In most countries with robust anti-money laundering/countering the financing of terrorism (AML/CFT) governance framework, it is compulsory for financial institutions (FIs) to have its AML/CFT framework documented in the form of a company policy. This allows the FIs to prove that reasonable steps are taken in ensuring compliance with local regulations. Additionally, having a robust and decent AML policy will improve the regulator’s confidence in the FI undertaking money laundering/terrorism financing risks. Below are some factors to consider whilst creating an AML policies.
Senior Management Approval
An AML/CFT compliance program should be approved by the FI’s senior management or its board. This sets expectations that the responsibility for an AML/CFT program lies with the senior management, and not just operational staff. Senior management should set the right ‘tone’ in ensuring a strong AML compliance culture.
Designated AML Officer
FIs must designate an AML officer, preferably within the senior management. In countries with robust AML/CFT governance, the appointment is a legislative requirement. An AML officer acts as a liaison between the FI and the local regulator. Furthermore, an AML officer is responsible for reporting suspicious activities, as well as, receiving information from a Financial Intelligence Unit (FIU).
Proper documentation of processes
Without a doubt, an AML policy should document its entire AML processes. This includes the prevention, detection and the reporting of any suspicious transactions.
Independent audit of AML policy
As part of ensuring that an AML policy functions as intended, it should be subjected to an independent review to assess if the policy is robust. Reviews of the AML policy should be conducted regularly.
Relationships with anonymous individuals or entities
Criminals and terrorists prefer to conduct their illicit activities anonymously or under a fictitious name. An AML policy should address this concern and the approach the FI should undertake for such scenarios.
Relationships with higher risk customers
Customers who are Politically Exposed Persons (PEPs) or are adversely reported in the media should be scrutinised for potential money laundering/terrorism financing (ML/TF) activities. The policy should detail any extra steps taken, i.e., performing enhance customer due diligence or getting senior management approval.
Risk Assessment
The Financial Action Task Force (FATF) recommends a risk-based approach to determine the appropriate level of due diligence applicable for customers who are of heightened risk. A risk assessment helps the designated AML officer knowing the size of at risk customers in the company.
Retention period
The policy should list out a document retention period even if relationships between the customer has been terminated. This is to facilitate any re-evaluation or any request of information from a FIU or a local regulator.
Application of AML Policy within FI’s branches and subsidiaries
The AML policy should describe in detail if it applies to all branches and subsidiaries. However, in the perspective of a subsidiary, should the AML policy of its Head company is weaker than its own subsidiary policy (due to different levels of AML/CFT framework in each individual jurisdiction), the subsidiary should undertake and apply the stricter policy.
Training
An AML policy would not be complete if there is no indication of a training to all staffs. Having regular training would ensure that staffs are kept abreast with latest ML/TF typologies, trends, and regulations.
Conclusion
Financial crime is getting more prevalent in the world. As part of on-going efforts to prevent illegal activities happening in the company, it is imperative that FIs are equipped with the necessary framework. Having an AML policy is the first step of many in ensuring that suspicious activities or customers are accurately identified and addressed appropriately. A FI could further augment its AML framework by investing in technology. However, there is no one-size-fits-all solution to an AML framework and a Compliance Officer must be able to tailor an approach unique to his or her organisation.
