Security controls continue to advance in order to keep financial businesses stress- and fraud-free. Though, not everything in the garden is rosy: incorporating new measures doesn’t come as smoothly as it should. Business owners have to invest their time and resources in renovating their Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) policies, building compliance programs more steadily.
The problem is global and we have already helped a couple of hundreds of international businesses to readjust to the new normal. Based on this experience, we want to offer you the keys to the AML compliance program that will work for your business as well. Let’s start with a clear definition.
What is an AML compliance program?
An Anti-Money Laundering compliance program combines everything a company does to meet the compliance norms: built-in internal operations, user-processing policies, accounts monitoring and detection, and reporting of money laundering incidents. The aim of an AML compliance program is to detect, respond, and eliminate inherent and residual money laundering, terrorist financing, and fraud-related risks.
To develop a strong AML compliance program that helps expose bad actors and stay safe from non-compliance fees, businesses have to follow quite a few requirements.
What does a business have to do to stay AML compliant?
All Anti-Money Laundering compliance programs are aimed at the revelation of fraud, money laundering, tax evasion, and terrorist financing within a company. These goals can be achieved through the three most important must-dos.
- Effective reporting
A powerful reporting system helps to immediately deliver the information about a money-laundering activity to the relevant authorities.
- Staying aware of high-risk customers
- A compliance officer in the team
The process we are talking about is not easy to manage and requires a trained employee who would have the experience and the knowledge to keep the business in close compliance with the ever-changing laws and regulations.
Compliance must be the moral responsibility of every team member across all organizational structures. Staff must be trained to formulate and report their suspicions.
Factors that impact AML compliance
Before creating a compliance program, an organization has to summarize and define its potential risks and legal obligations.
- The money laundering risks the business is exposed to;
- Respective local and global laws and punishment for non-compliance;
- Potentially suspicious activities within the company.
To level up the development of AML compliance procedures, businesses should develop solid guidelines. It will simplify the process and avoid compromise.
How to develop an AML program: The step-by-step guide
We have made up a guide containing the key components and a summary of all the steps needed to develop an effective compliance program.
1. Detecting suspicious activity
The first goal is to quickly expose money laundering associated activities like:
- Abnormally big sums of money deposited on an account;
- The lack of information submitted to open a bank account;
- Fake data found in the application.
The full list of suspicion triggers could be found here.
Based on Recommendation 20 of the FATF, if a financial organization has reasons to suggest that certain funds were accumulated illegally or are linked to fraud and terrorism, it must shortly report these suspicions to a Financial Intelligence Unit (FIU).
2. Risk assessment
ML and TF risk assessment can help you score and sort customers into threat tiers based on the evaluation of the risk they pose. To develop a scoring model, assume common risk factors (high-risk countries, PEPs, UBOs, due diligence results).
The second point is the due diligence process which should be based on the risk assessment and determined by the relevant AML jurisdiction.
3. Internal practices
To handle ML/TF risks and maintain regulatory compliance (FATF, Recommendations 18, the Bank Secrecy Act) financial entities have to develop and implement internal guidelines regarding information sharing within the organization.
- Make due diligence your focus point
Every financial institution has to have due diligence procedures that follow both their own and their customer’s compliance demands.
- Assign roles and responsibilities wisely
Businesses must assign an AML compliance officer or a Money Laundering Reporting Officer (MLRO) (for larger organizations) to take over all things compliance.
- Report suspicious activitises
Suspicious transactions must be reported to the management first. Then, based on the evidence at hand, the MLRO is supposed to decide whether it is necessary to report it to the appropriate FIU or not.
- Teach employees to spot and properly react to ML and TF activity
The employee training program has to be designed to meet the requirements of the company and should be scheduled in accordance with the changes in legislation or after a criminal case takes place.
To properly protect their work banks and e-wallets should have internal controls across all departments and branches.
4. Prevention of criminal attempts
For compliance officers to understand their roles and obligations, an AML training program should be carried out regularly.
Who to train: High-risk departments, those where staff comes into direct contact with clients, compliance and audit teams, senior management.
- General information: the consequences of failing to maintain money laundering and terrorist financing as well as the importance of spotting and stopping these financial crimes.
- Legal framework: detailed review of anti-money laundering regulations.
- AML penalties: an overview of penalties for failure to adhere to Anti-Money Laundering laws.
How to train: Onsite or online, through third-parties, or with the help of experienced employees. There are some conventional training methods that are commonly used:
- Educational presentations and webinars prepared by a company’s compliance officer;
- Interactive e-learning modules and evaluation tests to measure Anti-Money Laundering proficiency;
- Regular staff meetings concerning the latest AML issues on the market;
- Updating Anti-Money Laundering controls and guidelines according to legislation and sharing the changes with staff.
Of course, each company has to consider its AML actions depending on the industry and business specifics.
5. Independent audits
A review by an independent auditor is a great way to spot the weaknesses in the company’s risk assessment and compliance program: KYC due diligence procedures, compliance training, monitoring, and reporting systems. By reviewing audit reports, companies can evaluate the effectiveness of implemented changes. Financial regulators, in their turn, use such audits to reveal the violations of AML laws.
Section 59(2) of the New Zealand AML/CFT Act obliges companies to carry out an independent audit every two years or upon a supervisor request.
Criteria for selection: An independent auditor must have AML expertise and meet regulatory expectations. Under section 59B(3), the auditor must not have participated in developing the organization’s AML compliance program.
The role of an AML compliance officer
Everything from compliance program development to its implementation falls under the responsibility of a compliance officer: internal audits management, compliance analysis, and the development of appropriate guidelines, employee training programs, etc.
Appointing an AML compliance officer
Candidates for this position must possess expert knowledge of regulatory data sources, compliance analysis tools, and demonstrate proficiency in the relevant regulations.
In addition, a compliance officer needs to have extensive experience in the financial sector, preferably in AML compliance, legal or internal risk audits. Another must is an appropriate certification (CAMS, CAFP, CRCM, etc).