Risk Based Approach and Enterprise Wide Risk Assessment Edwin Somers / Inneke Geyskens-Borgions 26 September 2017

Similar documents
Extract from Instruction for procedures against Money Laundering and Terrorist Financing for the SEB Group

IIB - INTERNATIONAL BANKING ANTI-MONEY LAUNDERING SEMINAR

FINANCIAL INTELLIGENCE ANALYSIS UNIT. Risk Procedures. Ms Katia Satariano Senior Compliance Officer

CONSULTATION DOCUMENT AML/CFT SUPERVISORY STRATEGY

Anti Money Laundering (AML) Advisory Services Effective solutions for complex issues Deloitte Malta, 2017

Duty of Care: from must to accelerator?

IMAS Guidance to Assessing Money Laundering and Financing of Terrorism (ML/FT) Risk

Customer Due Diligence A Risk Based Approach. Dr Tony Wicks Director of AML Solutions NICE Actimize

FSI Governance Board effectiveness Insights & (emerging) best practices. EcoDa 25 October 2017

AML/CFT Anti-money laundering and countering financing of terrorism. Risk Assessment Guideline

Assessment Timeframes

WELCOME. 1

Introduction. Key points of the recent ODPC guidance, and the Article 29 working group guidance

EMEA TMC client conference Tax Operating Model defining your tax resourcing, governance and technology approach. The Crystal, London 9-10 June 2015

The digital fund lifecycle

Credit management Because a sale is a gift until it is paid. Financial resources

Independent Wealth Management in Luxembourg Perspective on a sector at crossroads 22 June 2018

Barry Robinson. Forensic Accountant, Deloitte

Compliance Risk Management Powers Performance

Global Trade Advisory Trade Automation Innovation

Guidance for Completion of the Anti-Money Laundering, Countering the Financing of Terrorism and Financial Sanctions Risk Evaluation Questionnaire

DFSNY Rule 504 Gathering the Evidence

Compliance Risk Rating

Effective Risk Management With AML Risk Assessment. January 25, 2017

Compliance control testing and monitoring

SREP Transformation The Deloitte approach. Deloitte Malta Risk Advisory - Banking

Guidance for the AML/CFT Statistical return Year ended 31 December 2017 Regulated entities

Guidance for Completion of the Anti-Money Laundering, Countering the Financing of Terrorism and Financial Sanctions Risk Evaluation Questionnaire

Juan Carlos Ramirez, VP, AML/ATF & Sanctions Audit, Scotiabank. Compliance and Risk Management

Enterprise compliance Acting on today s risks to avoid tomorrow s crises

It's your business Take control. Controlling services

Global Trade Advisory M&A Deloitte Tax LLP

Deloitte Consolidation & Close Transform your financial consolidation and close.

Non-Financial Risk Management Insights Series Issue # 1 Risk Taxonomy and Risk Identification

Non-Financial Risk Management Insights Series Issue # 2 Risk Appetite

Anti-Money Laundering and Sanctions Compliance. You Can t Afford the Risks

Implementing Analytics in Internal Audit. Jordan Lloyd Senior Manager Ravindra Singh Manager

Transforming lives in Africa. Deloitte s African Footprint

RegTech, the future of banking beyond IT. In collaboration with

Astrus Third Party Intelligence

Board Evaluation Is your Board ready for SREP governance reviews? Deloitte Malta Risk Advisory - Banking

Risk Advisory Services Our common storefront. Risk Advisory Services Our common storefront

Non-Banking Financial Institution (NBFI) Third Party Payment Processor (TPPP) AMLQuestionnaire

2017 Conference Takeaways

Infrastructure and Capital Projects

Deloitte in Kazakhstan Sharing your aspirations of growth. Deloitte Kazakhstan, 2015

Managing Risk Governance and

BALANCING COMPLIANCE WITH CUSTOMER SATISFACTION

Dutch Banking Supervision on Conduct and Culture Deloitte Dublin 26 June 2018

Financial regulatory compliance.

