Implementing an effective AML/CFT Compliance Program
Fundamentally, an AML/CFT program should be risk-based. Certain aspects of a financial institution’s business will pose greater money laundering risks than others and will require additional controls to mitigate those risks, while others will present a minimal risk and will not need the same level of attention.
Depending on the size of the organization, the anti-money laundering function may be managed as a dedicated/standalone department, integrated into other corporate departments such as the legal department or may be performed by people who have other compliance duties.
The AML/CFT program should establish minimum standards for the enterprise that are reasonably designed to comply with all applicable laws and regulations. It may be supplemented by the policies and procedures of various lines of business or legal entities that address specific areas, such as private banking, trade finance, cash handling, institutional banking, wealth management or investigations.
Compliance programs should also include corporate governance and overall management of money laundering and terrorist financing risks.
The Financial Action Task Force (FATF) urges risk-based controls. Per FATF, there are circumstances where the risk of money laundering or terrorist financing is higher, and enhanced customer due diligence (CDD) measures have to be taken. A risk-based approach requires financial institutions to have systems and controls that are commensurate with the specific risks of money laundering and terrorist financing facing them. An AML/CFT Program should be
• flexible because money laundering and terrorist financing risks vary across jurisdictions, customers, products and delivery channels and over time;
• effective as companies are better equipped than legislators to effectively assess and mitigate the particular money laundering and terrorist financing risks they
face; and
• proportionate because a risk-based approach promotes a common sense and intelligent approach to fighting money laundering and terrorist financing as opposed to a check-the-box approach. It also allows firms to minimize the adverse impact of anti-money laundering procedures on their low-risk customers. Commonly referred to as the four pillars, the basic elements that must be addressed in an AML/ CFT program are
a system of internal policies, procedures and controls (first line of defence);
a designated compliance function with a compliance officer (second line of defence);
an ongoing employee training program; and
an independent audit function to test the overall effectiveness of the AML program (third line of defence).
A System of Internal Policies, Procedures and Controls
The establishment and continual development of a financial institution’s policies, procedures and controls are foundational to a successful AML/CFT program. Together, these three parts define and support the entire AML/CFT program, and at the same time, act as a blueprint that outlines how an institution is fulfilling its regulatory requirements. All three parts should be designed to mitigate the identified AML/CFT risks and should take into account the applicable AML/CFT laws and regulations that the financial institution must comply with. They should clearly indicate the risk appetite of the business; in other words, what risks the business is prepared to accept and those it is not.
AML Policies, Procedures and Controls an AML/CFT
A compliance program should be in writing and include policies, procedures and controls that are designed to prevent, detect and deter money laundering and terrorist financing.
AML/CFT Training
Most AML/CFT laws and regulations require financial institutions to have as part of their formalised AML/CFT compliance programs training for appropriate or relevant employees. Training is one of the most important ways to stress the importance of AML/CFT efforts, as well as educating employees about what to do if they encounter potential money laundering. Training also acts as an important control in the mitigation of money laundering risks to which the financial institution may be exposed.
Independent Audit
Putting your AML/CFT compliance program into motion is not enough. The program must be monitored and evaluated. Institutions should assess their AML/CFT programs regularly to ensure their effectiveness and to look for new risk factors.
The audit must be independent (i.e., performed by people not involved with the organisation’s AML/ CFT compliance staff), and individuals conducting the audit should report directly to the board of directors or to a designated board committee composed primarily or completely of outside directors.
Establishing a Culture of Compliance
Embedding a culture of compliance into the overall structure of a financial institution is critical to the development and ongoing administration of an effective AML/CFT program. Typically, the ultimate responsibility for the AML/CFT compliance program rests with the financial institution’s board of directors. The board and senior management must set the tone from the top by openly voicing their commitment to the AML/CFT program, ensuring that their commitment flows through all service areas and lines of business and holding responsible parties accountable for compliance.
Developing an AML/CFT program is the first step toward achieving regulatory compliance, protecting your reputation and have measures in place to combat money-laundering and terrorist financing. An in-depth knowledge and understanding of the complexities within the AML/CFT legislation is imperative and requires a competent advisor, even if it means seeking external assistance.
This article has been authored by Dr Franklin Cachia, Senior Manager Tax & Regulated Industries. For any additional information or
assistance required on the implementation of an effective AML/CFT program you are invited to reach him at
info@csbgroup.com.