Article 3 Minimum requirements regarding group-wide policies, procedures and controls

to set up, implement and maintain an organisation and coordination structuremeans any form of organisation, agreement or similar that:includes at least two obliged entities;is not a group with a parent undertaking within the meaning of Article 2(1), point (42) of Regulation (EU) 2024/1624; andhas the objective of establishing a common framework of business, professional or commercial relationships connecting two or more obliged entities. or body at groupmeans a group of undertakings which consists of a parent undertaking, its subsidiaries, as well as undertakings linked to each other by a relationship within the meaning of Article 22 of Directive 2013/34/EU; level with sufficient decision-making powers for the groupmeans a group of undertakings which consists of a parent undertaking, its subsidiaries, as well as undertakings linked to each other by a relationship within the meaning of Article 22 of Directive 2013/34/EU; compliance manager and compliance officer appointed pursuant to Article 16(2) of Regulation (EU) 2024/1624, where applicable, to manage and prevent money launderingmeans the conduct set out in Article 3, paragraphs 1 and 5, of Directive (EU) 2018/1673 including aiding and abetting, inciting and attempting to commit that conduct, whether the activities which generated the property to be laundered were carried out on the territory of a Member State or on that of a third country; knowledge, intent or purpose required as an element of that conduct may be inferred from objective factual circumstances;, terrorist financingmeans the conduct set out in Article 11 of Directive (EU) 2017/541 including aiding and abetting, inciting and attempting to commit that conduct, whether carried out on the territory of a Member State or on that of a third country; knowledge, intent or purpose required as an element of that conduct may be inferred from objective factual circumstances; risks as well as to prevent the non-implementation and evasion of targeted financial sanctionsmeans both asset freezing and prohibitions to make funds or other assets available, directly or indirectly, for the benefit of designated persons and entities pursuant to Council Decisions adopted on the basis of Article 29 TEU and Council Regulations adopted on the basis of Article 215 TFEU;. Such structuremeans any form of organisation, agreement or similar that:includes at least two obliged entities;is not a group with a parent undertaking within the meaning of Article 2(1), point (42) of Regulation (EU) 2024/1624; andhas the objective of establishing a common framework of business, professional or commercial relationships connecting two or more obliged entities. or body shall have a proper allocation of functions, responsibilities and reporting lines and shall be clearly documented;

to ensure that the management bodymeans an obliged entity’s body or bodies, which are appointed in accordance with national law, which are empowered to set the obliged entity’s strategy, objectives and overall direction, and which oversee and monitor management decision-making, and include the persons who effectively direct the business of the obliged entity; where no such body exists, the person who effectively directs the business of the obliged entity; and the control functionsmeans a function that is independent from the commercial functions it controls and that is responsible to provide an objective assessment of the obliged entity’s risks, review or report on those, including, but not limited to, the risk management function, the compliance function and the internal audit function; have the necessary information at groupmeans a group of undertakings which consists of a parent undertaking, its subsidiaries, as well as undertakings linked to each other by a relationship within the meaning of Article 22 of Directive 2013/34/EU; level to be able to carry out their functions under Regulation (EU) 2024/1624, Regulation (EU) 2023/1113 and to address and implement any administrative act issued by any relevant supervisormeans the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of this Regulation, including AMLA when performing the tasks entrusted to it in Article 5(2) of Regulation (EU) 2024/1620; for the oversight and management of subsidiaries and branches of the groupmeans a group of undertakings which consists of a parent undertaking, its subsidiaries, as well as undertakings linked to each other by a relationship within the meaning of Article 22 of Directive 2013/34/EU; in Member States and in third countriesmeans any jurisdiction, independent state or autonomous territory that is not part of the Union and that has its own AML/CFT legislation or enforcement regime;;

