Governance: Comments and recommendations

The Anti-Money Laundering Law contains specific provisions on governance. For instance, to ensure the efficiency of the AML/CFTP policy, financial institutions should at least appoint the following persons:

  • on the one hand, among the members of their management committee (or their senior management), a senior officer responsible for AML/CFTP who is specifically tasked with ensuring the adoption of organisational measures relating to AML/CFTP (see point 1 below); and,
  • on the other hand, among the members of their compliance function, a person responsible for implementing the AML/CFTP policy (the so-called “AMLCO”) who is tasked with the concrete steering of the AML/CFTP policy (see point 2 below).

However, the AMLCO’s tasks can be outsourced in part or in full (see point 4 below). Furthermore, the NBB can accept deviating arrangements by applying the principle of proportionality. In accordance with Article 9 §3 of the Anti-Money Laundering Law, it is for example possible to have the functions of senior officer responsible for AML/CFTP and of AMLCO performed by the same person and/or to outsource the AMLCO’s tasks (see point 5 below).

The governance requirements relating to AML/CFTP are also expected to be integrated harmoniously into all prudential governance rules included in the different sectoral supervisory laws (see point 6 below).

1. Appointment of the senior officer responsible for AML/CFTP

The obligation to appoint a senior officer responsible for AML/CFTP arises from the transposition of Directive 2015/849 into national law and primarily aims to enhance the involvement of the highest hierarchical level of the financial institutions in ML/FT risk management.

1.1. Terms and conditions for the appointment of the senior officer responsible for AMLC/CFTP

1.1.1. Senior officer responsible for AML/CFTP in financial institutions governed by Belgian law

§1. Position in the organisational chart

Article 9 §1 of the Anti-Money Laundering Law stipulates that financial institutions should “appoint, among the members of their statutory governing body or, where appropriate, of their senior management, the person responsible, at the highest level, for supervising the implementation of and compliance with the provisions of this Law [...]”. The comment on this provision in the explanatory memorandum of the Law specifies that “Where the obliged entity has a body tasked with senior management, such as a management committee, this senior officer must be chosen from its members". For financial institutions falling under the NBB’s supervision, the sectoral prudential rules stipulate that a management committee or senior management should be established to ensure that there is a clear distinction, at the highest level, between business management (which is conferred upon the management committee or the senior management) and the supervision of this management (which is conferred upon the board of directors, which consists of a majority of non-executive directors). In this respect, the senior officer responsible for AML/CFTP must be appointed among the members of the financial institution’s management committee (the senior officer responsible for AML/CFTP therefore may not be a permanent guest of the management committee who does not have voting rights in the said committee). This person is generally the member of the management committee who is hierarchically responsible for the compliance function. If the financial institution is established in a form other than that of a public limited company, or if it is managed by a senior management because it does not have a management committee, the senior officer responsible for AML/CFTP should be a member of this senior management.

§2. Fit & proper screening

The senior officer responsible for AML/CFTP is expected to act with integrity and to possess general AML/CFTP-related knowledge so as to be able to critically review the measures taken by the AMLCO and to ensure compliance with the provisions of the Anti-Money Laundering Law. 

For instance, the NBB expects financial institutions to perform fit & proper checks. Moreover, as member of the management committee (or member of the senior management), the senior officer is subjected to an expertise and integrity review (fit & proper screening). This review, which is not specifically AML/CFTP oriented, is performed by either the NBB or the European Central Bank (depending on the divisions of powers laid down in or pursuant to the SSM Regulation with regard to the supervision of credit institutions). The integrity and expertise requirements and the procedure for this screening are specified in Circular NBB_2018_25 (for credit institutions subject to the direct prudential supervision of the ECB, this circular should be read in conjunction with the SSM guide to fit and proper assessments). When financial institutions submit the fit & proper form “New appointment” for a candidate member of the management committee who is to perform the function of senior officer responsible for AML/CFTP, this should be explicitly mentioned, and the AML/CFTP-related knowledge of the person concerned should be specified. Where appropriate, the NBB may organise an interview. For current managers who have been appointed “senior officer responsible for AML/CFTP”, an e-mail notification sent to [email protected] suffices.

§3. Absence of conflicts of interest

When appointing the senior officer responsible for AML/CFTP, financial institutions should avoid candidates who, as a result of any other responsibilities, could be affected by conflicts of interest that could jeopardise their AML/CFTP-related tasks. The NBB therefore recommends ensuring that the senior officer responsible for AML/CFTP does not combine this task with other ML/FT risk-generating tasks (such as the commercial function).  

1.1.2. Senior officer responsible for AML/CFTP in branches established in Belgium by financial institutions governed by foreign law

§1. Position in the organisational chart

For branches established in Belgium by financial institutions governed by foreign law (by the law of an EEA country or of a third country), the senior officer is appointed among the branch’s managers. It should be recalled that, pursuant to prudential regulations, branches are required to have their own management and organisation structure on the Belgian territory.

§2. Fit & proper screening and absence of conflicts of interest

As with a financial institution governed by Belgian law, the senior officer responsible for AML/CFTP of a branch should act with integrity and have adequate expertise in the area of AML/CFTP. When appointing such an officer, financial institutions should also avoid candidates who could be affected by conflicts of interest as a result of their other responsibilities. Since the NBB does not perform a fit & proper screening of a branch manager (as this screening is conducted by the Home Country Controller) in the context of its prudential supervision, the branch is expected to demonstrate, at the NBB’s first request, that it has taken measures to ensure that the person concerned has the expertise required and is not exposed to potential conflicts of interest.

1.2. Tasks

The statutory obligation to appoint a senior officer responsible for AML/CFTP is meant to enhance the involvement of the highest hierarchical level of financial institutions in the prevention of ML/FT risk. The NBB therefore expects the senior officer responsible for AML/CFTP to raise awareness, among the entire management committee or senior management, of the importance of such prevention and, in particular, to perform at least the following tasks:

  1. ensure that AML/CFTP policies, procedures and internal control measures are adequate and proportionate, taking into account the characteristics of the financial institution and the ML/FT risks facing it. In this respect, the senior officer responsible for AML/CFTP is expected to pay particular attention to (i) the coherence between the AML/CFTP procedures and the more operational procedures for each activity, and (ii) the coherence between the AML/CFTP policy and the policy implemented within the group;
  2. assess, together with the management committee (or, where appropriate, senior management), whether the rule to appoint a separate AMLCO can be deviated from on the basis of the principle of proportionality (see point 5 below);
  3. support the management committee (or, where appropriate, senior management) in assessing whether it is necessary to establish an AML unit to assist the AMLCO in carrying out his/her duties;
  4. ensure regular reporting to the management committee (or, where appropriate, senior management) and to the board of directors on the activities carried out by the AMLCO, and provide them with sufficiently comprehensive and timely information and data on AML/CFTP risks and compliance with AML/CFTP regulations, which is necessary to enable them to perform the role and functions entrusted to them. Such information should also include arrangements between the financial institution and the AML/CFTP supervisor as well as communication with CTIF-CFI - without prejudice to the confidentiality of reports of suspicious financial transactions - and findings of the AML/CFTP supervisor regarding the financial institution, including any measures or sanctions imposed;
  5. notify the management committee (or, where appropriate, senior management) and the board of directors of serious or significant AML/CFTP problems or violations and recommend measures to remedy them; and
  6. ensure that the AMLCO (i) has access to all the information necessary to perform his/her tasks, (ii) has sufficient human and technical resources and tools to be able to adequately perform the tasks assigned to him/her, and (iii) is well-informed of the AML/CFTP-related incidents brought to light by the internal control systems and of the shortcomings found by the national and foreign supervisory authorities while implementing the AML/CFTP provisions.

The senior officer responsible for AML/CFTP serves as the main point of contact for the AMLCO within management. This person should also ensure that any AML/CFTP-related concerns of the AMLCO are properly addressed and, where this is not possible, that they are duly taken into account by the management committee or, where appropriate, senior management. Where the management committee or, where appropriate, senior management decides not to follow the AMLCO’s recommendation, such decisions should be duly justified and recorded in the light of the risks and concerns raised by the AMLCO.

2. Appointment of the AMLCO

2.1. General principles

Article 9 §2 of the Anti-Money Laundering Law stipulates that financial institutions should appoint one or more persons tasked with implementing and steering the AML/CFTP policy (“AMLCO”). In practice, this means that financial institutions should generally appoint an AMLCO who, depending on the nature or size of the financial institution and on its ML/FT risk profile, will head an “AML unit” or work alone.

Although the NBB recommends appointing a single person to perform the function of AMLCO within the compliance function (centralised model), this function can, when justified by the financial institution's organisation structures (e.g. due to an activity-based organisation), be assigned to multiple persons, each having their own area of competence (decentralised model). In that case, the following conditions should be met:

  1. each AMLCO appointed meets the conditions set out in Article 9 §2 (3rd subparagraph) (2) of the Anti-Money Laundering Law, and particularly those relating to the independence and autonomy of the AMLCO function (which specifically means that the AMLCO cannot depend hierarchically on an operational unit or function) as well as those relating to the position in the organisational chart and to fit & proper included in point 2.2 below; and
  2. efficient coordination structures have been introduced to ensure the overall coherence of the AML/CFTP policy within the financial institution.

In this regard, the Bank has found that certain financial institutions have appointed AML correspondents in their commercial departments with whom the AMLCO collaborates to perform certain tasks in order to ensure that all measures to prevent ML/FTP are implemented effectively and adequately. Such an organisation could be appropriate for financial institutions with certain specific characteristics. However, the NBB stresses that the AMLCO function itself may not be split between a member of the compliance function and these “AML correspondents”, who are part of the commercial department and depend hierarchically on the person responsible for that department. Indeed, this hierarchical connection prevents these persons from complying with the conditions relating to the independence and the autonomy of the AMLCO function set out in Article 9 §2 (3rd  subparagraph) (2) of the Anti-Money Laundering Law, even though they are subject to dual reporting lines: on the one hand to the Compliance officer for the performance of their AML/CFTP-related tasks and on the other hand to the person responsible for the commercial department for their other tasks and functions. When such an organisation is chosen, the AMLCO should therefore remain fully responsible for the entire function, including the associated tasks for which the AMLCO calls on these AML correspondents.

2.2. Terms and conditions for the appointment of the AMLCO

The third subparagraph of Article 9 §2 of the Anti-Money Laundering Law stipulates that the AMLCO function should be effective, independent and autonomous, and that the person tasked with this function should have:

  1. the professional integrity needed,
  2. adequate expertise, including knowledge of the Belgian statutory and regulatory AML/CFTP framework,
  3. the availability, and
  4. the hierarchical level and the powers within the institution to be able to propose, on the AMLCO’s own initiative, all necessary or useful measures to guarantee the compliance and efficiency of the internal AML/CFTP measures to the board of directors and to the management committee
2.2.1. AMLCO in financial institutions governed by Belgian law

§1. Position in the organisational chart

The AMLCO should be appointed within the compliance function and this choice should be made by the financial institution’s management committee or, in the absence of a management committee, its senior management. The AMLCO can be either the person responsible for the compliance function (“N-1”) or, in medium or large companies, an employee of the compliance function (“N-2”). 

The financial institution’s internal procedures should ensure that the AMLCO at all times has unrestricted and direct access to all information necessary for the performance of his/her duties. The AMLCO decides what information he/she needs access to in this respect.

In case of a major incident, the AMLCO should be able to report and have direct access to the board of directors.