CBI REPORT ON AML COMPLIANCE IN THE CREDIT UNION SECTOR SAMPLE ACTION PLAN. Governance

Australian Remittance and Currency Providers Association Ltd. ACN: ABN: PO Box 1757 Lane Cove NSW 2066

H 2 N H. Supply chain management in the chemicals industry Key challenges and how Deloitte can support

Joint Opinion. on the risks of money laundering and terrorist financing affecting the Union s financial sector JC/2017/07.

1. Understanding Big Data. Big Data and its Real Impact on Your Security & Privacy Framework: A Pragmatic Overview

Deloitte M&A Deal Corridor US/EU

IFRS 16 Technologies 12 June 2018

Co/outsourcing and/or supporting of your customs and global trade management

AML model risk management and validation

Corporate Governance Board Effectiveness Reviews

Deloitte Legal Department Health Review Approach to Strategic Planning

Why Is Third Party Risk Management Important?

Heightened standards for compliance risk management. Lines of defense compliance s role

LESSONS LEARNED FROM BSA ENFORCEMENT ACTIONS

Customer Due Diligence (CDD) Market Survey. Survey Results. Copyright 2016 NICE Actimize. All rights reserved.

Governance in a multidimensional environment

H 2 N H. Supply chain management in the chemicals industry Key challenges and how Deloitte can support

Model Risk Management at FinTech organizations Considerations for bank charter applicants

AML/CFT Anti-money laundering and countering financing of terrorism. Enhanced Customer Due Diligence Guideline

AML/CFT Anti-money laundering and countering financing of terrorism. Enhanced Customer Due Diligence Guideline

Global Trade Radar How to leverage what tax authorities and forward-looking companies are doing in customs and global trade. Global Trade Radar

IFRS 17 Vendor Solutions Event. 4 October 2018

Customer Due Diligence Risk-Based Approach. Dan Soto CCO Ally Financial

2. Review Criteria against Enhanced Independent Review

Risk Advisory Services Developing your organisation s governance for competitive advantage

The Robots Are Here! RPA Services in Greece

Bank M2M Europe MAJOR ENHANCEMENTS IN AML/CTF COMPLIANCE AND OTHER RELEVANT DEVELOPMENTS

Procure to Pay (P2P) Risk Analytics. Risk Advisory

Time to take action IFRS 16 Leases

Audit quality Independent Audit

King IV and the governance of ethics

Anti-Money Laundering & Countering Terrorist Financing: Building an Effective Compliance Framework

Our PRIIPS solution Get prepared for the race

THOMSON REUTERS CLIENT ON-BOARDING

SAP Service Parts Management Distribution Center in the Middle East region

Enterprise. Service. Transformation. Deloitte driving your digital service excellence with ServiceNow

Digital Fluency Academy Do you speak Digital?

Turn to Business Planning and Consolidation to Run Your Global Firm SAPPHIRE NOW

How to build construction management processes

CFO Perspectives CFO Speaks

Link'n Learn Interactive Access to Deloitte Knowledge

Subject: Assessment of information provided by Maltese FIAU further to the EBA s breach of Union law recommendation of 11 July

ISACA San Francisco Chapter

Securing tomorrow today Improving the process of VAT compliance and return preparation

AML/CFT National Risk Assessment (NRA)

Practical Suggestions/Tips for an Effective BSA/AML Compliance Function

Reimagine Collections and Disputes Proactively identify and manage issues with machine learning

REGULATORY RISKS (risks related to federal and state requirements)

Sustainability reporting using the GRI Taxonomy

EMEA TMC client conference Operationalising transfer pricing. The Crystal, London 9-10 June 2015

Transcription:

Risk Based Approach and Enterprise Wide Risk Assessment Edwin Somers / Inneke Geyskens-Borgions 26 September 2017

Contents I. Risk Based Approach 3 II. Enterprise Wide Risk Assessment 11 II.1. Introduction 12 II.2. EWRA process 15 II.3. EWRA Outcome 22 III. Conclusion Implementation of the Risk Based AML/CFT Framework 24 2017 Deloitte Belgium 2

