Obliged entities (businesses which are subject to AML regulations) are required to put in place processes and procedures to meet their legal obligations in their home country.
Businesses will be subject to specific local rules and regulations, however as a general principal they should put in place a continuing cycle of actions to ensure that AML Compliance is properly adapted to take into account National and Sectorial Risk Assessments relevant to their activity and regularly reassessed to take account of changes such as the nature of service risks, products, clientele, and technology.
ASSESSING THE ML/FT-P-C RISK BY CONDUCTING BUSINESS RISK ASSESMENT
Perform BRA taking into account National and Sectorial Risk Assessments and considering relevant risk factors:
- Company’s client base
- Country and Geographical Region risk
- Nature of Client Activities and Transactions
- Nature of Goods and Services
- Delivery Channels
- New Technologies
Inherent risk, and mitigation measures must be considered and resources allocated accordingly.
DEVELOPING AND IMPLEMENTING AML POLICIES, PROCEDURES AND CONTROLS
The AML Policy should take into account the BRA and must include the following:
- Customer onboarding process
- Client Risk Assessment(CRA)
- Ongoing vigilance
- Trigger Events
- Red Flags
- PEPs and High Risk jurisidctions
- Identifying and reporting suspicious transactions
- AML Governance Structure
- AML Record-Keeping requirement, and evidence of work done
PUTTING IN PLACE THE AML SOLUTION
The company must consider allocating resources and using technology that supports:
- Customer identification and screening, including sanctions screening
- Identifying customer risk and managing overall CDD
- Enhanced Due Diligence procedures
- Ongoing monitoring of transactions
- Detecting suspicious activities and generating alerts
- Employee screening
AML TRAINING
Regular AML training must be provided to the employees, including senior management, to create awareness about:
- Internal AML policies and procedures
- Their roles and responsibilities in fighting ML/FT-P-C
PERIODIC REVIEW AND AUDIT OF THE AML PROGRAM
The AML internal or external audit or the periodic review must cover the following areas:
- Regular BRA update
- Keeping up-to-date with legislative changes and regulatory guidance
- CDD process accuracy and timeliness
- Ongoing monitoring system review
- Red flags adequacy with recent ML/FT-PC typologies
- Quality of internal mechanisms for identifying and reporting suspicions
This will help in ensuring the quality and effectiveness of the implemented AML Program