Due to the territorial scope of the Anti-Money Laundering Law, the compliance with which the AMLCO is tasked with ensuring, on the one hand, and owing to the requirement set out in Article 9 §2 (3rd subparagraph) (2) of the Anti-Money Laundering Law, which stipulates that the AMLCO should, in particular, possess the knowledge of the Belgian statutory and regulatory framework and the availability needed to perform his/her functions effectively, independently and autonomously, and subject to the application of the principle of proportionality (see point 5 below), the AMLCO should be appointed among the employees of the financial institution who are physically located in Belgium. If this requirement is derogated from under the principle of proportionality, the financial institution should have the necessary systems and control measures in place to ensure that the AMLCO has access to all information and systems necessary for the performance of the latter’s duties, and is available to meet with CTIF-CFI and the supervisor without delay. The financial institution should also be able to provide evidence to the supervisor that the measures it has put in place are adequate and efficient. Furthermore, the Bank draws attention to the fact that the conditions relating to the independence and autonomy of the AMLCO function set out in Article 9 §2 (3rd subparagraph) (2) of the Anti-Money Laundering Law prevent this function from being conferred upon the AML correspondents referred to in point 2.1, as they are subject to dual reporting lines: on the one hand to the Compliance officer for the performance of their AML/CFTP-related tasks and on the other hand to the person responsible for the commercial department for their other functions. 

§2. Fit & proper screening

  • AMLCO who is responsible for the compliance function

    The terms and conditions for the appointment of the AMLCO are specified in Article 9 §2 of the Anti-Money Laundering Law. Where the AMLCO is the person responsible for the financial institution’s compliance function, this person is subjected to the fit & proper screening performed by either the NBB or the ECB (depending on the divisions of powers laid down in or pursuant to the SSM Regulation with regard to the supervision of credit institutions). The integrity and expertise requirements applicable are specified in Circular NBB_2018_25 (for credit institutions subject to the direct prudential supervision of the ECB, this circular should be read in conjunction with the SSM guide to fit and proper assessments). For new appointments, the NBB asks financial institutions to explicitly mention in the “New appointment” form that the candidate is to perform the function of AMLCO.

    Additionally, as regards credit institutions governed by Belgium law, stockbroking firms governed by Belgium law and insurance companies governed by Belgium law, it should be noted that, from 1 June 2018 onwards, the appointment of the person responsible for the compliance function will be conditional upon the successful completion of a qualifying exam conducted by the NBB/FSMA covering the area of AML/CFTP in particular. For instance, if a candidate for the function of person responsible for the compliance function is considered “fit” by the NBB on the basis of, in particular, having successfully completed the qualifying exam, the NBB deems this success to also be sufficient proof of the candidate’s knowledge of the Belgian statutory and regulatory AML/CFTP framework, which is required to take on the function of AMLCO.

       

  • AMLCO who is an employee of the compliance function

    For medium or large financial institutions where the compliance function comprises multiple persons, the AMLCO can be appointed among the employees of the compliance team (“N-2"). The terms and conditions for the appointment, which are specified in Article 9 §2 of the Anti-Money Laundering Law, also apply in this case. However, the fit & proper screening by the NBB and the aforementioned qualifying exam are generally not performed as, in accordance with the prudential supervisory laws, these are only required for the appointment of the persons responsible for the independent control functions. As a result, the financial institution concerned is expected to be able to demonstrate, at the NBB’s first request, the measures it has taken to ensure compliance with Article 9 §2 of the Anti-Money Laundering Law and, among other things, to ensure that the person concerned meets the conditions relating to integrity, expertise and knowledge of the Belgian statutory and regulatory AML/CFTP framework, and to ensure that this person has direct access to the board of directors and/or its subcommittees and has the right of initiative with regard to the aforementioned management bodies.

The financial institution should ensure that the AMLCO is working on an ongoing basis as part of its overall business continuity management. It should consider the possibility of the AMLCO being relieved of his/her duties and ensure the availability of a substitute possessing appropriate skills and expertise to whom the AMLCO’s duties can be delegated in the event that the latter is absent for some time or his/her integrity is no longer beyond doubt.

§3. Availability

AMLCOs should have sufficient time to perform their tasks correctly.

In large financial institutions and/or in institutions with a high ML/FT risk profile, the AMLCO is generally at the head of an AML unit comprising multiple members. 

In medium-sized financial institutions and/or institutions with a standard ML/FT risk profile, the AMLCO to be appointed can work alone. In that case, the AMLCO function is a full-fledged function that cannot be combined with other functions (apart from the compliance function). 

However, in small financial institutions and/or institutions with a low ML/FT risk profile, it may be disproportionate to entrust the AMLCO function to a person who performs it full-time. Please refer in this respect to point 4.5 below on the functions that can be combined by the AMLCO for reasons of proportionality.

2.2.2. AMLCO in the branches established in Belgium by financial institutions governed by foreign law

For branches established in Belgium by financial institutions governed by foreign law (by the law of another EEA country or of a third country), the Bank considers, as specified above, that taking into account the territorial scope of the Anti-Money Laundering Law and the statutory requirements to have knowledge of the Belgian statutory and regulatory framework and to have the availability required, and subject to the application of the principle of proportionality (see point 5 below), the AMLCOs of these branches should be appointed among the employees who are physically located in the branch concerned (and not among the employees who are physically located in the parent company).

It should also be ensured that the AMLCO to be appointed acts with integrity and has adequate expertise in the area of AML/CFTP. In this regard, the branch is expected to be able to demonstrate, at the NBB’s first request, the measures it has taken to ensure compliance with Article 9 §2 of the Anti-Money Laundering Law and, among other things, to ensure that the person concerned meets the conditions relating to integrity, expertise and knowledge of the Belgian statutory and regulatory AML/CFTP framework, and to ensure that this person has direct contact with the branch’s managers as well as the right of initiative with regard to these managers.

