Your appointed compliance officer is responsible for effectively implementing all of the elements within your compliance program: policies and procedures, ongoing training, risk assessment, and effectiveness review conducted every two years (minimum).
Appointing a designated person to be your compliance officer alone does not fulfil your compliance program requirements or the overall objectives of the PCMLTFA and associated Regulations.
In order to implement an effective AML/ATF program your compliance officer needs to:
- have the necessary authority and access to resources in order to implement an effective compliance program and make any desired changes;
- have knowledge of your business’s functions and structure;
- have knowledge of your sector’s ML/TF risks and vulnerabilities as well as ML/TF trends and typologies; and
- understand your sector’s legal requirements under the PCMLTFA and associated Regulations.
While the compliance officer is appointed, it is the reporting entity’s responsibility to meet its compliance program requirements under the PCMLTFA and associated Regulations.
Depending on the size of your business, you could be the compliance officer or it could be another individual, such as:
- a senior manager, the owner or the operator of your small business; or
- someone from a senior level who has direct access to senior management and the board of directors of your large business.
If you are an individual, such as in the case of a sole proprietorship, you can appoint yourself as the compliance officer, or you may choose to appoint another individual to help you implement the compliance program.
As a best practice, the appointed compliance officer of a larger business should not be directly involved in the receipt, transfer or payment of funds.
A compliance officer may choose to delegate certain duties to other employees. For example, a compliance officer may delegate responsibility to an individual in another office or branch. However, where such a delegation is made, the compliance officer remains responsible for the implementation of the compliance program.
As a best practice, the compliance officer should have the ability to report compliance related issues to, and meet with the board of directors, senior management or owner/chief operator on a regular basis.