to identify and mitigate conflicts of interests between the prevention and management of risks related to money launderingmeans the conduct set out in Article 3, paragraphs 1 and 5, of Directive (EU) 2018/1673 including aiding and abetting, inciting and attempting to commit that conduct, whether the activities which generated the property to be laundered were carried out on the territory of a Member State or on that of a third country; knowledge, intent or purpose required as an element of that conduct may be inferred from objective factual circumstances;, terrorist financingmeans the conduct set out in Article 11 of Directive (EU) 2017/541 including aiding and abetting, inciting and attempting to commit that conduct, whether carried out on the territory of a Member State or on that of a third country; knowledge, intent or purpose required as an element of that conduct may be inferred from objective factual circumstances; and the non-implementation and evasion of targeted financial sanctionsmeans both asset freezing and prohibitions to make funds or other assets available, directly or indirectly, for the benefit of designated persons and entities pursuant to Council Decisions adopted on the basis of Article 29 TEU and Council Regulations adopted on the basis of Article 215 TFEU; risk and the tasks of the commercial functions of groupsmeans a group of undertakings which consists of a parent undertaking, its subsidiaries, as well as undertakings linked to each other by a relationship within the meaning of Article 22 of Directive 2013/34/EU;, including at subsidiary and branch level;

to carry out and update the business-wide risk assessment at groupmeans a group of undertakings which consists of a parent undertaking, its subsidiaries, as well as undertakings linked to each other by a relationship within the meaning of Article 22 of Directive 2013/34/EU; level pursuant to Article 16(1) of Regulation (EU) 2024/1624 to ensure that it is commensurate to the size, complexity and the risk profile of the groupmeans a group of undertakings which consists of a parent undertaking, its subsidiaries, as well as undertakings linked to each other by a relationship within the meaning of Article 22 of Directive 2013/34/EU;;

to ensure that the compliance functions referred to in Article 16(2) of Regulation (EU) 2024/1624 have regular and documented information exchanges, at least on a periodic basis appropriate to the level of risk, with the management bodymeans an obliged entity’s body or bodies, which are appointed in accordance with national law, which are empowered to set the obliged entity’s strategy, objectives and overall direction, and which oversee and monitor management decision-making, and include the persons who effectively direct the business of the obliged entity; where no such body exists, the person who effectively directs the business of the obliged entity;, commercial functions, other compliance functions at groupmeans a group of undertakings which consists of a parent undertaking, its subsidiaries, as well as undertakings linked to each other by a relationship within the meaning of Article 22 of Directive 2013/34/EU; level where these are separate functions, and the control functionsmeans a function that is independent from the commercial functions it controls and that is responsible to provide an objective assessment of the obliged entity’s risks, review or report on those, including, but not limited to, the risk management function, the compliance function and the internal audit function; at groupmeans a group of undertakings which consists of a parent undertaking, its subsidiaries, as well as undertakings linked to each other by a relationship within the meaning of Article 22 of Directive 2013/34/EU; level. Such exchanges shall cover, at a minimum, relevant information on identified risks, significant compliance issues, and measures adopted to address them;