2.3. Tasks

As part of the second line of defence, the AMLCO is responsible for effectively steering AML/CFTP policy in the financial institution. The AMLCO’s role and responsibilities should be clearly defined and documented. In particular, the AMLCO is responsible for the following tasks:

  1. developing and maintaining an ML/FT risk assessment framework for the purpose of carrying out overall and individual risk assessments;
  2. effectively implementing the organisational measures listed in Article 8 of the Anti-Money Laundering Law, and ensuring that they are regularly reviewed and, where necessary, amended or updated;
  3. proposing a course of action in the event of changes in statutory or regulatory requirements or in ML/FTP risks, and how best to address deficiencies and shortcomings revealed by monitoring and supervision;
  4. monitoring the effective implementation of AML/CFTP control measures by business units and internal units, which act as the first line of defence;
  5. providing advice before employees at an appropriately high hierarchical level make a final decision on the acceptance or continuation of a business relationship with high-risk customers in accordance with the financial institution’s risk-based internal AML/CFTP policies. Where these employees do not follow the AMLCO’s advice, they should properly record their decision and establish how they intend to mitigate the risks raised by the AMLCO;
  6. analysing atypical transactions and situations in which the due diligence obligations could not be fulfilled (in accordance with Articles 45 and 46 of the Anti-Money Laundering Law);
  7. deciding, where necessary, to report suspicions to CTIF-CFI (in accordance with Article 47 of the Anti-Money Laundering Law and the provisions adopted in implementation of Article 54 of the Law) and to provide it with any other information required by application of the Law. In this regard, the AMLCO makes the autonomous decision to report to CTIF-CFI without submitting this decision to the senior officer responsible;
  8. responding to requests for additional information addressed to the financial institution by CTIF-CFI (in accordance with Articles 48 and 49 of the Anti-Money Laundering Law);
  9. educating and training the staff and, where applicable, the agents and distributors of the financial institution on AML/CFTP-related matters;
  10. developing an annual AML/CFTP monitoring programme covering, in particular, the application of the required measures to prevent ML/FTP by the employees, agents and distributors who are in contact with customers, and implementing this programme;
  11. ensuring a proper flow of AML/CFTP-related information within the financial institution and guaranteeing feedback to the management bodies (board of directors and management committee/senior management) and to the supervisory authorities. In this regard, the AMLCO should establish an activity report and send it to the management committee (or to the senior management if there is no management committee) and to the board of directors at least once a year (see point 2.4 below). In addition, the AMLCO should in any case bring the following to the attention of the senior officer responsible for AML/CFTP: (a) areas where AML/CFTP control measures should be implemented or improved; (b) proposals for appropriate improvements in line with point (a); (c) a progress report of major remediation programmes, at least once a year as part of the above-mentioned activity report, and information provided on an ad hoc basis or periodically - depending on improvements – on the level of exposure to ML/FTP risks and the measures taken or recommended to manage these risks effectively; (d) whether sufficient human and technical resources have been allocated to the AMLCO and, if not, whether they need to be supplemented.

2.4. Organisation

2.4.1. Adequacy of human and technical resources

Financial institutions’ management bodies (board of directors and management committee or senior management) should ensure that the AMLCO at all times has adequate human and material resources that enable him to comply effectively with the statutory and regulatory AML/CFTP obligations. The resources allocated to AML/CFTP should be proportionate to the ML/FT risks.

2.4.2. Organisation of an “AML unit” or AMLCO working alone

As mentioned above, the AMLCO may, depending on the financial institution’s nature or size and ML/FT risk profile, either lead an AML unit established within the compliance function or only perform the function of AMLCO.

§1. AML unit

In large financial institutions or institutions with a high ML/FT risk profile, the NBB recommends creating an AML unit within the compliance function, dedicated to ensuring compliance with the obligations set out in the Anti-Money Laundering Law. This unit, which is headed by the AMLCO, is comprised of persons acting with integrity who have expertise in the area of AML/CFTP. In this respect, the NBB recommends involving the AMLCO in the procedures relating to the recruitment and assignment of employees who will be part of the AML unit to be led by him. Where such a unit has been created, it is recommended for the AMLCO to coordinate the work relating to AML/CFTP and to play a central role for the most important decisions (e.g. reporting to CTIF-CFI). The AMLCO may combine this task with that of person responsible for the compliance function, provided that the AML unit led by this person is comprised of one or more persons assigned exclusively to the management of AML/CFTP-related aspects.

§2. AMLCO working alone

In smaller financial institutions and/or institutions with a low ML/FT risk profile, the AMLCO may be the only person in charge of all AML/CFTP-related tasks. In that case, the AMLCO constitutes a full-fledged function which, in principle, may not be combined with other functions. However, derogations are possible pursuant to the principle of proportionality (see point 5.5. below).

2.4.3. Interactions with AML correspondents who are in direct contact with customers

To properly fulfil the customer and transaction due diligence obligations, it could be necessary for the AMLCO to appoint AML correspondents within the financial institution’s departments or among its external distributors who will act as intermediaries for all AML/CFTP-related questions. In this respect, the AMLCO should recruit persons with the most appropriate profile and ensure that they receive, upon recruitment and subsequently on an ongoing basis, useful training that is specifically adapted to the tasks expected of them with regard to due diligence (see also point 2.1.1, §1 above).

2.5. Activity report by the AMLCO

Article 7 of the Anti-Money Laundering Regulation of the NBB requires the AMLCO to establish an activity report and send it to the management committee (or to the senior management if there is no management committee) and to the board of directors at least once a year. A copy of this report should be sent to the NBB (see the page Reporting by financial institutions).

