As we approach year-end and amid the rush to get everything signed off, here’s our priority check on what you need to be on top of your AML compliance responsibilities.
1. Due Diligence and Know Your Customer processes are firmly embedded in your firm
AML regulations across the world are very clear about the requirement for comprehensive and methodical due diligence procedures.
For example, the US Patriot Act outlines that the minimum requirements for an AML program are for it to include:
a) the development of internal policies, procedures and controls;
b) the designation of a compliance officer;
c) an ongoing employee training program; and
d) an independent audit function to test programs.
US Patriot Act Sec. 352.
Similarly, the EU AML Fourth Directive outlines the types of policies and procedures that play their part in securing the financial sector from the damaging effects of money laundering and terrorist financing.
It also makes clear that ‘member states may adopt or retain in force stricter provisions in the field covered by this Directive to prevent money laundering and terrorist financing, within the limits of Union law.’ These provisions include: risk assessment, third-country policies, establishing Customer Due Diligence procedures, obtaining and holding beneficial ownership information and reporting on suspicious activity, among others.
Though the EU AML Directives can be seen as fairly prescriptive in their requirements, it is also true that individual member states have a degree of flexibility in terms of how they implement AML regulations, sometimes to the frustration of EU-level officials as well as regular citizens, as we saw in our discussion of recent scandals in the EU.
Having a sound AML/CFT policy in place means that you have thought about and set clear policies on how to conduct due diligence and how to keep to the KYC principle that ‘the more you know about your customers, the easier it is to identify activity that is unusual, out of character, and potentially suspicious.’
2. The firm’s recruitment process has ensured a competent MLRO
Of course, we know that ambitious firms will be looking to recruit only the best staff, and that includes excellent Compliance Teams. So what do the regulations say about this?
The EU AML Directive goes into some detail about those who effectively manage the business of entities such as ‘currency exchange offices, cheque cashing offices, trust or company service providers or gambling service providers’, that they should be ‘fit and proper’.
Not wanting to leave the interpretation of ‘fit and proper’ to chance, it goes further:
The criteria for determining whether or not a person is fit and proper should, as a minimum, reflect the need to protect such entities from being misused by their managers or beneficial owners for criminal purposes (source: EU Fourth AML Directive).
The EU’s Directive then enables individual member states/regulators to outline in more detail the procedures by which the criteria for a suitable MLRO will be enforced. For example, the Central Bank of Cyprus warns that it could request the removal from their position ‘of any director, manager or official, including the MLCO and the Head of Internal Audit and Compliance Units in the event of infringement due to his [sic.] own fault, wilful omission or negligence.’
Other regulations, like the Patriot Act, do not go into too much detail, mentioning simply the designation of a compliance officer as a necessary part of a functioning AML program.
In other jurisdictions, like the Cayman Islands, the AML regulations do not go into the character of the AML compliance officer, but rather focus on their duties and how they fit into the requirements of a good AML program: the MLRO is ‘a person employed at managerial level’ and the regulations go into detail about the Internal reporting procedures that this person oversees.
3. AML/CFT Training: all staff are fully aware and up to date
AML/CFT regulations across the world agree on this point.
The EU Directive refers to ‘special ongoing training programmes to help [staff] recognise operations which may be related to money laundering or terrorist financing and to instruct them as to how to proceed in such cases.’
The US Patriot Act enumerates training as one of the key pillars of an AML Program as ‘an ongoing employee training program’.
This requirement is important as changes to AML regulations do take place often, and also because criminals’ methods will vary: it is important for staff to keep training regularly on the possible scenarios and to understand their role in all this.
Crucially, financial services staff really are on the frontline of AML/CFT efforts – their ability to recognise and report suspicious activity can ensure that a criminal is caught.
Training also acts to protect staff and ensure they are fulfilling their responsibilities: as rules on AML/CFT tighten, staff could even be charged with a Money Laundering Offence if they are seen to be assisting in the carrying out of a crime – not knowing about regulations does not count as a viable defence.
How do you know you haven’t done so well this year then?
You could surely know that if your firm has hit the headlines as a result of not having or sticking to AML policies/procedures. You might also suspect something is not right if your staff – whether at management, compliance or other level – simply do not demonstrate any awareness of their role and responsibilities on the job.
If you are reading this, you might think that this is an exaggeration and that no company would disregard their compliance responsibilities to such an extent. But recent scandals have taught us that continued vigilance is unfortunately still required of us all.