FEEDBACK ON AML/CFT ON-SITE VISITS

Similar documents
Financial Crime Supervision & Policy Division Guidance Note Visit Trends & Observations

FINANCIAL INTELLIGENCE ANALYSIS UNIT. Risk Procedures. Ms Katia Satariano Senior Compliance Officer

Guidance for Completion of the Anti-Money Laundering, Countering the Financing of Terrorism and Financial Sanctions Risk Evaluation Questionnaire

Guidance for Completion of the Anti-Money Laundering, Countering the Financing of Terrorism and Financial Sanctions Risk Evaluation Questionnaire

IMAS Guidance to Assessing Money Laundering and Financing of Terrorism (ML/FT) Risk

Extract from Instruction for procedures against Money Laundering and Terrorist Financing for the SEB Group

Foundation Event Series One Developing and documenting Policies and Procedures. Jacelle Richardson Anguilla Financial Services Commission

Financial Crime Governance, Risk and Compliance Smaller Firms in the Trust and Corporate Service Provider Sector. Thematic Review 2017

Assessment Timeframes

Guidance for the AML/CFT Statistical return Year ended 31 December 2017 Regulated entities

Training Thematic Review

AML/CFT Anti-money laundering and countering financing of terrorism. Risk Assessment Guideline

CBI REPORT ON AML COMPLIANCE IN THE CREDIT UNION SECTOR SAMPLE ACTION PLAN. Governance

Subject: Assessment of information provided by Maltese FIAU further to the EBA s breach of Union law recommendation of 11 July

CONSULTATION DOCUMENT AML/CFT SUPERVISORY STRATEGY

P a g e 1 FINANCE SECTOR CODE OF CORPORATE GOVERNANCE

Joint Opinion. on the risks of money laundering and terrorist financing affecting the Union s financial sector JC/2017/07.

Anti Money Laundering (AML) Advisory Services Effective solutions for complex issues Deloitte Malta, 2017

AML/CFT Risk Assessment and Programme: Prompts and Notes for DIA reporting entities. December 2017

Industry Seminar 20 October AML/CFT Cross-Divisional Presentation. Andrea Sarchet-Luff Assistant Director, Banking Division

AML/CFT Anti-money laundering and countering financing of terrorism. Enhanced Customer Due Diligence Guideline

AML/CFT Anti-money laundering and countering financing of terrorism. Enhanced Customer Due Diligence Guideline

Report to: Trust Board Agenda item: 11 Date of Meeting: 9 November 2011

The Bribery Act What is bribery? What action should you take? The key offences

Information paper. Transaction filtering, systems testing and annual certification: driving business benefits

Risk Based Approach and Enterprise Wide Risk Assessment Edwin Somers / Inneke Geyskens-Borgions 26 September 2017

Customer Due Diligence, Using New Technology for in the CDD Customer Due Diligence PurposesProcess

3L3 Consultation Paper

Regulatory Compliance and Enforcement Framework

STRAGETIC RISK MANUAL

1.0 Rationale. 2.0 Intention. 3.0 General Principles. 4.0 Guidance, Procedures & Tactics. 5.0 Challenges & Representations

CONSULTATION PAPER NO OCTOBER 2012 PROPOSED CHANGES TO THE DFSA S ANTI-MONEY LAUNDERING AND ANCILLARY SERVICE PROVIDER REGIMES

AML & KYC. The Crime Prevention Compliance Course

Terms of Audit Engagements

Estate Agency Affairs Board FIC AMENDMENT ACT

AML & KYC. The Crime Prevention Compliance Course. This course can also be presented in-house for your company or via live on-line webinar

Financial Services Authority

Process for the freezing of resources for the implementation of sanctions imposed by international organizations (process of asset freezing of funds)

COMPLIANCE MANAGEMENT FRAMEWORK FOR VICTORIA UNIVERSITY

Guidelines of ECF for AML/CFT Grandfathering

SANCTIONS COMPLIANCE POLICY OF MIKRO KAPITAL GROUP

Interbank Messaging Platforms and Technology Providers Remain Outside of PPF.

Guide to using the work papers

Anti-Money Laundering & Countering Terrorist Financing: Building an Effective Compliance Framework

CORPORATE CRIME PREVENTION POLICY

Circular on Anti-Money Laundering Officer

Agreeing the Terms of Audit Engagements

Jersey Financial Services Commission

Data Protection in schools and colleges: Questions from the Governing Board/Trustees/Directors

Guidelines of ECF for AML/CFT Grandfathering

The Bribery Act 2010 (the Act) applies across the UK and all businesses need to be aware of its requirements which came into effect on 1 July 2011.

The Authority s responses to the key comments received and any other substantive changes are outlined below.

ANTI-MONEY LAUNDERING & SANCTIONS EXPERTS WITH IMPACT

Financial regulatory compliance.

AMF Position Compliance function requirements

Introduction. Composition and mandate of the Joint Working Group

Introduction. Composition and mandate of the Joint Working Group

LEICESTERSHIRE COUNTY COUNCIL HEALTH, SAFETY & WELLBEING POLICY. July 2011 To be reviewed: July 2014

AML/CFT Supervisor Workshop: Reserve Bank of New Zealand

July 1, 2013 CBCS POLICY RULE FOR SOUND BUSINESS OPERATIONS IN CASES OF CONFLICT OF INTEREST, INCIDENTS, AND INTEGRITY-SENSITIVE POSITIONS

Guidelines of ECF for AML/CFT Grandfathering

Guidelines of ECF for AML/CFT Grandfathering

SUMMARY OF: FSA Discussion Paper 06/05. FSA Confirmation of Industry Guidance

REPORT ON FEEDBACK ON MONEY LAUNDERING AND TERRORIST FINANCING CASES AND TYPOLOGIES 1. (Good practices)

Risk Management Briefing

Guidelines on the management body of market operators and data reporting services providers

GUIDELINES ON ANTITRUST COMPLIANCE (only the Italian text is authentic)

Regulation & Compliance for UK Financial Services

International investment bank. International Investment Bank Compliance Policy

FINANCIAL INTELLIGENCE CENTRE (FIC)

National Supervision Guideline for Electrotechnology Apprentices

Guidance Note: Corporate Governance - Audit Committee. January Ce document est aussi disponible en français.

AGREED WITH LLP MEMBERS CONFIRMED SUBJECT TO ANNUAL REVIEW IMPLEMENTED ENACTED AGREED AND IMPLEMENTED

Auditing of Swedish Enterprises and Organisations

INTERNATIONAL STANDARD ON AUDITING (IRELAND) 210 AGREEING THE TERMS OF AUDIT ENGAGEMENTS

closer look at Definitions The General Data Protection Regulation

Independent Living Needs and Risk Assessment Policy

Own Motion Inquiry: Compliance with Standard 8 of the 2014 Insurance Brokers Code of Practice ( Code Training )

Standard on Quality Control (SQC) 1. Presentation to the ICAI January 18, 2014

Risk management framework: compliance risk policy

Rules, Procedures, and Internal Controls Manual BRAM Bradesco Asset Management

Response to the Basel Committees Sound Practices: Implication of fintech

Defining and promoting excellence in the provision of mobile money services

Compliance Risk Rating

WORLD INTELLECTUAL PROPERTY ORGANIZATION GENEVA INTERNAL AUDIT AND OVERSIGHT DIVISION INTERNAL REVIEW ON PROGRAM PERFORMANCE REPORTING PROCESS

Auditing Standard ASA 210 Agreeing the Terms of Audit Engagements

AGREEING THE TERMS OF AUDIT ENGAGEMENTS SRI LANKA AUDITING STANDARD 210 AGREEING THE TERMS OF AUDIT ENGAGEMENTS

Audit, Risk and Compliance Committee Terms of Reference. Atlas Mara Limited. (The "COMPANY") Amendments approved by the Board on 22 March 2016

A Firm s System of Quality Control

Guidelines for Pharmacovigilance Inspections

Guidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.

National self-insurer OHS management system audit tool. Version 3

Updated Individual Accountability:

Agreeing the Terms of Audit Engagements

Health and Safety Policy and Management Arrangements

Recruitment & Selection Policy

Practical Systems Review. A Self-Review Tool for Local Government to Evaluate the Capability and Performance of Compliance Systems

Human Resources Audit. XYZ Group

Labour Standards Policy

Corporate Governance Framework

Transcription:

FEEDBACK ON AML/CFT ON-SITE VISITS JULY 2012

INTRODUCTION The Guernsey Financial Services Commission ( the Commission ) undertakes routine on-site inspections of the AML/CFT framework of financial services businesses and registered businesses ( businesses ). These inspections inform the Commission about the extent to which financial services businesses are in compliance with the AML/CFT regulations and the rules in the Handbooks. SCOPE The Commission s on-site programme is designed to: obtain a greater understanding of the activities undertaken by the business; review the risks identified by the business as to how it may be involved in money laundering or terrorist financing and assess the policies, procedures and controls which the business has put in place to manage and mitigate the identified risks; and provide a follow up process in respect of any deficiencies identified during off-site supervision. PURPOSE The purpose of this paper is to provide industry with a summary of findings, which may prove useful to businesses when identifying and managing risk and in considering their AML/CFT policies, procedures and controls. It is not intended to comprehensively describe all findings observed by the Commission during on-site inspections. This paper complements the Feedback and Typologies 2008-2011 document issued by the Financial Intelligence Service, which provides feedback to financial services businesses on the reporting of suspicion of money laundering and terrorist financing. 2

Overview The Commission s original intention was to provide sectoral feedback. However, after analysis of our on-site inspection findings it is clear that the findings across all sectors supervised for AML/CFT are similar. We have therefore consolidated our findings below on a finance-sector wide basis, even though all of the findings do not necessarily apply to all business sectors. All Guernsey banks and a number of other businesses are part of international groups which have long-established AML/CFT policies, procedures and controls. This significantly aids adherence to local legislation and regulatory requirements. In most cases, compliance with Guernsey standards is achieved by suitable amendments and additions to group practice. Local businesses are also able to draw on group expertise and systems support. As a consequence of drawing on group expertise some have policies, procedures and controls which exceed the Bailiwick s minimum requirements During 2011 the on-site teams undertook 94 on-site inspections which had an AML/CFT element. The Commission has formed the view that as a whole the industry is, in the main, operating in accordance with its obligations under the AML/CFT regulations and handbooks. All businesses have, in large part, successfully introduced approaches to the management of risk that classify customers, products, transactions and jurisdictions into high, standard and low risk in an appropriate manner. The overall assessment of risk then centres on a risk classification for each customer. Summary of Findings The remainder of this paper sets out both positive findings and some areas where more work was required to achieve consistent compliance with the AML/CFT provisions. Business Risk Assessment All businesses visited were observed to have undertaken and documented a business risk assessment, although undertaking a full business risk assessment leading to a specific strategy for dealing with ML/FT risk was problematic for some businesses. On a number of occasions the Commission noted that businesses had adopted a generic business risk assessment, drawn from group experience, or obtained or derived from a parent organisation or third party consultant/adviser. These business risk assessments did not relate to the relevant risks inherent for their particular business models and their operating environment and, therefore, the businesses could potentially be exposed to its products and services being used to launder criminal proceeds or finance terrorism. In some instances the business risk assessment did not identify risks which the business felt it had already mitigated. By omitting such risks from the business risk assessment a business is not able to demonstrate its consideration of ML/FT risk and identify the appropriateness of the measures it has adopted to manage and mitigate the risk. 3

There was some confusion as to which party was responsible for undertaking the business risk assessment where there were a number of parties involved in the management and administration of structures. Relationship Risk Assessment Generally, businesses had risk assessed their business relationships and occasional transactions. Some relationship risk assessments did not clearly demonstrate the basis for determining the particular ML/FT risk of a relationship, whilst others confused ML/FT risk with other risks or considered a very limited number of factors. Some businesses had difficulty in separating the concept of a business risk assessment for their business as a whole from a relationship risk assessment. The reason for a business risk assessment is to ensure that the AML/CFT policies, procedures and controls of a business are appropriate and effective, having regard to the assessed risk. Relationship risk assessments, which must be carried out for each individual relationship and occasional transaction, consider the extent of potential exposure to the risk of ML/FT. High Risk The Commission identified that some businesses did not have documented policies, procedures and controls for the risk rating of customers. In the absence of these policies, procedures and controls, customers that should have been classified as high risk were not and, consequently, enhanced due diligence was not undertaken to mitigate the associated ML/FT risk. Some businesses encountered difficulties in ensuring that, where one aspect of the business relationship or occasional transaction was considered to carry a high risk of ML/FT, the overall risk of the business relationship or occasional transaction is to be treated as high risk. Examples seen included PEPs or business activities connected with high risk jurisdictions, whereby the financial services business was downgrading the risk to standard or even low, based upon their assessment of the customer and/or the risk posed, in breach of the rules in the handbook. Whilst knowledge cannot downgrade risk, it is very important for managing and mitigating risk. There were instances where businesses had sought considerable information on potential relationships and, by documenting such information, the appropriateness and effectiveness of the mitigation could be assessed when high risk relationships were reviewed. There were also instances where businesses adopted a policy of not accepting high risk business as a risk control measure, but failed to ensure that it had in place documented policies, procedures and controls for high risk customers. This created the potential for high risk customers to be taken on inadvertently, or low or standard risk customers to become high risk without adequate risk assessment or monitoring being in place. Low Risk Where financial services businesses adopted reduced or simplified customer due diligence measures for business which has been assessed as low risk, there were occasions when this assessment was made without taking into consideration the provisions of the regulations and the rules in the handbook. It was also identified that, on some occasions where a 4

determination had been made that it was low risk business, the reasons for that determination had not been documented. Additionally, there was some confusion regarding the definitions of introducer and intermediary relationships providing for businesses to assign a low risk assessment to a relationship incorrectly. Monitoring In advance of the introduction of the regulations and the handbook for financial services businesses, most businesses had developed risk based programmes involving periodic reviews. These programmes have now bedded in and examples were seen where those riskbased reviews were timely and, where issues which could cause concern were identified, these were being followed up. However, there were also instances where delays had built up because of a lack of resources to carry out reviews or at senior management level for signing off reviews. Where a decision had been made to carry out monitoring upon trigger events there were occasions where there was no demonstration of any consideration of whether that model is appropriate on the basis of risk. This led to instances where insufficient enhanced monitoring had been undertaken when customers had been identified as high risk. Record Keeping In general, the record keeping requirements gave the Commission little concern. There were a small number of cases where policies, procedures and controls had not been updated in line with current legislation, rules and guidance, leading to staff not being fully aware of their obligations. Additionally, on occasions files which were retained overseas or by third parties were found not to be readily retrievable when the Commission requested to view them. Training Most businesses provided good general training to all staff, meeting the requirements of the regulations and the rules in the handbook. Businesses had often made use of external training sources and in some instances (particularly larger firms) AML/CFT training was being provided at a group level. However, there were instances where training was provided at group level, which had not been specifically tailored to meet the legislative requirements of the Bailiwick. On occasions, the approach to training had not been formalised, particularly where training was provided by one or more staff of an organisation to other members of staff. The lack of a formal approach to training made it difficult for some businesses to evidence compliance with the requirements of the regulations and the rules in the handbook. The Commission also found several examples where directors and MLROs received the same training as staff on the basis that all the training given is additional training. This training may be appropriate for relevant employees as defined in the handbooks but is not sufficient to meet the additional training requirements for the MLRO and the Board and senior management. The handbooks require the MLRO to have additional training which must include in depth and specific training with regard to areas such as suspicion reports and production and restraining orders. The handbooks also require the Board and senior management to have additional training on the provisions of the relevant enactments and information on the offences and the related penalties, including potential director and shareholder liability. 5

Additionally, there were instances where the AML/CFT training logs had not been kept up to date. In particular, they did not evidence the nature of the training undertaken and the dates of this training. UN Sanctions Awareness of the sanctions legislation was found to be good and businesses had made suitable efforts to implement procedures which meet the requirements of the legislation. Nevertheless, some of the smaller businesses, where the majority of their customers were not local face to face customers, were encountering difficulties in fulfilling their obligations to monitor the sanctions lists as they did not have access to automatic checking software. 6

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback