The AML Officer is a key figure within the organizational structure of an obliged institution in Poland, including a CASP. Under Polish regulations, this is a managerial employee responsible for organizing and supervising the internal AML/CFT system. In the context of the MiCA Regulation, the appointment of a person to this position is one of the fundamental requirements at the stage of applying for a CASP license.
In this article, I will present the requirements that must be met by an AML Officer/MLRO in a Polish CASP. For consistency with Polish legislation, I will use the term AML Officer instead of MLRO.
1. Residency requirement
Polish AML Act and MiCA do not impose a residency requirement on the AML Officer. However, the CASP must demonstrate the actual availability and effective operational presence of the person holding this position.
In accordance with the relatively strict approach of the Polish Financial Supervision Authority (KNF), arising from its position of 1/12/2022:
https://www.knf.gov.pl/knf/pl/komponenty/img/Stanowisko_UKNF_AMLRO_80468.pdf
Due to the requirement of availability to the Polish Financial Intelligence Unit (FIU), the AMLRO should be employed in the territory of Poland.
On the other hand, KNF notes that if proportionate to the ML/TF risks to which the supervised entity is exposed, and within the limits allowed by national law, the AMLRO may also be employed in another country, provided that adequate measures and control mechanisms are in place to ensure the performance of his/her duties, including availability to the FIU in that country.
Consequently, the AML Officer may also be a resident of a country other than Poland. In practice, however, I recommend that the AML Officer be a Polish resident, in order to avoid the need to demonstrate availability and inquiries from the Polish regulator in this respect.
2. Time commitment requirements
Similarly, in terms of the time dimension of performing the AML Officer’s duties, neither the Polish AML Act nor MiCA provide for explicit rules.
According to the KNF’s position, the AML Officer should be provided with sufficient time to effectively perform AML/CFT obligations. A CASP should ensure that the person has enough time to carry out AML/CFT tasks. Everything depends on the organizational structure of the CASP. The regulator will assess whether the time commitment is proportionate to the size, scale, and complexity of the CASP’s activities.
As a consequence, depending on the organizational structure and scale of the CASP, the AML Officer may perform his/her duties on a part-time basis, provided that the allocated time is sufficient to ensure the effective execution of AML/CFT responsibilities.. However, it seems that this should not be less than ½ of a full-time equivalent, i.e. approximately 20 hours in a 5-day working week.
3. Can the AML Officer perform the role for multiple CASPs simultaneously?
The AML Act does not explicitly prohibit multiple appointments, but both KNF and EBA emphasize the need for real time commitment, adequate resources, and independence. In practice, holding the role across multiple entities is generally not recommended. It may be exceptionally acceptable (e.g., within a group, at low scale/risk) if proportionality and absence of conflicts can be demonstrated, and full availability is ensured for each institution.
Considering the responsibilities defined under the Polish AML Act and MiCA, the AML Officer in Poland should dedicate at least half of a full-time position to the role. In practice, this means that an AML Officer should not act for more than two CASPs at the same time, if proper AML compliance and oversight are to be ensured.
4. Polish language requirement
The AML Officer must be available to the authorities, and the AML Act gives them a formal role in communications and notifications to the GIIF. Because of the specific nature of the Polish legal system and the need to communicate with supervisory authorities, a good command of the Polish language is essential to perform this role effectively. This is especially important since all documentation and reporting are done in Polish.
5. Form of engagement
The Polish AML Act, when defining the AML Officer, explicitly refers to “an employee in a managerial position” (Article 8). The term “employee” does not necessarily have to be strictly linked to an employment relationship. In my view, this may also include a person performing the duties of an AML Officer under a civil law contract. I take the position that the form of the contract is not critical; rather, its content matters. It should ensure that the AML Officer:
- Holds a managerial position;
- Is responsible for ensuring that the obliged institution, its employees, and other persons performing activities for the obliged institution comply with AML/CFT regulations;
- Is responsible for submitting notifications on behalf of the obliged institution.
The legal relationship with the AML Officer should therefore guarantee independence and effective oversight over the CASP in the area of AML/CFT obligations. The AML Officer is part of the second line of defense and should operate within an independent unit, ensuring:
- independence from the business lines or units being controlled,
- unrestricted access to information necessary to perform tasks,
- direct access to the supervisory authority or senior management.
It is worth noting, however, that the GIIF takes a different stance on this matter. In an email from June 2024, the GIIF stated:
The term “employee” should be understood exclusively as a person employed under an employment contract, while persons engaged by the obliged institution under a civil law contract or providing services under a sole proprietorship (so-called B2B) are not covered by this term. For the purposes of interpreting the concept of “employee” as used in Article 8 of the Act, these considerations lead to the conclusion that the provisions of the Act do not allow the function of AMLRO to be outsourced to a third party.
Furthermore, these provisions imply that a person who is both an employee of an obliged institution and appointed under Article 8 of the AML Act in that institution may not simultaneously be appointed under Article 8 in another obliged institution.
In my view, this position is misguided. Nevertheless, for the sake of clarity and completeness, it is important to present it in this article.
6. Requirements regarding reputation, knowledge, skills, and experience
The assessment of suitability and qualifications (“fit and proper”) is a critical element of CASP authorization. This assessment applies to all key functions within the entity, including the person serving as AML Officer. The Polish Regulator will take into account the following criteria:
- Reputation: The candidate must provide assurance of proper performance of the function, which means proper moral and ethical standing. In practice, this requirement translates into the AML Officer having no criminal record.
- Knowledge: A thorough knowledge of the law is required, including the MiCA Regulation and the Polish AML Act, as well as AML/CFT guidelines. It is also necessary to demonstrate an understanding of the company’s activities and the risks associated with its business model. As a minimum, AML training covering the Polish AML Act should be documented.
- Experience: The candidate must have sufficient experience to effectively manage ML/TF risks. Particularly valuable is experience in the financial sector, crypto-assets, IT, cybersecurity, or blockchain technology.
- Skills: The AML Officer must possess the ability to report suspicious transactions/events, conduct risk assessments, and develop AML policies.
