Article 11 AMLR

Article 11 AMLR – Compliance functions

1.   Obliged entities shall appoint one member of the management body in its management function who shall be responsible for ensuring compliance with this Regulation, Regulation (EU) 2023/1113 and any administrative act issued by any supervisor (‘compliance manager’).

The compliance manager shall ensure that the obliged entity’s internal policies, procedures and controls are consistent with the obliged entity’s risk exposure and that they are implemented. The compliance manager shall also ensure that sufficient human and material resources are allocated to that end. The compliance manager shall be responsible for receiving information on significant or material weaknesses in such policies, procedures and controls.

Where the management body in its management function is a body collectively responsible for its decisions, the compliance manager shall be responsible for assisting and advising it and for preparing the decisions referred to in this Article.

2.   Obliged entities shall have a compliance officer, to be appointed by the management body in its management function and with sufficiently high hierarchical standing, who shall be responsible for the policies, procedures and controls in the day-to-day operation of the obliged entity’s AML/CFT requirements, including in relation to the implementation of targeted financial sanctions, and shall be a contact point for competent authorities. The compliance officer shall also be responsible for reporting suspicious transactions to the FIU in accordance with Article 69(6).

In the case of obliged entities subject to checks on their senior management or beneficial owners pursuant to Article 6 of Directive (EU) 2024/1640 or under other Union legal acts, compliance officers shall be subject to verification that they comply with those requirements.

Where justified by the size of the obliged entity and the low risk of its activities, an obliged entity that is part of a group may appoint as its compliance officer an individual who performs that function in another entity within that group.

The compliance officer may only be removed following prior notification to the management body in its management function. The obliged entity shall notify the supervisor of the removal of the compliance officer, specifying whether the decision relates to the carrying out of the tasks assigned under this Regulation. The compliance officer may, on his or her own initiative or upon request, provide information to the supervisor concerning the removal. The supervisor may use that information to perform its tasks under the second subparagraph of this paragraph and under Article 37(4) of Directive (EU) 2024/1640.

3.   Obliged entities shall provide the compliance functions with adequate resources, including staff and technology, in proportion to the size, nature and risks of the obliged entity for effective performance of their tasks, and shall ensure that the persons responsible for those functions are granted the powers to propose any measures necessary to ensure the effectiveness of the obliged entity’s internal policies, procedures and controls.

4.   Obliged entities shall take measures to ensure that the compliance officer is protected against retaliation, discrimination and any other unfair treatment, and that decisions of the compliance officer are not undermined or unduly influenced by commercial interests of the obliged entity.

5.   Obliged entities shall ensure that the compliance officer and the person responsible for the audit function referred to in Article 9(2), point (b), can report directly to the management body in its management function and, where such a body exists, to the management body in its supervisory function independently, and can raise concerns and warn the management body, where specific risk developments affect or may affect the obliged entity.

Obliged entities shall ensure that the persons directly or indirectly participating in implementation of this Regulation, Regulation (EU) 2023/1113 and any administrative act issued by any supervisor, have access to all information and data necessary to perform their tasks.

6.   The compliance manager shall regularly report on the implementation of the obliged entity’s internal policies, procedures and controls to the management body. In particular, the compliance manager shall submit once a year, or, where appropriate, more frequently, to the management body a report on the implementation of the obliged entity’s internal policies, procedures and controls drawn up by the compliance officer, and shall keep that body informed of the outcome of any reviews. The compliance manager shall take the necessary actions to remedy in a timely manner any deficiencies identified.

7.   Where the nature of the business of the obliged entity, including its risks and complexity, and its size justify it, the functions of the compliance manager and the compliance officer may be performed by the same natural person. Those functions may be cumulated with other functions.

Where the obliged entity is a natural person or a legal person whose activities are performed by one natural person only, that person shall be responsible for performing the tasks under this Article.