FINANCIAL INTELLIGENCE ANALYSIS UNIT. Risk Procedures. Ms Katia Satariano Senior Compliance Officer

Transcription

1 Risk Procedures Ms Katia Satariano Senior Compliance Officer

2 RISK APPROACHES RISK PROCEDURES RISK BASED APPROACH MANDATORY OPTIONAL

3 RISK APPROACHES RISK PROCEDURES MANDATORY Regulation 4(1)(c): subject persons are to establish policies and procedures on risk assessment and risk management that are adequate and appropriate to to prevent the carrying out of operations that may be related to ML/FT

4 RISK APPROACHES Regulation 7(8): subject persons may determine the extent of the application of CDD requirements on a risk sensitive basis depending on the type of customer, business relationship, product or transaction RISK BASED APPROACH OPTIONAL

5 RISK APPROACHES MANDATORY RISK PROCEDURES or the RISK BASED APPROACH subject persons should: 1) Identify and assess the ML/FT risks relevant to the subject person Customer risk Product/service risk Interface risk Geographical risk 2) Manage and mitigate the risks by designing and implementing controls

6 RISK CATEGORIES Customer Risk Product / Service Risk Interface Risk Geographical Risk Natural persons: generally based on the person s economic activity and/or source of wealth Legal entities: corporate structures, trusts, foundations, associations and commercial partnerships may be used to obscure links Awareness of customer behaviour is required no commercial rationale; requests for complex/unusual transactions; undue levels of secrecy; deliberately broken audit trails; unnecessary layering; unwillingness to disclose details of real owners/controllers Customers subject to sanctions or other economic measures should automatically be classified as high risk Certain products/services are inherently more risky and therefore are more attractive to criminals Use of internet for the provision of services may aggravate the ML/FT risks due to rapidity and level of anonymity Notion of reputable jurisdictions

7 RISK APPROACHES MANDATORY RISK PROCEDURES RISK BASED APPROACH Subject persons are required to manage and control their ML/FT risks solely on the basis of a rules based approach all customers, business and products receive equal attention and resources are applied evenly Subject persons are required to manage and control their ML/FT risks commensurately with the identified risks customers, business and products which pose the highest ML/FT risk receive the highest attention and resources are allocated in the most effective way

8 Mandatory Risk Procedures

9 MANDATORY RISK PROCEDURES Risk assessment procedures should allow subject persons to identify and assess ML/FT risks and thereby determine: whether the application of EDD is necessary the point in time when the application of CDD to existing customers is to be carried out whether a customer presents a low risk of ML/FT Develop and establish an effective CUSTOMER ACCEPTANCE POLICY

10 MANDATORY RISK PROCEDURES Risks should be mitigated through risk management procedures, which should as a minimum provide for: the implementation of a programme setting out additional measures to be applied in higher risk situations requiring a higher standard in relation to the quality of documents obtained monitoring transactions/activities to a higher degree where the the risk warrants such additional measures

11 The Risk Based Approach

12 RISK BASED APPROACH The application of the RBA requires: A model to implement the RBA framework simple or sophisticated Procedures based on objective criteria Determination of the subject person s risk appetite

13 RISK BASED APPROACH Identify and assess risks Obtain a risk profile Risk Based Approach Framework Manage and control risks Monitor controls Record the action taken Must be appropriate when considering the risks of ML/FT

14 RISK PROFILE Scoring Type of Customer Product/ Service Interface Geographical EXTREME 9 10 PEPs Sanctioned individuals or entities Services intended to render the customer anonymous Internet transactions Country subject to sanctions, embargoes HIGH 6 8 Non face to face NPOs Correspondent bank Fiduciary arrangements Internet based product Services identified by FATF Internet transactions Non reputable jurisdiction MEDIUM 3 5 Employees Public figures General public Normal products Non face to face Reputable jurisdiction Equivalent country Domestic LOW 1 2 Other individuals (e.g. pensioners) None Face to face EU Member State Domestic

15 RISK PROFILE Determination of risk appetite of the subject person Customer falling within the risk appetite of the subject person 3. Customer falling outside the risk appetite of the subject person

16 Record Keeping Procedures

17 REGULATION 4(1)(a),(b) No subject person shall form a business relationship or carry out an occasional transaction with an applicant for business unless the subject person (a) maintains the following measures and procedures established in relation to that business in accordance with the provisions of these regulations: (i) customer due diligence measures; (ii) record keeping procedures; ; and (ii) internal reporting procedures; (b) applies the measures and procedures established under paragraph (a) including when entering into or undertaking non face to to face relationships or transactions

18 RECORD KEEPING Purpose of record keeping: Regulation 13 requires subject persons to retain documents and information for use in any investigation into, or analysis of, possible money laundering or the funding of terrorism Such records are highly relevant to the competent authorities responsible for analysis, investigation, law enforcement and prosecution They may constitute evidence of targets (persons, assets, criminal networks), the audit trail and money flows

19 RECORD KEEPING Records to be retained: CDD documentation Documentation relating to the business relationship and any transactions carried out Records of the findings of the examination of the background and purpose of the relationship and the transactions carried out in relation to Regulation 15(1) and 15(2)

20 RECORD KEEPING Records should be retained for a period of at least 5 years CDD documentation from the date on which the relevant financial business or relevant activity was completed In relation to other records from the date on which all dealings taking place in the course of the transaction in question were completed With STRs FIAU may extend 5 year period

21 RECORD KEEPING Records to be retained as evidence of compliance: Internal reports made to MLRO External reports submitted to FIAU Reasons for not forwarding internal reports to FIAU Training records Due diligence documentation on new employees

22 RECORD KEEPING Other important records to retained: Reports made by MLRO to senior management Records of consideration of the reports made by MLRO and of any resulting action Any senior management approvals (e.g. on PEPs, reputable jurisdictions etc) Reports on any audit or assessment dealing with AML/ CFT issues, including the salient recommendations

23 RECORD KEEPING The Implementing Procedures allow for the maintenance of records in: Physical files Scanned form Computerised or electronic form Ensure that: a standardised approach is used records can be quickly retrieved computerised and electronic documents remain accessible over time

24 Awareness and Training

25 AWARENESS AND TRAINING Regulation 4(3) specifies that the term employees refers to those employees whose duties include the handling of either relevant financial business or relevant activity This would include: Directors Senior management The MLRO Any designated employee Compliance staff Other relevant staff

26 REGULATION 4(1)(d) No subject person shall form a business relationship or carry out an occasional transaction with an applicant for business unless the subject person (d) takes appropriate measures from time to time for the purpose of making employees aware of (i) the measures and procedures under the provisions of paragraph (a) and paragraph (c), and any other relevant policies that are maintained by him; and (ii) the provisions of the Prevention of Money Laundering Act; of the Sub Title, of Acts of Terrorism, Funding of Terrorism and Ancillary Offences of Title IVA of Part II of Book First of the Criminal Code, and of these regulations

27 AWARENESS CDD measures Record keeping procedures Internal reporting procedures Policies and procedures on internal control Policies and procedures on risk assessment and management Policies and procedures on compliance management and communication Relevant legislative provisions Implementing Procedures Must inform staff of the MLRO and any designated employee, together with their functions and responsibilities

28 REGULATION 4(1)(e) No subject person shall form a business relationship or carry out an occasional transaction with an applicant for business unless the subject person (e) Provides employees from time to time with training in the recognition and handling of transactions carried out by, or on behalf of, any person who may have been, is, or appears to be engaged in money laundering or the funding of terrorism

29 TRAINING Tailored: According to the business of the subject person According to employees responsibilities Practical and not simply theoretical: Steps to follow when accepting customers How to handle high risk customers How products and services may be misused How to behave when faced with transactions which are suspicious

30 TRAINING An ongoing exercise To new employees (induction training) To specific employees when their roles change To all employees when there is any substantial change Ideally prepare an AML/CFT annual training programme including refresher courses

31 TRAINING Training records to be retained: Date Nature of training Names of participants Results of any assessments Copy of handouts or slides

32 Vetting of Employees

33 VETTING PROCEDURES Subject persons shall ensure that they have in place appropriate procedures for due diligence when hiring employees: Professional references Confirming employment history Confirming qualifications Police conduct certificate Procedures are applicable to all relevant employees

34 CONTACT DETAILS Ms Katia Satariano: