Who Is Responsible for AML? The Role of the MLRO, Board Member, and Management.
As regulatory pressure around Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) continues to grow, it is crucial for obligated institutions to clearly define responsibilities within their organizational structure. Polish law, under the AML Act, outlines three key roles: the management board, a designated board member for AML, and the AML Compliance Officer (MLRO/AMLRO).
1. Management Board – Executive Responsibility (Article 6 of the AML Act)
The management board is responsible for the overall implementation of AML/CFT compliance in the organization. It approves AML policies, appoints key personnel, and ensures sufficient resources.
Key responsibilities include:
- Approving and reviewing the AML strategy,
- Supervising the implementation of AML procedures,
- Bearing administrative liability for non-compliance,
- Documenting decisions and risk assessments (e.g. board resolutions, meeting minutes).
- According to KNF and EBA guidance, the board must demonstrate active involvement and AML competence.
2. Designated Board Member for AML (Article 7)
This person coordinates AML efforts at the executive level and must not be the same person as the MLRO. Their function should be clearly and formally assigned.
Responsibilities:
- Approving and regularly updating the AML risk assessment,
- Overseeing the effectiveness of the AML system,
- Reporting to the board and participating in compliance-related decisions.
- According to practice (e.g. Dudkowiak Legal and GIIF guidelines), this role must be officially appointed via a board resolution.
3. AML Compliance Officer (MLRO/AMLRO) – Article 8
The MLRO is responsible for the operational functioning of the AML/CFT framework.
Responsibilities include:
- Monitoring compliance with AML regulations among employees,
- Filing SARs and threshold reports with the Polish FIU (Articles 74, 86, 89, 90 of the AML Act),
- Conducting training, audits, and reviews of AML procedures,
- Cooperating with GIIF, KNF, law enforcement, and other authorities.
- The MLRO should have direct access to the board and full operational independence. Failure to perform duties can result in personal administrative liability.
Key Takeaways and Recommendations
AML responsibilities must be clearly assigned and documented.
MLRO and the board AML member must be separate roles, unless objectively justified (e.g. in micro-institutions).
Risk assessments must be updated regularly and approved by the board.
All appointments should be formalized through internal resolutions.
AP Outsourcing Group – Supporting Your AML Compliance
At AP Outsourcing Group, we provide end-to-end AML/CFT support — from policy creation to training, audits, and MLRO advisory.
Contact us to ensure your institution fully complies with the AML Act and is ready for inspection by GIIF or KNF.