This report is an important document for the management bodies, as it allows them to properly perform their tasks. The objective is to periodically inform these bodies at the highest level of the obliged financial institution of the nature and intensity of the ML/FT risks to which it is exposed, and of the measures taken or recommended by the AMLCO to reduce and effectively manage these risks. Notwithstanding the great importance of AML/CFTP to prudential supervision (from the perspective of the compliance function), the objectives set out in the Anti-Money Laundering Law also aim to combat crime, which justifies AML/CFTP receiving a specific treatment and special attention. The NBB therefore asks that the AMLCO’s annual activity report is established separately from the annual activity report of the compliance function.

The NBB recommends that the AMLCO’s annual activity report contains at least the following information:

  1. an explicit statement of whether or not a review of the overall risk assessment imposed by Article 16 of the Anti-Money Laundering Law was required for the reporting year as well as a justification of the decision taken;
  2. the main conclusions of the update of the overall risk assessmentrequired on the basis of Article 16 of the Anti-Money Laundering Law, where such an update has been performed in the past year;
  3. a brief description of the AML/CFTP organisation structureand, where appropriate, of any significant changes made in the past year and of the underlying reasoning, distinguishing in particular between the organisation of the supervision by the persons who are in direct contact with customers or instructed with carrying out their transactions, and the organisation of the functions of the AMLCO;

This description should include a brief description of the human and technical resources allocated to AML/CFTP by the financial institution, and the confirmation that these resources appear sufficient or, if that is not the case, an assessment of the additional resources that are deemed necessary to enable the financial institution to meet its AML/CFTP obligations; 

Where the financial institution has tasked its senior officer responsible for AML/CFTP with performing the functions of AMLCO in accordance with Article 9 §3 of the Anti-Money Laundering Law, the annual activity report should contain the confirmation that the circumstances justifying this decision have remained unchanged or, if that is not the case, a description of the measures that the institution has taken or will take to respond to the changing circumstances;

Where the financial institution has decided to outsource all or some of the tasks of the AMLCO function to a third party or to another entity of the group, the AMLCO’s annual activity report should mention the checks performed with regard to the performance of the service provider as well as any significant incidents that have occurred in the past year in the context of the outsourcing, and contain an assessment of the completeness, timeliness and quality of the performance of the subcontractor and, where appropriate, a description of the measures taken or proposed to take full account of this assessment;

  1. a brief description of any changes made to the risk-based approach implemented and to the policies, procedures, implementation processes and AML/CFTP-related internal control measures, as well as the reasoning behind these changes;
  2. a structured overview of the work carried out by the AMLCO in the past year, including information on:
    1. the nature, number and amount of the atypical transactions detected and transmitted to the AMLCO for analysis,
    2. the nature, number and amount of the atypical transactions effectively analysed by or under the authority of the AMLCO,
    3. the nature, number and amount of the reports of suspicious transactions to the CTIF-CFI (broken down by country of operation),
    4. the number and nature of monitoring missions carried out to verify the implementation of policies, control measures and procedures by employees, agents, distributors and service providers, as well as the adequacy of monitoring resources deployed by the financial institution for AML/CFTP purposes,
    5. the nature and amount of the trainings provided and of the awareness-raising actions undertaken, and
    6. a description of any other measures adopted by the AMLCO;
  3. an analysis of any AML/CFTP-related developments or trends and specific methods and means found with regard to, in particular, the type of customers, the type of transactions, the currencies concerned, or all other relevant information;
  4. supervisory activities undertaken by the supervisor, including communications with the financial institution, as well reports submitted, violations identified and sanctions imposed, measures taken by the financial institution to remedy the violations identified and the current stage of such remedial action, without prejudice to any other periodic reports that may be required in the event of a supervisory activity or remedial action; and
  5. all other useful information on the operation of the AMLCO function and the measures to prevent ML/FT.

Where appropriate, it could be useful for the AMLCO’s annual activity report to be based on the responses provided by the financial institution to the periodic or thematic questionnaires established by the NBB and completed by the institution in the past year. In this respect, see the page Reporting by financial institutions.

The principle of proportionality should be applied when establishing the annual activity report. The level of information to be included in it may vary depending on the scale and diversity of the ML/FT risks to which the financial institution is exposed. For instance, the NBB expects the AMLCO’s annual activity report to be much more detailed in case of a financial institution carrying out diversified and large-scale activities, including high-risk activities, than in case of a financial institution that offers a more limited range of products and services associated with lower risks on a smaller scale. In any case, however, the level of information provided in the annual activity report should be sufficient to enable the financial institution’s senior management to form a view of the nature and intensity of the ML/FT risks to which it is exposed, as well as of the adequacy and efficiency of the ML/FT prevention mechanisms implemented in the institution and, where appropriate, of the improvements to be made to them.

In order to better guarantee the quality of the activity reports produced by the AMLCOs of financial institutions and to ensure that these reports provide an effective added value for the senior management of the financial institutions to which they are addressed, in particular by avoiding that these reports are limited to referencing the content of internal policies and procedures or that they omit important information and, in general, with a view to increasing their relevance, the NBB has drawn up an AMLCO report template:pdf - word

The NBB invites financial institutions to adopt this template, with a view to:

  • achieving an overall improvement in the quality of the AMLCO’s activity report and, consequently, in the awareness of the senior management of financial institutions with regard to AML/CFT issues;
  • secondarily, enabling the NBB to adopt a harmonised and coherent approach to processing the information reported to it annually in the area of AML/CFT by the financial institutions under its supervision (to this end, the NBB invites the AMLCOs of these financial institutions to provide it with a copy of their activity report in .docx file format - see the page Reporting by financial institutions).