I. Risk Based Approach 2017 Deloitte Belgium 3

Risk Based Approach Regulatory framework FATF 2014 Guidance for a Risk Based Approach in the Banking Sector A Risk Based Approach to AML/CFT means that financial institutions are expected to: Identify, assess and understand the ML/TF risks to which they are exposed; and Take AML/CFT measures commensurate to those risks on order to mitigate them effectively.! A Risk Based Approach does not exempt institutions from mitigating ML/TF risks where these risks are assessed as low The Risk Based Approach is the essential foundation of a AML/CFT framework The Risk Based Approach is the over-arching requirement applicable to all relevant FATF recommendations 2017 Deloitte Belgium 4

Risk Based Approach Regulatory framework Law 20 July 2017 Stronger, more explicit and more general focus on Risk Based Approach as cornerstone to build an AML/CFT framework 2017 Deloitte Belgium 5

Risk Based Approach Principles RISK BASED APPROACH (Law 20 July 2017/AMLD IV) A risk based approach implies that, in a more clear way than before, all measures (organisation, business and transaction wise) should aim at avoid/minimalising the risk of being misused for money laundering or terrorism financing purposes. A risk based approach should enable financial institutions to take less profound measures in situations where the risk is limited. The resources that are redeemed, should be used for more profound measures in situations where the risk is higher. RAISE IN EFFICIENCY Profound and actual knowledge/insights in ML/FT risks required ENTERPRISE WIDE RISK ASSESSMENT (EWRA) 2017 Deloitte Belgium 6

Risk Based Approach Components The Risk Based Approach consists of two components: 1. RISK ASSESSMENT Identification, assessment and monitoring of the ML/TF risks at entity (and group) level Enterprise Wide Risk Assessment (entity/group level) vs Individual Risk Assessment (client level) 2. RISK MITIGATION Implementation of risk-sensitive measures to manage and mitigate the ML/TF risks The Risk Based Approach: Is considered as an essential foundation of an adequate AML/CFT framework and the overarching requirement that must be complied with when applying the other AML/CFT requirements Is not seen as a zero failure approach Allows financial institutions to apply preventive measures that commensurate to the nature of the risks to which they are exposed > Evidence based! ALL MEASURES SHOULD AIM AT LIMITING THE RISK OF BEING USED FOR ML/TF 2017 Deloitte Belgium 7

Risk Based Approach Risk Mitigation To mitigate the ML/FT risks to which they are exposed, financial institutions must implement risk-based customer due diligence and ongoing monitoring measures. Financial institutions should be able to prepare a customer risk profile. This will determine the level and type of customer due diligence, ongoing monitoring and support the FI s decision whether to enter into, continue or terminate the business relationship The risk criteria and profiles must be reviewed periodically and review is needed when there are changes in circumstances or when relevant new threats emerge. The criteria and parameters used for the allocation of a risk level for each of the clusters of customers must be properly documented and communicated to relevant personnel within the financial institution. This approach must be applied consistently. The extent of the customer due diligence and ongoing monitoring measures may be adjusted in line with the ML/FT risk associated with a individual business relationship. The extent of the measures that are applied must increase where the ML/TF risks associated with a business relationship are higher. The extent of the measures that are applied may decrease where the ML/TF risks associated with a business relationship are lower. Simplified CDD Normal CDD Enhanced CDD 2017 Deloitte Belgium 8

Risk-based approach A model for a risk-based approach - Template for discussion purposes only - 2017 Deloitte Belgium 9

Risk Based Approach Risk Based Approach vs. Risk appetite Level of risk an institution is willing to take Balance to find = Challenging & Dynamic Strategic objectives in pursuit of value and profit Institutions that tends to take adverse risk: Should demonstrate a high level of scrutiny and enhanced due diligence measures that will allow compliance with AML/CFT obligations This can increase: The cost of compliance Regulator concern on the level of compliance 2017 Deloitte Belgium 10

