The Criminal Justice (Money Laundering and Terrorist Financing) Acts 2010 to 2021 places obligations on designated persons regarding Customer Due Diligence (CDD) and record keeping, procedures, and training.
Within this post, we break down the key topics that need to be covered by firms when establishing AML policies, controls, and procedures.
Contents |
Firms should employ a risk-based approach with the application of proportionate due diligence based on the assessment of individual client risk within the context of the overall firm-wide risk profile.
Firms should document their understanding of the key money laundering and terrorist funding risks that are faced in their firm by conducting a business risk assessment. This should include a record of the sources used to complete this assessment.
An individual client risk assessment procedure must be documented to determine if each client fits within the risk tolerance of the firm and to assign an appropriate due diligence level.
The methodology used to mitigate identified risks should be documented in the business risk assessment and the firm’s policies, controls, and procedures manual should be updated to reflect the agreed mitigating actions.
Firms should undertake a periodic review of their client risk assessment and business risk assessment controls and procedures.
Policies, controls, and procedures must be defined so that appropriate and consistent due diligence is applied to all new clients and subsequent transactions. Specific CDD considerations to be covered include:
Firms need to comply with the record-keeping obligations contained in Anti Money Laundering (AML) Guidance and Legislation. Data retention and disposal policies should outline what records are kept, the form in which they are kept, and for how long they should be kept. Firms should delete any personal data obtained solely for the purposes of AML record retention compliance after the expiry of the appropriate data retention period.
Policies, controls, and procedures and your business risk assessment need to be maintained and kept up to date. In addition, compliance with your policies should be monitored on an ongoing basis. Your AML compliance program must implement internal controls that increase the chances of preventing or detecting money laundering-related activities. AML internal controls include those policies, procedures, and processes designed to mitigate the risks of money laundering and support compliance with AML regulations. Defined and documented internal controls should:
It is important to note that the firm’s senior management adopts the PCP’s and that they are kept under review and up to date. Effective management of AML and terrorist financing risks are the responsibility of senior management. Policies, controls, and procedures and your business risk assessment need to be maintained and kept up to date. In addition, compliance with your policies should be monitored on an ongoing basis.
Firms need to demonstrate that:
Policies, controls, and procedures need to be documented and applied to maintain appropriate ongoing monitoring of all client transactions to prevent activities related to money laundering and terrorist financing.
The firm will need to document the frequency, triggers, and procedures to verify the information held for each client. The procedures will detail how the firm’s records are to be updated, the reassessment of risk to the firm, and any required escalation to the Money Laundering Reporting Officer (MLRO) or nominated Compliance Officer.
The ongoing review of the firm’s business risk assessment also forms an important part of an effective risk mitigation program and must be documented within the broader ongoing monitoring procedures.
Should any individual within the firm have any suspicion regarding the activities of a client, then this fact and the circumstances surrounding the suspicion must be reported to the MLRO or nominated Compliance Officer.
An internal report form should be used to report to the MLRO or nominated Compliance Officer.
The internal report should address the following points:
Once an internal report has been made to the MLRO or nominated Compliance Officer regarding a suspicion with a client or a suspicious transaction, they need to assess the report and determine whether, in their opinion, an external report is required to be raised to the Garda Síochána and/or to the Office of the Revenue Commissioners.
Communication is a key component to ensure effectiveness across a firm’s AML program. Clear guidance is required for all personnel and staff in the following areas:
All personnel and staff involved in the conduct of your business need to be provided with ongoing training on identifying a transaction or other activity that may be related to money laundering or terrorist financing, and on how to proceed once such a transaction or activity is identified. Policies, controls, and procedures must be in place to ensure that all partners, directors, other officers, and all employees are:
The MLRO or nominated Compliance Officer should implement an appropriate AML training regime and maintain records of such. Key documents that need to be maintained include the Firm’s AML Training Log and the Annual Staff AML Training Confirmation.
Although the AML obligations on firms are significant, there are technology options available that allow you to be effective, and compliant and improve your internal processes. Within AML HQ, we provide you with a full set of policies, controls, and procedures that you can use out of the box, or further tailor to suit your firm.
We have developed a one-stop AML portal that helps your team to achieve compliance through convenience. Our portal provides smart processes to help your team efficiently onboard clients with a risk-based approach that automatically creates the records and reports to demonstrate due process and compliance. In addition to policies, controls, and procedures templates, our service also includes:
Who is AML HQ? |
AML HQ's all-in-one compliance solution was created in line with guidance from competent authorities and governing bodies to solve the challenges faced in complying with ongoing Anti-Money Laundering regulations. Our service reduces your risk of exposure to Money Laundering by guiding your staff through efficient processes such as initial Risk Assessments and Client Due Diligence checks. AML HQ reduces onboarding times and provides your clients with a modern, secure, and professional impression of your firm. Our risk-based approach to Know Your Customer checks automatically creates the records and reports to demonstrate due process and compliance. All reports and evidence are automatically recorded in a GDPR-compliant process and can be efficiently retrieved on-demand to support audits and regulatory visits. Subscription to our service costs €45 per month for firms that have up to 100 customers. Why not try out AML HQ on a free 14-day trial. |