← Back to Insights

European Banking Authority publishes guidelines on roles and responsibilities of the AML/CTF Compliance Officer

15 September 2022

The European Banking authority (“EBA”) has issued guidelines specifying the role, tasks and responsibilities of the Anti-Money Laundering/Countering the Financing of Terrorism (“AML/CFT”) compliance officer, the management body and senior manager in charge of AML/CFT compliance as well as internal policies, controls and procedures.

The guidelines are expected to be implemented December 1, 2022

The below is a summary only and not an exhaustive summary of the full guidelines. Key items considered:


Clarification of the role of the management body in its management function and the role of the management body in its supervisory function.


Proportionality criteria for the appointment of a separate AML/CFT compliance officer.


Assessment prior to the appointment, by the credit or financial institutions, of the suitability, skills and expertise that the AML/CFT compliance officer should possess.

Tasks and responsibilities

Clarification of expectations regarding the role, tasks and responsibilities of the AML/CFT compliance officer and management (including the member of the management body who will be responsible for implementing the AML/CFT obligations). 

The draft guidelines, for the first time at the level of the EU, set out the whole AML/CFT governance set-up with set clear expectations of the role, tasks and responsibilities of the AML/CFT compliance officer and the management body and how they interact, including at group level.

The guidelines are intended to be proportionate to take into account diversity of financial sector operators that are within the scope of the AML Directive.

They are also in line with existing EFTA Surveillance Authority (“ESA”) guidelines, in particular: the revised guidelines on internal governance under the Capital Requirements Directive (“CRD”); the revised Joint ESMA and EBA Guidelines on the assessment of the suitability of members of the management body; the draft guidelines on the authorisation of credit institutions; and the draft guidelines for common procedures and methodologies for the supervisory review and evaluation process (“SREP”) and supervisory stress testing.


The management body in its supervisory function should be responsible for setting, approving and overseeing the implementation of an adequate and effective internal governance and internal control framework to ensure compliance with applicable requirements in the context of the prevention of money laundering and terrorism financing (“ML/TF”).

Collective responsibility of the management body over AML/CTF matters and importance of effective Management Information to ensure information provided to management is comprehensive and facilities informed-decision making including being informed of the results of being informed of the results of the business-wide ML/TF risk assessment:

  • reviewing at least once a year the activity report of the AML/CFT compliance officer and obtaining interim updates more frequently for activities that expose financial sector operators to higher ML/TF risks;
  • assessing the effective functioning of the AML/CFT compliance function, at least once a year, by assessing, in particular, the adequacy of the human and technical resources allocated to the AML/CFT compliance officer.

AML/CFT Officer

AML/CFT compliance officers need to have a sufficient level of seniority, which entails the powers to propose, on their own initiative, all necessary or appropriate measures to ensure the compliance and effectiveness of the internal AML/CFT measures to the management body in its supervisory and management function.

In some situations, where commensurate with the ML/TF risk to which the financial sector operator is exposed and permitted under the national law, the AML/CFT compliance officer may be located in another jurisdiction. In those cases, the financial sector operator should appoint the AML/CFT compliance officer within the governance arrangements of that financial sector operator.

The AML/CFT officer should be independent, including independent reporting.

When an employee is acting as the AML/CFT compliance officer for two or more entities of the group or is charged with other tasks (e.g., legal advice), the financial sector operator should ensure that these multiple appointments still allow the AML/CFT compliance officer to fulfil his/her functions in an effective manner. The AML/CFT compliance officer should operate for different entities only if the entities are part of the same group. However, due to the nature of the Collective Investment Sector, the AML/CFT compliance officer should be in a position to service several parties which are not necessarily part of the same group.

The role and responsibilities of the AML/CFT compliance officer should be clearly defined and recorded and the AML/CFT compliance officer should be granted unconditional and direct access to all information to fulfill the role.

AML/CFT compliance officer should ensure that adequate policies, including the ML/TF risk assessment framework and procedures are put in place, maintained and implemented effectively and updated and supporting guidance provided to the institution and provide adequate and effective reporting to management.

Identify, analyse, responsibility for, and support of the Suspicious Activity reporting process.

Evidencing effectiveness of the AML/CFT compliance officer

Competent authorities should be able to request adequate information to test the adequacy and effectiveness of AML/CFT compliance officer function.

Outsourcing AML/CFT

Outsourcing framework must be in place in the event that AML/CFT is outsourced including within the same group.

In the framework of the outsourcing of tasks of the AML/CFT compliance function, the rights and obligations of any professional and service provider as well as their roles, responsibilities and duties shall be clearly listed, distributed and defined in an outsourcing contract.

Apex Services

Apex Group’s Compliance Solutions experts provide regulatory compliance services in Luxembourg to support financial operators comply with relevant AML/CFT responsibilities.


Please contact us to find out how we can support your business.


Get in touch with our team

Contact Us