Aligning an organisation’s business processes with the relevant anti-money laundering / countering the financing of terrorism (AML/CFT) regulations and best practices is no easy feat to accomplish. The difficulty of it amplifies when the business is massive and complex.
Recent events have shown us that organisations running afoul of the law and regulations face hefty fines as well as reputational damage. Having an AML/CFT programme is not enough – the need for it to be effective is now more crucial than ever.
An AML/CFT compliance programme helps the organisation better understand the synergy between the business processes and how complying with such regulations will impact its operations.
Notwithstanding the above, a well implemented effective programme can also demonstrate to its stakeholders and employees that their organisation remains committed to conducting business ethically and responsibly.
To form an AML/CFT compliance programme that is both effective and adequate, here are the 6 important elements that should be addressed:
1. Tone at the top
Leaders must prioritise and popularise a companywide culture of AML/CFT compliance by setting an example to the rest of the company. Therefore, leadership must be truthful, transparent, as well as fair. An organisation should empower employees and make them feel that they are a part of the team, as this would promote and encourage ethical behaviour.
Companies may also utilise a rewarding scheme to incentivise employees to report suspicious transactions or unethical behaviour.
2. Qualified Professionals
Part of an effective programme is ensuring that there is a corporate governance structure that includes compliance professionals that are fluent in AML/CFT and related regulatory requirements. These professionals form the AML/CFT subject matter experts within the organisation, ensuring that reported issues can be addressed in-house and within a time frame that would not further expose the organisation to more risk.
However, it is important that all employees understand the general idea of AML/CFT and the specific risks in their scope of work. Money laundering or terrorism financing risks (ML/TF) are present in daily operation activities that are, more often than not, invisible to the AML/CFT team unless reported. It is, therefore, imperative that employees across the relevant departments should undergo cross-disciplinary training or certification programmes in AML/CFT so that potential risks can be identified.
3. Risk Assessments
Risk assessments are important because they provide an organisation on how significant a risk can be to their AML/CFT goals. It should assess the risks that are inherent to the organisation’s operation in conjunction with the regulatory landscape on AML/CFT. The fundamental purpose of an AML/CFT risk assessment is to better manage its AML/CFT risk through the identification of risk, a mitigation plan and the creation of the organisation’s risk appetite along with its justification.
Additionally, a risk assessment will help the organisation measure and prioritise risk so that risk levels are managed within the organisation’s tolerance thresholds without being over-controlled or sacrificing desirable opportunities.
4. Policies and Procedures
Policies and procedures form part of the essentials in an AML/CFT compliance programme. Policies will address key issues, risk appetites and behaviour deemed acceptable by the organisation. Furthermore, such policies and procedures should be developed, updated, promulgated and implemented regularly on a consistent basis.
Some of the areas that should be addressed are:
- Risk appetites, ongoing monitoring or governance.
- Methods for performing transactions with entities known to present significant ML/TF risk.
- Processes that aggressively monitor ML/TF risk, including having an adequate resource of qualified investigators to focus on ‘suspicious activities.’
- Procedures for addressing AML allegations against the organisation, including having a specialised response team (such as an in-house legal team) to deal with such allegations strategically. It may be helpful to have in place a framework to expeditiously escalate such allegations within the organisation’s senior management for their immediate and timely attention.
- Training requirements for new staff during onboarding and periodic refreshers for existing staff.
One of the key points in a programme is having an internal escalation process in the organisation to report any AML/CFT or related issues efficiently and swiftly, without causing necessary disruptions to business efficiency.
Furthermore, the reporting structure should be clear and not ambiguous for all employees to understand. This would allow the organisation to respond swiftly with the appropriate action to such reports. In addition to its internal reporting structure, an organisation should take note of external reporting requirements of suspicious activity to the local Financial Intelligence Unit (FIU). Also, the organisation should pay attention to the local FIU’s reporting structure, or deadlines (if any).
6. On-going monitoring and testing
White-collar criminals are usually educated, innovative and possess the resources and the financial know-how to circumvent regulatory loopholes to accomplish their criminal goals.
Considering the above, along with the ever-changing landscape of the AML/CFT environment, an organisation should commit to testing its compliance programme regularly. This can be achieved by planning a review exercise conducted annually, or where there are material changes either internally (i.e., the creation of new products) or externally (i.e., regulatory changes), whichever is earlier. The review should be conducted without any conflict of interests. As such, an organisation may consider engaging an external independent reviewer.
However, given the massive amount of areas to cover, the organisation may take the risk-based approach to prioritise monitoring and testing in higher risk areas.
An AML/CFT compliance programme not only helps an organisation to comply with regulations but if done properly, it can aid in spotting opportunities or potential weakness along the business process that may or may not be AML/CFT related. Also, it allows a compliance officer to help guide and better advice internally on the ML/TF risks as well as promoting a culture that will benefit the organisation in the long run.
Some may see such a programme as a barrier to business efficiency or a financial cost to the organisation, but not having a plan to comply with regulations – costs even more.
Leave a Reply