AML/CFT Program
The Elements of an AML/CFT Program
the four pillars
• A system of internal policies, procedures and controls (first line of defense)
compliance function with a compliance officer (second line of defense)
• An ongoing employee training program
• An audit function (third line of defense)
FinCEN established a fifth pillar that requires risk-based procedures for ongoing CDD
• Understanding the nature and purpose of customer relationships for developing a customer risk profile
ongoing monitoring to identify and report suspicious transactions
• updating customer information
A System of Internal Policies, Procedures, and Controls
financial institutions that operate in multiple countries will need to reflect the local regulatory requirements. This may be achieved by having a different version of the AML/CFT program or by having country-specific addenda to the global AML/CFT program.
Internal AML/CFT policies should be established and approved by executive management and the board of directors
The standard AML/CFT operating procedures should be drafted at the operational level in the financial institution. These must be updated, to reflect changes in law , products, and organizational changes. procedures are more detailed than policies;
controls, including management reports and built-in safeguards such as requiring a officer’s approval or two signatures for transactions that exceed a prescribed amount
An AML/CFT compliance program should be in writing including how the institution will:
Identify high-risk operations
Inform the board of directors (or a committee of the board) and senior management of compliance initiatives, known compliance deficiencies, suspicious transaction reports filed and corrective action taken.
Develop a system of metrics reporting that provides statistics on key elements of the program, such as the number of transactions monitored, alerts generated, cases created, suspicious trans- action reports (STRs) filed.
Provide for program continuity despite changes in management or employee composition or structure.
Establish training requirements
explain the importance of reporting suspicious activity,
Establish clear accountability lines and responsibilities
Comply with all record-keeping requirements
Provide for dual controls and segregation of duties.
Incorporate into all job descriptions and performance review processes the requirement to comply at all times with anti-money laundering policies and procedures.
Develop and implement screening programs
Develop and implement quality assurance testing programs This is separate from the independent audit requirement
DIFFERENCES BETWEEN AML/CFT POLICIES, PROCEDURES AND CONTROLS
Policies
Clear and simple high-level statements (sets the tone from the top).
high-level responsibilities of the stakeholders through.
Procedures
policies into an acceptable and work- able practice,
• May be established at the operational (not executive) level of the financial institution. These are the instructions on how an institution wants something done.
• Much more detailed than AML policies.
• Reviewed and updated regularly.
Approved by executive management or the board of directors.
Controls
technology or tools the financial institution utilizes to ensure the AML/CFT program is functioning as intended
• Alerts compliance to potential outliers or deviations from normal policy that may need to be reviewed.
• Includes management reports, automated review systems, or the utilization of multiple reviewers.
The Compliance Function
The compliance function is the second line of defense
board of directors is responsible for appointing a Compliance Officer.
Compliance Officer. is responsible for managing all aspects of the AML/CFT compliance program. includes, , designing the program, making changes , disseminating information about the program’s successes and failures to key staff members, constructing AML/CFT-related content for staff training programs, and managing the institution’s adherence to applicable AML/CFT laws and regulations
the compliance officer most report to senior managers when sudden or substantial increase in STRs or currency transaction reports (CTRs). also include changes to laws that may require immediate action.
DELEGATION OF AML DUTIES
The department could be organized into subgroups with, , one person responsible for strategic aspects of the program and another for its operational aspects,
AML/CFT Training
WHO TO TRAIN
training for “appropriate” or “relevant” employees
In some countries, training programs extend beyond full or part-time employees to include contractors, consultants, students or from other branches or subsidiaries
Independent testing staff: Independent testing personnel are the organization’s third line of defense
WHAT TO TRAIN ON
background and history pertaining to money laundering controls . why criminals do it, and why stopping them
what laws apply to institutions and their employees.
Penalties for AML/CFT violations,
Internal policies, such as customer identification
WHEN TO TRAIN
should be ongoing and on a regular schedule. Existing employees should at least attend an annual training session. New employees should receive training with respect to their job function and within a reasonable period after joining or transferring to a new job. Situations may arise that demand an immediate session. For example, an emergency training session may be necessary right after an examination or audit that uncovers serious money laundering control deficiencies. A news story that names the institution or recent regulatory action, such as a Consent Order, might also prompt quick-response training. Changes in software, systems, procedures or regulations are additional triggers for training sessions.
Independent Audit
the audit should report directly to the board of directors or to a designated board committee composed primarily or completely of outside directors
sanctions risk
Legal record-keeping
Currency transaction reporting requirements.
How to react when faced with a suspicious client or transaction
Duties and accountability of employees.
confidentiality
• Real-life money laundering schemes (preferably cases that have occurred at the institution or at similar institutions), including how the pattern of activity was first detected, its impact on the institution, and its ultimate resolution.