuses and customer structures. 42 In terms of practical implementation, different priorities can be set when allocating the tasks of the AML-Officer within the group and decentralised structures, in the interests of proportionality. 10 Consequently, responsibility for fulfilling either single or the entirety of tasks suitable for outsourcing 11, or even the position of AML-Officer itself, can be outsourced within the group or sector concerned. A staff member with the necessary expertise should be deployed on site in order to ensure that the quality of internal controls in the outsourcing company is not significantly affected by the outsourcing arrangement. Tasks may not be transferred to an entity outside the group or sector concerned (such as to third-party subcontractors for example). 43 The fact that tasks are transferred within the group or sector must not result in any delegation of responsibility for adherence to the administrative rules to the AML-Officer in the group or sector concerned. Thus, irrespective of whether individual tasks or all of the tasks suitable for outsourcing or the function of AML-Officer have been outsourced, and regardless of whether services have been bought in (e.g. IT systems, agreements with data centres, production of See also explanations on the government bill in annex 661 to the shorthand verbatim records of the National Council, 24th legislative period, page 5. See para. 46 for further information on tasks suitable for outsourcing. 12

13 expert reports), responsibility for adherence to the administrative rules remains with the outsourcing company (or its management) Limits on outsourcing 44 The outsourcing of individual tasks that are suitable for outsourcing or of all such tasks within the group or sector or the outsourcing of the position of AML-Officer may not have a detrimental effect on the proper fulfilment of the statutory obligations or on the scope for management and control of the management/management board of the outsourcing company and may also not impede the supervisory authority s rights of inspection and means of control. 45 Tasks and powers must be allocated in such a way to allow, on site and at all times, an immediate response and the necessary processes to be triggered. A minimum of material responsibility must therefore be retained by the outsourcing company The outsourcing of the following tasks in particular is considered as permissible: Installation and operation of computer programs to monitor transactions and customers. It must, however, be possible to calibrate the systems, i.e. it must be possible for the system to take account of factors specific to the individual companies. Creation of general work and organisational instructions, guidelines and documents with generally applicable information (e.g. anti-money laundering manuals), with the involvement in all cases of the expert staff member deployed on site, ensuring that the rules drawn up take account of the individual business areas and specific features of the outsourcing company. Creation of training and information concepts: it is recommended that training take place for the most part in person, with web-based training used as a supplement. Reporting of suspicious transactions and reports pursuant to Regulation (EC) No. 1781/2006 after involving the expert staff member deployed on site Required measures on site 47 With regard to the allocation of tasks between the outsourcing company and the AML-Officer at group or sector level, the extent of the tasks may be designed differently in keeping with the principle of proportionality, provided that there is an expert member of staff in the outsourcing company who has been given a minimum remit and powers, thereby guaranteeing the ability to respond immediately to events and to trigger the necessary processes. Any tasks, the fulfilment of which would require on-site presence, may not be transferred. The expert staff member deployed on site assumes a key position between the outsourcing company and the AML-Officer at group or sector level. Company-specific 12 See also para

14 knowledge cannot and must not be absent on site whenever some or all of the tasks that are suitable for outsourcing are being outsourced or when the position of AML-Officer is being outsourced. The expert staff member deployed on site is a key contact person with regard to assessing suspicious transactions or acquiring information that is not evident from the data material made available. In order to ensure this ability to respond at all times on site, measures and rules should be in place with regard to deputising the function of the expert staff member deployed on site. 48 To meet these requirements, the following are regarded as making up the minimum remit and powers of the expert staff member deployed on site: function as an internal contact person within the outsourcing company and as an external point of contact for the AML-Officer at group or sector level and/or for the authorities; conducting of local monitoring, if not carried out by computer programs 13 ; free access to all information, data, records and systems with any potential link to money laundering or terrorist financing or that are used for money laundering or terrorist financing, particularly in order to be able to carry out investigations, including the power to inspect all contracts and transactions; option of blocking transactions and accounts; 14 involvement in the creation of work instructions, guidelines and general documents, as well as in calibration of computer systems in order to ensure that they are suitable for the individual company concerned; involvement in the reporting of suspicious transactions Design of outsourcing agreement 49 A service level agreement (SLA), which specifies and documents the precise details of the rights and obligations of either party, should be entered into between the outsourcing company and the relevant entity within the group or sector. 50 Key components of the SLA include a precise definition of the tasks to be outsourced and of the responsibilities being assigned. The interfaces in the allocation of tasks with regard to individual obligations should also be clearly defined. The outsourcing of the position of AML- Officer should be explicitly stipulated in the SLA, guaranteeing that the appointment of a specific physical person as AML-Officer will be documented in writing (in the form of an additional clause to the agreement for example) and that the employees of the outsourcing company will be informed accordingly Even if monitoring is carried out by the central AML unit within the group or sector, it must still be possible to introduce (complementary) measures to fulfil these tasks at the level of the outsourcing company. Even if transactions are blocked by the central AML unit within the group or sector, it must still be possible to introduce (complementary) measures to fulfil these tasks at the level of the outsourcing company. 14

15 51 It is important that the entity to which the role is being outsourced is provided in the SLA with the necessary powers to fulfil its tasks. Specifically, the SLA should stipulate issues such as: any powers of instruction required to fulfil the tasks, and free access at all times to all of the required documentation and data of the outsourcing company. If the relevant data is kept at an outsourced data centre, it is recommended that the centre be incorporated into the outsourcing agreement. 52 The SLA should also stipulate that, with regard to fulfilling the tasks for the outsourcing company, the entity within the group or sector to which such tasks have been assigned should be directly responsible to the management (or management board) of the outsourcing company and should not be required to take any instruction from other line mangers in the group or sector. The entity responsible for fulfilment of the outsourced tasks should be commissioned separately for these specific auditing tasks by the management or management board of the outsourcing company. In addition, the agreement should define the obligation to report directly to the management or management board of the outsourcing company. 15