On 10 January 2023, Financial Supervisory Authority (FSA) Regulation no. 18/2022 amending and supplementing FSA Regulation no. 13/2019 on prevention and combating of money laundering (ML) and terrorism financing (TF) was published in the Official Gazette. The new Regulation will go into force in February 2023.
The new legislation brings additional clarity to the framework applicable to the prevention and combating of ML/TF in the financial sectors under FSA supervision. The Regulation implements provisions from the EBA Risk Factors Guidelines (JC/2017/37), the ESAs Risk‐Based Supervision Guidelines (ESAs/2016/72), and the EBA Guidelines on the role of AML/CFT compliance officers (EBA/GL/2022/05).
One notable change brought on by Regulation 18/2022 is that regulated entities are now obliged to approve, monitor and review annually and whenever necessary (based on their own risk assessments) ML/FT risk-management policies, internal rules, arrangements and procedures and methodology. Previously, approval, monitoring and review had to be carried out every two years.
Regulated entities must also have measures in place to verify the implementation and assess the effectiveness of internal control systems and procedures, including through independent audit.
The internal control systems and procedures that regulated entities put in place to ensure that their individual and business level risk assessments remain up to date include annual assessments of business-wide risks and the setting of a date during the year, depending on risks, on which to conduct the individual risk assessment to ensure that new or emerging risks are included. Previously, the planning referred to a period of two years.
Regulation 18/2022 has also introduced new provisions or amended provisions regulating important aspects of the ML/TF framework applicable to entities undertaking activity in the sectors supervised by the FSA, such as:
– the role and responsibilities of the management in relation to ML/TF;
– duties and responsibilities of the conformity officers, including the content of the annual activity report of the conformity officer;
– training of personnel regarding ML/TF;
– risk identification and evaluation;
– distance business relationships and occasional transactions including the obligations to be complied with by the providers of outsourced innovative solutions for the application of standards KYC measures. Irrespective of the level of automation used, regulated entities must perform regular ex-post checks on a selected sample of all transactions processed;
– preservation of evidence.
Cristina Popescu, Partner, Head of CEE Insurance Practice Group CMS Cameron McKenna Nabarro Olswang LLP SCP
Florentin Giurgea, Senior Associate CMS Cameron McKenna Nabarro Olswang LLP SCP