3. Communication of the identity of the responsible persons to the NBB

The NBB expects to be notified without delay of any change in the identity of the senior officer responsible for AML/CFTP or of the AMLCO by e-mail to [email protected]. This e-mail should include an organisational chart that shows the position of the respective function(s) within the financial institution and which reflects the hierarchical and functional lines of the function(s) concerned;

The notification should also mention the effective date of appointment and the contact information (phone, e-mail) of the person concerned.

In addition to the above, more specifically for the appointment of a new senior officer responsible for AML/CFTP, the notification of this appointment should also include the following:

  • the curriculum vitae of this person; and
  • if the new senior officer responsible for AML/CFTP also performs another function which could give rise to a conflict of interest for that person, a description of the measures taken by the financial institution to prevent such a conflict from occurring.

In addition to the above, more specifically for the appointment of a new AMLCO, the notification of this appointment should also include the following:

  • the curriculum vitae of this person;
  • a justification of the appointment in the light of the conditions listed in Article 9 §2 of the Anti-Money Laundering Law; and
  • if the AMLCO performs other functions or carries out other tasks within the financial institution or within the group to which it belongs, an estimate of the time actually spent on AML/CFTP tasks and an assessment of any conflicts of interest this combination of functions or tasks could give rise to.

4. Outsourcing of tasks of the AMLCO function

Insofar as the financial institution remains fully responsible for the AMLCO function, it could be permitted, pursuant to the principle of proportionality and/or for reasons of efficiency, to outsource the executive tasks of the AMLCO function that are assigned to it by the Anti-Money Laundering Law and the Anti-Money Laundering Regulation of the NBB, in full or in part to a third party or to another entity belonging to the same group.

For more information on the principles and concrete arrangements such an outsourcing should comply with, see the page Performance of obligations by third parties.

5. Application of the principle of proportionality

On the basis of the principle of proportionality, the governance obligations set out above may be nuanced in certain financial institutions governed by Belgian law or establishments in Belgium of financial institutions governed by foreign law (branches or agents/distributors of payment or electronic money institutions) that are small or medium sized and/or that fall within the scope ratione personae of the Anti-Money Laundering Law, but do not conduct activities in Belgium and/or are not (or only to a very limited extent) exposed to ML/FT risks in Belgium.

This can be illustrated by two specific and non-exhaustive examples:

  • A credit institution or stockbroking firm governed by foreign law opens a branch in Belgium where the employees are tasked solely with finding potential customers in Belgium. However, the Belgian branch does not enter into business relationships with these customers, does not open accounts for these customers in Belgium, nor is it involved in providing financial services to these customers. Its task stops as soon as the interested potential customers have been directed to the financial institution’s registered office in its country of origin (possibly through its website), which will establish the business relationship and carry out the transactions. Moreover, the Belgian branch in no way intervenes in the implementation of the measures taken by the foreign institution to comply with the anti-money laundering legislation applicable in its country of origin (customer due diligence measures, customer acceptance, transaction monitoring, etc.), unless, where appropriate, solely to collect information on the new Belgian customers of the foreign financial institution, in accordance with the latter’s instructions, and only to submit this information to it (generally through its IT system). The business relationship is established and the AML/CFT measures are implemented directly between the foreign institution and the Belgian customers, pursuant to the national anti-money laundering legislation and regulations applicable to it in its country of establishment.

  • A foreign supervisory authority notifies the NBB that a foreign payment institution will be offering financial services in Belgium through agents established there. On the basis of the notification received, the NBB should normally register the foreign payment institution on the official list of European payment institutions carrying out their activities in Belgium. Pursuant to the European Anti-Money Laundering Regulation and the Belgian Anti-Money Laundering Law, the payment institution will fall within the scope ratione personae of the Belgian Anti-Money Laundering Law and will be subject to the NBB’s supervision. Where appropriate, this European payment institution will be required to establish a “central contact point” in Belgium (see the page dedicated to central contact points. However, further investigation by the NBB shows that the Belgian agent of the foreign payment institution is tasked only with providing technical support to the foreign institution’s Belgian customers (e.g. installing and repairing payment terminals) and that the Belgian agent therefore in no way intervenes in providing financial services to these customers nor is responsible for the correct implementation of the anti-money laundering legislation. It is also possible that the Belgian agent does intervene in collecting customer information for new Belgian customers of the foreign payment institution for the sole purpose of transmitting that information to the payment institution (generally through its IT system), but that further customer due diligence measures, the decision to accept the customer and the adoption of ongoing due diligence measures are left completely to the foreign institution’s registered office.

In the cases described above, the NBB considers that the activities carried out by these foreign institutions in Belgium are not (or only to a very limited extent) exposed to any ML/FT risk, given that the financial services are exclusively or primarily provided from abroad and strongly resemble financial services offered from abroad under the freedom to provide services without a physical establishment in Belgium.

The NBB therefore considers that institutions which are subject ratione personae to the Belgian anti-money laundering legislation but which are small or medium sized and/or conduct activities in Belgium – through their establishment – that are not (or only to a very limited extent) exposed to specific ML/FT risks, can apply the principle of proportionality, in particular:

  • by combining the functions of senior AML/CFTP officer and AMLCO; 
  • by outsourcing all or certain tasks of the AMLCO function;
  • by simultaneously combining the functions of senior officer responsible for AML/CFTP and AMLCO and outsourcing all or part of the AMLCO’s tasks;
  • by submitting a request for derogation from certain reporting obligations to the NBB (for more information on the reporting obligations and the request for derogation, see the page Reporting by financial institutions).

5.1. Assessment of the principle of proportionality in AML/CFTP

The NBB verifies whether the conditions for the application of the principle of proportionality in AML/CFTP are met, particularly on the basis of the following indicative criteria:

a) the nature of the institution, taking into account its prudential status, its legal form, whether or not it belongs to a group, and its business model;

b) the size of the institution, taking into account its balance sheet total, its turnover, the number of its full-time equivalent employees and its management structure; 

c) the nature and complexity of its transactions from the perspective of the ML/FT risks to which it is exposed; and

d) in the case of an establishment in Belgium of a financial institution governed by foreign law (of another EEA country or of a third country), the reasons for creating the Belgian establishment and the functions and tasks assigned to it, particularly in the context of the implementation of the institution’s AML/CFT policies and procedures.

