It's a chorus, everyone needs to have basic BSA and AML training and understand their responsibilities to report suspicious activity.
Marketing should understand CIP and due diligence so they don't get anxious to waive things when customers complain or they suddenly get inspired to open accounts via the Internet. They also need to appreciate the fact that the information gained in these efforts can be put to good use in targeting sales.
"IT" doesn't describe a homogeneous group to me, but whomever is responsible for data processing needs to know what types of information would help you identify suspicious activity and where your systems are strong and where they could be improved.
It would be bad karma to use the word "exempt." You may be able to say that some groups only get the core modules on BSA and AML (including reporting suspicious activity).
_________________________
In this world you must be oh so smart or oh so pleasant. Well, for years I was smart. I recommend pleasant.