Over the past decade we’ve seen a substantial rise in the number of legislations regarding how legal entities, especially financial institutions, combat financial crimes like money laundering and terrorist financing.
Today, business owners in different parts of the world employ various measures against these crimes, but the compliance program is the most efficient option for your business. As experts in the compliance business, we have taken the liberty of providing the key components of an effective Anti-Money laundering (AML) compliance program. Let’s proceed with a simple definition.
What is AML Compliance Program?
AML Compliance Program is a methodology that defines how a company monitors accounts, detects and reports financial crimes to relevant authorities. Essentially, a compliance program tackles the inherent and residual money laundering risks the company faces.
In order to develop an effective AML compliance program, the company must understand the role of legislation in AML practices and what is required of an AML compliance program.
What Is Required Of An Anti-Money Laundering Compliance Program
A company’s AML compliance program should be able to detect money laundering; tax evasion; fraud; and terrorist financing through its accounts. It should have systems to immediately report money laundering activity to relevant authorities and also evaluate its client’s risk profile.
The program should be managed by an AML compliance officer who is responsible for maintaining a culture of compliance at every organizational level.
Developing an AML Compliance Program
When creating an anti-money laundering compliance program, an organization must consider certain factors such as the risks they are exposed to, anti-money laundering laws in their jurisdiction and a combination of suspicious activities that indicate money laundering. A more suitable approach to this development is by outlining solid guidelines to simplify the process and avoid compromise.
How to Develop the Program: A Step-by-Step Guide
We have provided a guide containing the key components of an AML compliance program. The guide is also a summary of all the steps necessary to develop this program.
1. Detection of Suspicious Activities
The first step is detecting suspicious activity. Our goal here is to have systems in place for prompt detection of activities associated with money laundering. Examples of suspicious activities that indicate money laundering and terrorist financing are:
- Substantial increases in cash deposits of any individual or business without apparent reason;
- providing minimum or fictitious information when applying to open a bank account.
The full list is here.
Based on Recommendation 20 of the FATF, if a bank has reasons to suspect that funds are the proceeds of financial crime or are linked to terrorist financing, it must report its suspicions promptly to the relevant Financial Intelligence Unit (FIU).
2. Risk assessment
Risk assessment gives a full understanding of the different tiers of risks a customer presents and how to mitigate them. You can determine if a customer is low-risk or high-risk by gauging them with a scoring model. This scoring model must consider a culmination of the risks factors such as geographical location, PEPs, UBOs; and outcome of the required KYC due diligence process (CDD or EDD).
The Due Diligence process should be guided by information provided by AML regulators in the company’s jurisdiction.
3. Internal Controls
Internal controls are policies designed to mitigate the risks of money laundering and support compliance with AML regulations. Financial institutions are mandated by FATF, Recommendations 18 and the Bank Secrecy Act to put controls in place for sharing information within the organization for AML purposes. Internal controls can be put in place by the following steps:
- Due Diligence Screenings: Companies should incorporate their due diligence procedures to include all compliance requirements for both customers and business partners.
- Establishing Roles and Responsibilities for an Internal Controls by designating an AML compliance officer and for large organizations: a Money Laundering Reporting Officer (MLRO).
- Reporting Suspicious Activity: Suspicious financial transactions can be reported to management. If suspicions are on reasonable grounds, the MLRO should report to the appropriate FIU.
- The employee training program should be designed to meet the requirements of the company and should be scheduled according to changes in legislation or when a critical event occurs.
For banks with foreign branches and majority-owned subsidiaries, internal controls across various departments should be consistent. Large banks and e-wallet companies should implement departmental internal controls for anti-money laundering purposes.
4. AML Compliance Training Program
The rationale behind this step is to ensure that employees are familiar with AML legislation, including their roles and obligations. An ideal AML training program is interactive and done regularly.
Who to Train: companies should assign an advanced level of training to staff in areas prone to higher AML risk. They include staff with direct customer contact; operational teams; compliance and audit staff; subject-matter experts and senior management.
- General regulatory information. Including the implications of money laundering, and why identifying and stopping such activities is important.
- Legal and financial framework. This includes how anti-money laundering regulations apply to companies and the importance of staff compliance.
- Overview of penalties for breaching anti-money laundering laws
How to Train: training can be onsite, web-based, through third-parties, or internal. More conventional training methods are:
- Presentations and webinars by an AML Compliance officer.
- Interactive e-learning modules that require staff to complete tests in order to gauge their understanding of AML policies.
- Regular discussions about anti-money laundering issues in staff meetings without disclosing sensitive information.
- Sending regular updates on anti-money laundering legislation to staff.
An effective AML training program should take into consideration the company’s risk profile and the type of services they offer.
5. Independent Audit
An independent audit is simply a thorough review of the company’s risk assessment and compliance program by an independent auditor. The audit is needed to provide the organization with a clear outline of issues requiring urgent attention to ensure regulations are complied with.
Financial regulators use these audits to find cases that are considered to be a violation of AML regulations in the time duration the audit covers.
An independent audit tests the company’s KYC due diligence procedures; employee training; systems for ongoing monitoring and systems for
reporting money laundering activities. Independent audits also review previous audit reports to assess the effectiveness of implemented changes.
Section 59(2) of the New Zealand AML/CFT Act requires an independent audit of risk assessment and AML compliance program every two years or when requested by a supervisor.
Criteria for selection: An independent auditor must have AML expertise and meet regulatory expectations. Under section 59B(3), the auditor must not have participated in developing the organization’s risk assessment and AML compliance program.
Furthermore, auditors should have adequate resources and look to minimize compliance costs. Adequate experience in developing professional audit processes is a bonus.
The Role of an AML Compliance Officer
An AML compliance officer is responsible for overseeing the development and implementation of the company’s AML compliance program. Other roles of an AML compliance officer include coordinating internal audits and making compliance recommendations based on their findings. They also assist in the ongoing training program for employees.
Appointing an AML Compliance Officer
Per minimum criteria, candidates must have expert knowledge of regulatory data sources; data analysis tools and techniques; and regulatory compliance.
In addition, years of experience in the financial sector, preferably in AML compliance, legal or internal audits, and risk assessment. Candidates should also have CAMS, CAFP, CRCM, or other appropriate certification.