In any case, a financial institution intending to make use of this possibility should be able to demonstrate to the NBB that its intended proportionate terms for the implementation of its obligations are appropriate in view of, in particular, the criteria above.

5.2. Combination of the functions of senior officer responsible for AML/CFTP and AMLCO

On the basis of the principle of proportionality, Article 9 §3 of the Anti-Money Laundering Law enables financial institutions to have the function of senior officer responsible for AML/CFTP and of AMLCO performed by the same person, where justified by the nature or size of the obliged entity. 

If a financial institution wishes to make use of this possibility, it is expected to compile a dossier in which (i) it demonstrates that this choice meets the proportionality criteria set out in point 5.1 above and (ii) it specifies why it wishes to apply Article 9 §3 of the Anti-Money Laundering Law. This dossier should be available for submission to the NBB at its first request. Furthermore, the institution should regularly reassess whether the circumstances which justified the application of Article 9 §3 of the Anti-Money Laundering Law still apply. If not, the financial institution should take the measures necessary for the separate appointment of a senior officer responsible for AML/CFTP in accordance with Article 9 §1 of the Anti-Money Laundering Law, on the one hand, and of an AMLCO in accordance with Article 9 §2 of the Anti-Money Laundering Law, on the other. In addition, the financial institution should immediately notify the NBB.

If the possibility to combine functions as laid down in Article 9 §3 of the Anti-Money Laundering Law is used, the senior officer acting as AMLCO should be appointed among the members of the financial institution’s management committee or its senior management, or among the branch’s managers. A fit & proper screening should be performed and it should be ensured that the senior officer acting as AMLCO cannot be affected by conflicts of interest as a result of any other responsibilities. The rules set out in point 1.1 above regarding the senior officer responsible for AML/CFTP apply by analogy.

The senior officer acting as AMLCO should perform the tasks referred to in points 1.2 and 2.2 above.

5.3. Outsourcing

Pursuant to the principle of proportionality and/or for reasons of efficiency, financial institutions may be authorised to use outsourcing. Please refer to point 4 above and to the page Performance of obligations by third parties.

5.4. Simultaneous use of the possibility to (i) combine the functions of senior officer responsible for AML/CFTP and AMLCO and (ii) outsource all or part of the AMLCO’s tasks

Financial institutions governed by Belgian law or branches established in Belgium of a very small size that have a low ML/FT risk profile may make simultaneous use of the possibilities specified in points 5.2 and 5.3 above on the basis of the principle of proportionality.

In that case, the financial institutions concerned (governed by Belgian law or branches) should compile a dossier in which they demonstrate that the conditions set out in points 5.2. and 5.3. are met. This dossier should be available for submission to the NBB at its first request.

In that case, the senior officer acting as AMLCO (member of the management committee or of the senior management) within the financial institution or the branch should have the ultimate responsibility for all important AML/CFTP-related decisions, in addition to its task to monitor the quality of the outsourced services).

5.5. Combination of functions by the AMLCO

As mentioned above, in large financial institutions and/or in institutions with a high ML/FT risk profile, the AMLCO is generally at the head of an AML unit comprised of multiple members. In that case, the AMLCO function can only be combined with the function of person responsible for the compliance function. 

For medium-sized financial institutions and/or institutions with a standard ML/FT risk profile, the AMLCO to be appointed may work alone. In that case, the AMLCO function is a full-fledged function that cannot be combined with other functions (apart from the compliance function). 

However, in financial institutions governed by Belgian law or branches established in Belgium by foreign financial institutions of a small size and/or institutions with a low ML/FT risk profile, it may be disproportionate to entrust the AMLCO function to a person who performs it on a full-time basis. In that case, it may be appropriate to attribute this function to a person who only performs it part-time, in combination with other functions in the Belgian entity concerned or in other entities of the same group. The NBB considers that such governance rules, which are applied on the basis of the principle of proportionality, require that the following conditions, which result from the nature of the AMLCO function and from the application of Article 9 §2 of the Anti-Money Laundering Law, be met:

  1. These governance rules meet the proportionality criteria set out in point 5.1 above;
  2. The other functions performed by the person concerned in the same entity or in another entity of the same group are not such as to expose them to conflicts of interest; from this viewpoint, the functions of AMLCO or of person responsible for the compliance function in another entity of the same group may be considered compatible with the function of AMLCO of the Belgian entity;
  3. The person concerned should spend sufficient time performing the AMLCO function in the Belgian entity in order to meet the availability condition set out in Article 9 §2 (3rd subparagraph) (2) of the Anti-Money Laundering Law;
  4. If the person concerned does not usually perform the AMLCO function in the Belgian entity, this geographic distance is without prejudice to the effective performance of this function, to the availability and to the knowledge of the Belgian statutory and regulatory ML/FTP prevention framework, which are required by Article 9 §2 (3rd subparagraph) (2) of the Anti-Money Laundering Law.

A financial institution wishing to apply these governance rules should compile a dossier demonstrating that all these conditions are met. This dossier should be available for submission to the NBB at its first request.

5.6. Senior officer responsible for AML/CFTP and AMLCO in European financial institutions providing services in Belgium solely through (tied) agents or distributors

For

  • European credit institutions and stockbroking firms that use a tied agent established in Belgium to perform investment services and/or activities there,
  • European credit institutions that use an agent established in Belgium to provide services there consisting of receiving deposits or other repayable funds, and
  • European payment institutions or electronic money institutions respectively providing payment services or distributing electronic money in Belgium solely through agents or distributors,

the obligations to appoint a senior officer responsible for AML/CFTP and an AMLCO as laid down in Article 9 of the Anti-Money Laundering Law should be interpreted taking into account the specific characteristics of the presence of these financial institutions on the Belgian territory as well as the principle of proportionality. 