II. Enterprise Wide Risk Assessment (EWRA) 2017 Deloitte Belgium 11

II.1. Introduction 2017 Deloitte Belgium 12

Enterprise Wide Risk Assessment key principles Must be aligned with the nature, complexity and size of the activities being carried out. Must be properly documented and communicated to relevant personnel within the financial institution. The assessment must be reviewed periodically and when there are changes in circumstances or relevant new threats emerge. Must consider all relevant inherent risk factors at the country, sectoral, group, entity and business relationship level. The assessment must be performed in a holistic manner. Must be performed based on a formally documented risk assessment methodology and approach. This approach must be applied consistently. The data collected for the Enterprise Wide Risk Assessment is aligned with the data requested in the Questionnaire of the NBB. 2017 Deloitte Belgium 13

Risk Based Approach Regulatory framework Law 20 July 2017 2017 Deloitte Belgium 14

II.2. EWRA Process 2017 Deloitte Belgium 15

Enterprise Wide Risk Assessment Approach Risk assessment typically follows a 3-phase approach: Phase 1: assessment of the Inherent Risk Phase 2: Assessment of the Mitigating Controls Phase 3: Assessment of the Residual Risk Must consider all relevant inherent risk factors at the customer/entity, products/services, transactions, channels, and geographical level. The assessment must be performed in a holistic manner Enables financial institutions to understand how and to what extent, they are vulnerable to ML/TF -> Measuring the exposure to ML/TF through an assessment of the mitigating controls. These are assed across various control categories, e.g. corporate governance, KYC/CDD/EDD, STR reporting, training and record keeping The Residual Risk is obtained by taking into account the inherent risk and the overall controls rating 2017 Deloitte Belgium 16

Enterprise Wide Risk Assessment - High Level Update on the Process 2.1. Set up methodology 2.2 Identification & analysis of risk factors 2.3. Set up risk based approach 2.4. Target Operating Model (To Be) Methodology Data Risk Analysis Report Collection Appetite Elaboration & Set-up of Methodology Mapping of Risk Indicators & Risk Factors Set-up Data Request Collect Data Define, Explain and Document different scoring and aggregation techniques Calculate Inherent Risk Calculate Control Measures EWRA Report Mapping of Control Measures Calculate Residual Risk! Tailor Made! Data Driven! Decision on acceptable risk levels 2017 Deloitte Belgium 17

Enterprise Wide Risk Assessment Process Flow An effective AML/CFT Compliance Program starts with an in-depth and Enterprise Wide Risk Assessment Scope Inherent risk Assessment Controls Assessment Residual Risk Action Plan and reporting (TOM) Define the scope and structure of the organization and its Business Lines. Select risk categories and factors to assess and determine the inherent risk present in all business lines and enterprise-wide. Assess design and operating effectiveness of mitigating controls Highlight risk categories without sufficient mitigation and business lines posing the greatest risk, and evaluate results against institution s risk appetite statement Develop action plan for underperforming controls based on identified gaps, create reporting and prepare documentation for audit purposes Risk Categories and risk factors Risk category Customers Products & Services Transactions Channels Geographies Other Qualitative Factors Risk factors (non exhaustive) Ownership structure Industry PEPs High degree of anonymity or limited High degree of currency or equivalents Readily frequently more value from one jurisdiction to another High degree of anonymity Account origination servicing Account servicing Location of business Location of customers Origin/destination of transactions Recent/expected growth New products/services 2017 Deloitte Belgium 18