to ensure that the group-wide policies, procedures and controls take into account group-specific risks in their design, execution and application and include group-wide measures to address non-compliance. The parent undertakingmeans:for groups whose head office is located in the Union, an obliged entity that is a parent undertaking as defined in Article 2, point (9), of Directive 2013/34/EU that is not itself a subsidiary of another undertaking in the Union, provided that at least one subsidiary undertaking is an obliged entity;for groups whose head office is located outside of the Union, where at least two subsidiary undertakings are obliged entities established in the Union, an undertaking within that group established in the Union that:is an obliged entity;is an undertaking that is not a subsidiary of another undertaking that is an obliged entity established in the Union;has a sufficient prominence within the group and a sufficient understanding of the operations of the group that are subject to the requirements of this Regulation; andis given the responsibility of implementing group-wide requirements under Chapter II, Section 2 of this Regulation; in the Union shall take into account in its money launderingmeans the conduct set out in Article 3, paragraphs 1 and 5, of Directive (EU) 2018/1673 including aiding and abetting, inciting and attempting to commit that conduct, whether the activities which generated the property to be laundered were carried out on the territory of a Member State or on that of a third country; knowledge, intent or purpose required as an element of that conduct may be inferred from objective factual circumstances; and terrorism financing risk management system at groupmeans a group of undertakings which consists of a parent undertaking, its subsidiaries, as well as undertakings linked to each other by a relationship within the meaning of Article 22 of Directive 2013/34/EU; level the individual risks of the various entities of the groupmeans a group of undertakings which consists of a parent undertaking, its subsidiaries, as well as undertakings linked to each other by a relationship within the meaning of Article 22 of Directive 2013/34/EU; and their possible interrelations that could have a significant impact on the group-wide risk exposure, including outsourcing and reliance arrangements. In this respect, particular attention shall be paid to the risks to which the groupmeans a group of undertakings which consists of a parent undertaking, its subsidiaries, as well as undertakings linked to each other by a relationship within the meaning of Article 22 of Directive 2013/34/EU;’s branches or subsidiaries established in third countriesmeans any jurisdiction, independent state or autonomous territory that is not part of the Union and that has its own AML/CFT legislation or enforcement regime; are exposed to, especially if they are of high money launderingmeans the conduct set out in Article 3, paragraphs 1 and 5, of Directive (EU) 2018/1673 including aiding and abetting, inciting and attempting to commit that conduct, whether the activities which generated the property to be laundered were carried out on the territory of a Member State or on that of a third country; knowledge, intent or purpose required as an element of that conduct may be inferred from objective factual circumstances; and terrorism financing risk or of evasion or non-implementation of targeted financial sanctionsmeans both asset freezing and prohibitions to make funds or other assets available, directly or indirectly, for the benefit of designated persons and entities pursuant to Council Decisions adopted on the basis of Article 29 TEU and Council Regulations adopted on the basis of Article 215 TFEU; risk. The compliance functions referred to in Article 16(2) of Regulation (EU) 2024/1624 and the control functionsmeans a function that is independent from the commercial functions it controls and that is responsible to provide an objective assessment of the obliged entity’s risks, review or report on those, including, but not limited to, the risk management function, the compliance function and the internal audit function; shall ensure that the group-wide policies, procedures and controls are adequate to the actual structuremeans any form of organisation, agreement or similar that:includes at least two obliged entities;is not a group with a parent undertaking within the meaning of Article 2(1), point (42) of Regulation (EU) 2024/1624; andhas the objective of establishing a common framework of business, professional or commercial relationships connecting two or more obliged entities., composition and operations of the groupmeans a group of undertakings which consists of a parent undertaking, its subsidiaries, as well as undertakings linked to each other by a relationship within the meaning of Article 22 of Directive 2013/34/EU; and are appropriately designed to take into account the individual situation of the entities and branches in the groupmeans a group of undertakings which consists of a parent undertaking, its subsidiaries, as well as undertakings linked to each other by a relationship within the meaning of Article 22 of Directive 2013/34/EU;;

to ensure that the compliance functions referred to in Article 16(2) of Regulation (EU) 2024/1624 and the control functionsmeans a function that is independent from the commercial functions it controls and that is responsible to provide an objective assessment of the obliged entity’s risks, review or report on those, including, but not limited to, the risk management function, the compliance function and the internal audit function; regularly review the effectiveness of the group-wide policies, procedures and controls, inform relevant stakeholders, and address deficiencies. The group-wide policies, procedures and controls and the group-wide risk assessments shall be implemented consistently in all the obliged entities that are part of the groupmeans a group of undertakings which consists of a parent undertaking, its subsidiaries, as well as undertakings linked to each other by a relationship within the meaning of Article 22 of Directive 2013/34/EU; and shall be adequately reviewed and reassessed at the level of the parent undertakingmeans:for groups whose head office is located in the Union, an obliged entity that is a parent undertaking as defined in Article 2, point (9), of Directive 2013/34/EU that is not itself a subsidiary of another undertaking in the Union, provided that at least one subsidiary undertaking is an obliged entity;for groups whose head office is located outside of the Union, where at least two subsidiary undertakings are obliged entities established in the Union, an undertaking within that group established in the Union that:is an obliged entity;is an undertaking that is not a subsidiary of another undertaking that is an obliged entity established in the Union;has a sufficient prominence within the group and a sufficient understanding of the operations of the group that are subject to the requirements of this Regulation; andis given the responsibility of implementing group-wide requirements under Chapter II, Section 2 of this Regulation; in the Union;

to ensure that the group-wide policies, procedures and controls are communicated to relevant staff, including staff employed in subsidiaries and branches established in Member States or third countriesmeans any jurisdiction, independent state or autonomous territory that is not part of the Union and that has its own AML/CFT legislation or enforcement regime;.