The NBB should in any case be informed of the identity and the function of the persons who, at the head office of each of these institutions and in accordance with the law applicable in their country of origin:

  • are responsible at the highest level for ensuring that the provisions of the Anti-Money Laundering Law and the other statutory and regulatory provisions referred to in the first subparagraph of Article 9 §1 of the Law are implemented and complied with in Belgium;
  • perform the function of AMLCO, pursuant to Article 9 §2 of the Law.

With regard to the obligation to designate a central contact point (see Article 15 of the Anti-Money Laundering Law), please refer to the page dedicated to central contact points.

5.7. Reporting to the NBB

For the possibility of requesting a derogation from certain reporting obligations to the NBB, see the page Reporting by financial institutions.

6. Other governance requirements

The specific AML/CFTP-related governance requirements should be integrated harmoniously into all prudential governance rules applicable to the different sectors concerned. 

6.1. AML/CFTP tasks of the board of directors

A financial institution’s board of directors has the following AML/CFTP tasks:

  1. deciding on the overall ML/FT risk management strategy of the financial institution concerned. The board of directors should therefore have appropriate knowledge, skills and experience to form an overall view of the policy implemented and the ML/FT risks associated with the activities performed and the business model, including knowledge of the statutory and regulatory framework for the prevention of ML/FTP;
  2. validating the institution’s AML/CFTP policy (see the page Policies, procedures, processes and internal control measures);
  3. being informed of the results and updates of the institution’s overall ML/FT risk assessment;
  4. reviewing the AMLCO’s activity report at least once a year and, more frequently in the interim, taking note of activities that expose the financial institution to higher ML/FTP risks;
  5. assessing at least once a year the proper functioning of the compliance function, including its AML/CFTP component - inter alia on the basis of the conclusions of any internal and/or external audits performed on it - ensuring in particular the adequacy of the human and technical resources allocated to the AMLCO function.

The board of directors should have access to and consider high-quality and detailed data and information so that it is able to perform its AML/CFTP tasks effectively. At a minimum, the board of directors should have timely and direct access to the AMLCO’s activity report, the report of the internal audit function, the findings and conclusions of external auditors where applicable, as well as findings of the supervisor, relevant communications with CTIF-CFI and supervisory measures or administrative sanctions imposed.

6.2. AML/CFTP tasks of the management committee

A financial institution’s management committee or, if it does not have a management committee, its senior management has the following AML/CFTP tasks:

  1. implementing, at the instigation of the senior officer responsible for AML/CFTP, the organisational and operational AML/CFTP structure necessary to comply with Article 8 of the Anti-Money Laundering Law and with the AML/CFTP strategy defined by the board of directors, paying particular attention to the adequacy of the human and technical resources allocated to the AMLCO function;
  2. approving the internal AML/CFTP procedures (see the page Policies, procedures, processes and internal control measures, which stipulates that minor changes to these procedures can be validated by the senior officer responsible for AML/CFTP);
  3. implementing adequate AML/CFTP-related internal control mechanisms (see the page Policies, procedures, processes and internal control measures);
  4. approving the AMLCO’s annual activity report and being in regular contact with the AMLCO;
  5. annually assessing the efficiency of its governance system, including the AML/CFTP policy; and
  6. ensuring proper AML/CFTP reporting to both the board of directors and the NBB.
  7. ensuring that any outsourcing of the AMLCO’s operational tasks complies with applicable regulations (see point 1 of the page Performance of obligations by third parties), and that it receives regular reports from the service provider.

6.3. Adherence to compliance rules

Since the AML/CFTP policy should be integrated into the compliance function, the principles included in Circular NBB_2012_14 are applicable. Moreover, the prudential rule stipulating that all independent control functions should form a coherent whole, also applies, requiring a good interaction between the compliance function and the risk management function with respect to ML/FT risks (but without creating a hierarchy between these independent control functions).

Although ML/FT risk management is the subject of specific reports submitted to the NBB, the NBB expects the compliance function to also cover this aspect in the context of its reporting on compliance. However, the use of cross-references is allowed in this reporting for AML/CFTP-related aspects. 

Reference documents:

  • Guidelines of the European Banking Authority of 25 February 2019 (EBA/GL/2019/02) on outsourcing arrangements (for credit institutions, stockbroking firms, payment institutions and electronic money institutions);
  • Circular NBB_2018_25 regarding suitability of directors, members of the management committee, responsible persons of independent control functions and senior managers of financial institutions;
  • Circular NBB_2012_14 on the compliance function;
  • the sectoral circulars on outsourcing:
    • for credit institutions and stockbroking firms: Circular PPB_2004_5 regarding sound management practices in outsourcing by credit institutions and investment firms,
    • for insurance companies: Circular NBB_2016_31 on the prudential expectations of the NBB as regards the governance system for the insurance and reinsurance sector,
    • for payment institutions and electronic money institutions: the aforementioned Circular PPB_2004_05, which is made applicable by Circulars NBB_2015_09 on the prudential status of electronic money institutions and NBB_2015_10 on the prudential status of payment institutions,
    • for settlement institutions: Circular PPB_2007_5 on internal control and internal audit, compliance function, prevention policy, sound management practices in outsourcing;
  • The sectoral circulars on governance:
    • for credit institutions, stockbroking firms, payment institutions and electronic money institutions, settlement institutions and assimilated institutions: the governance manual,
    • for insurance companies: the aforementioned Circular NBB_2016_31.

Disclaimer: This English text is an unofficial translation and may not be used as a basis for resolving any dispute.