Inherent Risk Area - ML/TF Business lines Consolidated Retail Corporate Private Enterprise-Wide 4,1 Transaction type Medium Low Low Medium 80% 4,2 Transaction amount Low Low Low Low 20% 6 Geographies Low Medium High Medium 15% 6,1 Location of Operations Low Low Low Low 10% 6,2 Location of Customers and Related Parties Low High High High 50% 7 Qualitative Risks High Medium Medium Medium 5% 7,1 Stability of Customer Base Low Low High Medium 2% 7,2 Integration of IT systems (providing for a holistic view of customers) Low Low High Medium 4% 7,3 Recent AML/CFT Compliance employee turnover High Low Low Medium 10% 7,4 Recent AML/CFT first line employees (e.g., front office) turnover in the past year Medium Medium High Medium 5% 7,5 Recent introduction of new products/services/channels High Medium Medium Medium 2% 7,6 Impacted by any acquisitions / mergers / portfolio purchases Low Low Low Low 2% 7,7 Recent special projects related to AML compliance (e.g., PEP remediation, KYC remediation) Medium Medium Medium Medium 5% 7,8 AML Regulatory Changes during the last year Medium Medium Medium Medium 15% 7,9 3rd Party Vendor Reliance / Partners (Outsourcing of Key AML Program Controls) High Low Low Medium 30% 7,10 Recent Internal Audit findings and/or examination findings that identified a significant or material issue relating to AML/CFT High Low Low Medium 5% 7,11 First line Monitoring and Testing Results that identified a significant or material issue relating to AML/CFT High High High High 10% 7,12 Second line Monitoring and Testing Results that identified a significant or material issue relating to AML/CFT Medium Medium Medium Medium 5% 8 Emerging risks Medium Medium Low Medium 5% 8,1 Expected account/customer/revenue growth Low Low Low Low 20% 8,2 Planned introduction of new products/services/channels High Medium Low Medium 20% 8,3 Planned acquisitions by <Company A> Low Low Low Low 20% 8,4 Planned Strategy Changes Medium Medium Low Medium 20% Overall Inherent ML/TF Risk Subjective Change / Override Overall Inherent ML/TF Risk Primary Risk Area Medium Medium Medium Medium 100% Medium Medium Medium Medium 100% Weights Underlying Risk Factor Enterprise Wide Risk Assessment Phase 1 Inherent Risk Assessment Scope Inherent risk Assessment Controls Assessment Residual Risk Action Plan and reporting Inherent ML/FT risk is assessed across 8 main risk areas. Multiple risk factors are evaluated within each main risk line to determine the overall inherent AML/CFT risk for each business line and Enterprise-Wide. Risk level scaling 8 main risk categories Risk model Snapshots For each risk sub-factor the risk is rated on 5 point scale. Customers Risk Level Score Very High 5 High 4 Medium 3 Low 2 Very low 1 Products Services Transactions For each risk category and risk factor the inherent AML/CFT risk is rated on 3 point scale. Channels 1 Customers Medium High Medium Medium 20% Risk Level Score High 3 Medium 2 Low 1 Geographies Qualitative Risks Emerging Risks 1,1 Legal Form / Ownership Structure Low High High Low 25% 1,2 Aging of Customer Relationship Low Medium Medium Low 10% 1,3 PEP Status High High High High 25% 1,4 Industry High High Low High 25% 1,5 Customer Risk Rating Low Medium High Low 5% 1,6 High Risk Customer Attribute Low Low Low Low 5% 1,7 Client relationship - unusual circumstances Medium Low Low Medium 5% 2 Products High Medium Medium High 15% 2,1 Products High Medium Medium High 3 Services High Medium Medium High 10% 3,1 Services High Medium Medium High 4 Transactions Medium Low Low Medium 20% 5 Channels Medium Low Low Medium 10% 5,1 Account Origination Medium Low Low Medium 60% 5,2 Servicing method High Low Low High 40% 6,3 Origin/Destination of Transactions Low Low High Low 40% 7,13 Recent NBB findings after inspec tion High High High High 5% 8,5 Expected Regulatory Changes/Requirements (e.g. AML 4/5th directive) High High High High 20% - Examples for illustration purposes only - 2017 Deloitte Belgium 19

Enterprise Wide Risk Assessment Phase 2 AML/CFT Controls Assessment Scope Inherent risk Assessment Controls Assessment Residual Risk Action Plan and reporting Mitigating controls in form of AML/CFT policies, procedures and processes are assessed for each business line and Enterprise-Wide in terms of Design and Operating Effectiveness. For each Control area, the Design is assessed using 3 point scale. Risk Control level scaling Level Score Partly consistent & Insufficiently 3 consistent Largely consistent 2 Fully consistent 1 For each Control line, the Operating Effectiveness is assessed using 3 point scale. 11 control areas, e.g. AML/CFT Roles and Responsibilities Training and Awareness IC Enterprise-Wide Risk Assessment and Risk-Based Approach IC - Customer Due Diligence IC - Suspicious Activity Report/Suspicious Transaction Report Filing Examples of Questions on operating effectiveness Does the AML/CFT Officer have the necessary authority, independence and resources to effectively execute all duties? Is AML/CFT training (general awareness, targeted/role-based) updated on a periodic basis? Have you performed an AML/CFT risk assessment in the last 12-18 months? Do you obtain and retain identifying information with regard to the beneficial owner of each customer? Is all identified ML/FT-related activity timely reported to the respective supervisory body (e.g. CTIF-CFI, Treasury,..)? AML/ CFT Controls Assessment Snapshots Risk Level Score Partly efficient & Insufficiently 3 efficient Largely efficient 2 Fully efficient 1 2017 Deloitte Belgium 20 - Examples for illustration purposes only -

Enterprise Wide Risk Assessment Phase 3 Residual Risk Assessment Scope Inherent risk Assessment Controls Assessment Residual Risk Action Plan and reporting Residual risk is derived by combining mitigating controls with the inherent ML/FT risk for every business line and enterprise-wide. Result is presented in a heat map. Residual risk scaling Residual Risk Snapshots Residual risk is defined for every business line and Enterprise-Wide according to the matrix below. ML/TF Residual Risk Determination ML/TF Inherent Risk Low Medium High Fully consistent/effective Low Low tending Medium Medium AML/CFT Controls Largely consistent/effective Partly or insufficiently consistent/effective Low tending Medium Medium Medium tending High Medium Medium tending High High - Examples for illustration purposes only - 2017 Deloitte Belgium 21

II.3. EWRA Outcome 2017 Deloitte Belgium 22

Enterprise wide risk assessment (EWRA) Examples 2017 Deloitte Belgium 23 - Examples for illustration purposes only -

III. Conclusion Implementation of the Risk Based AML/CFT Framework 2017 Deloitte Belgium 24

3.Conclusion Implementation of the Risk Based AML/CFT Framework 3. Need to optimize the management of the onboarding and review processes Strengthened definitions and CDD requirements will impact risk categories and the review of existing customers (adapted definition of UBOs, inclusion of domestic PEPs, ). More detailed CDD information and documentation requirements will lead to longer and more thorough onboarding processes, more review and analysis, etc. 2. A tailor made Risk Based Approach All policies, procedures, processes controls, should be risk based taking into account the necessary granularity at the level of the firm. 4. A data driven model More detailed customer and transaction information requirements and a closer follow-up of the client will lead to a considerable increase in available data. Therefore data management will become key in the new AML/CFT framework (data driven enterprise wide risk assessment, follow-up of customer data, enhanced record keeping requirements, ). Moreover the availability of more data will also put transaction monitoring standards to a next level. Further digitalization and the possible use of new data techniques could be envisaged to streamline the AML/CFT processes. Enterprise Wide Risk Assessment (EWRA) 6. International focus on terrorism prevention will cause firms to strengthen their preventive controls on sanctions and embargoes. In specific cases lookback programs will need to be set up 1. Risk identification and awareness as starting point In order to be able to build their own RBA, firms need to have a clear, consistent, documented and data driven view on their ML/FT risks. 5. Documentation is key The policy and process framework (including analysis, risk assessment process, ) should be documented in detail, including updates, validation and decision making. Also the practical application of this framework (client acceptance, internal investigations, alert handling, ) will need to be fully and consistently documented. 2017 Deloitte Belgium 25

3.Conclusion Implementation of the Risk Based AML/CFT Framework Challenges Success factors Respect the increasing regulatory requirements and expectations Being in line with the current national and international regulatory obligations. Meeting the AML/CFT expectations of the supervisory authorities. Being ready for future regulatory developments (new AML framework, 5 th AML Directive, stringent sanction and embargo screening requirements). Being In line with the applicable best practices as applied within the relevant institutions. Business ownership and Compliance support Guarantee the quality of execution of the AML/CFT processes Avoiding gaps in the execution of AML / CFT processes and this in all areas including risk, governance, 26 operations, technology and reporting. Deploying sufficient (quantitative) and capable (qualitative) employees to take up the AML / CFT responsibilities. Developing a differentiated Risk Based Approach based on an AML / CFT Risk Assessment Transferring important AML / CFT responsibilities to 1 st line departments and redefining the role of Compliance. The right balance between and the correct execution of the controls by the 3 lines of defense. Transformation as a project with business as usual as objective High quality support with a clear focus Execute the AML/CFT processes in a cost efficient way Need for technological support for the execution and management of AML / CFT processes, the rationalization of the AML / CFT reporting and harmonizing AML / CFT processes within the setting. The pursuit of further process automation to enhance the quality of AML / CFT processes and to avoid possible errors in (manual) processes. The efficient and risk-based bridging of the time required for the development and implementation of IT applications. 2017 Deloitte Belgium 26

3.Conclusion Implementation of the Risk Based AML/CFT Framework Challenges Success factors Business ownership and Compliance support Respect the increasing regulatory requirements and expectations Guarantee the quality of execution of the AML/CFT processes Execute the AML/CFT processes in a cost efficient way Business ownership, both in terms of the elaboration and implementation of the AML / CFT framework and processes as in its daily execution of utmost importance for its effective and efficient execution. Compliance resources must be used to provide the necessary substantive expertise and to optimally organize the relevant information flow and transfer, accelerating as such the project's lead time (and implementation of its results). Each line of defense must focus on adequate control and monitoring responsibilities within the global 3 lines of defense model. Transformation as a project with business as usual as objective The strengthening of the AML / CFT framework and the AML / CFT processes must be managed as a project to guarantee sufficient focus, resources and results. The project structure should keep the further business as usual fully in mind and should therefore fully involve the relevant departments of the institution so that knowledge and knowhow can be transferred to the best. The project must be managed centrally to ensure that all relevant business lines and departments are involved. It is important that the concerned departments will, by central steering, engage optimally in the project. High quality support with a clear focus Presence of strong central management of the project team and regular contacts with relevant stakeholders. Availability of specialists, both in terms of content, process and IT, to make the project to a success in an efficient way. Centralization of multidisciplinary skills within the project team with maximum focus on the project. Joint responsibility of the project members (managers and employees of the institution and group, external support). 2017 Deloitte Belgium 27

Contact details Edwin Somers Director FSI Governance, Regulatory & Risk E-mail: edsomers@deloitte.com Phone: + 32 2 800 2159 Mobile: +32 499 98 95 13 Inneke Geyskens-Borgions Manager Governance, Regulatory & Risk E-mail: igeyskensborgions@deloitte.com Phone: + 32 2 800 2417 Mobile: +32 499 42 63 71 2017 Deloitte Belgium 28

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ( DTTL ), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as Deloitte Global ) does not provide services to clients. Please see www.deloitte.com/about for a more detailed description of DTTL and its member firms. Deloitte provides audit, tax and legal, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 150 countries, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges. Deloitte has in the region of 225,000 professionals, all committed to becoming the standard of excellence. This publication contains general information only, and none of Deloitte Touche Tohmatsu Limited, its member firms, or their related entities (collectively, the Deloitte Network ) is, by means of this publication, rendering professional advice or services. Before making any decision or taking any action that may affect your finances or your business, you should consult a qualified professional adviser. No entity in the Deloitte Network shall be responsible for any loss whatsoever sustained by any person who relies on this publication. 2017 Deloitte Belgium

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback