If you are following my articles series , you must by now have known the difference between the AML/CFT policy and AML/CFT procedures. If you have missed out any of them please go through them by following this link:
AML/CFT policy is brief introduction of all control measures that you are going to apply in your organization, let’s say, in the policy you give information about different types of customer due diligence: Standard and Enhanced, while in Manual you are going to explain the detail procedures of Standard and Enhanced Customer Due Diligence. You will also draft the format/forms/checklists so that it will be easy for users to complete those Due Diligence to ensure uniform practice in whole organization.
The AML/CFT Manual shows the technique by which AML/CFT policy may be implemented. It’s detail explanation of the policy, that is why some organization may include AML/CFT policy and manual in the same documents, however doing so may lead to creation of bulky document and employees may feel reluctant to go through this document. Therefore, having separate documents as policy and manual means that it would be helpful for the staff who want to know about AML/CFT concepts, can refer the policy while for users who want to know about detail AML/CFT procedures, they can go through the manual.
The organization may want to incorporate the following clauses while drafting AML/CFT Manual/Procedures:
- Customer Identification Procedures: Here you should provide detailed procedures for obtaining, verifying information submitted by the customers. This section may also include how risk profiling of the customer should be done.
- Customer Acceptance: This section list types of the customers that is acceptable to the organization to do business and what type of customers should be avoided. For e.g., shell companies.
- Verification Timing: This section includes situations regarding when the customer KYC information should be sought like before carrying out wire transfer and so on.
- Procedure for Pending Accounts: If your organization allows to open pending accounts, you need to describe the conditions in which pending account should be opened and for how long. Does any approval need to be taken, what exhibit should be prepared and so on.
- Politically Exposed Persons, Beneficial Owner, Adverse Media: This section is important as well as challenging to write. You should have clear mechanism to state out how individual staff could identify PEP or Hidden Beneficial Owner. Do you have any automatic system placed for customer screening. What to do if customer is identified as PEP or Hidden Beneficial Owner. How should relationship be established with them. Should they be classified as High Risk? These questions should be clearly answered in this section.The next challenge is Adverse Media. Most of Screening System will show you the names matched in Adverse News, but to verify the customer with that name is challenge because of lack of information . There should be detail procedures to verify such names so that there is no confusion among staffs.
Transaction Monitoring: You need to explain whether you have manual or automatic system for transaction monitoring.
Customer Due Diligence: This section details out procedures for customer due diligence based on different risk profile of the customer. The universal practice is to perform standard due diligence for low risk and medium risk customer and enhanced due diligence for high risk customers. Standard Due Diligence may be limited to obtaining identification documents from customers. Meanwhile, Enhanced Customer Due Diligence will include additional information like obtaining identification details of relatives of customer, supporting document for the sources of income. This section may indicate checklists/forms developed to carry these CDD, whose formats are usually kept in Appendix part.
- Reviewing of KYC: You need to include when should KYC of different risk profile of the customers should be updated. For high risk customer it may be annually while for others it may be longer. It should also include what type of information should be collected from customers at the time of review. (Note:You may not want to update permanent nature of documents like citizenship.)
- Walk-In-Customers: You may want to include provision on how to deal with walk-in-customers like obtaining KYC documents when that customer wants to initiate a transaction beyond certain threshold.
- Customer Screening: Whether you have manual or automated system for customer screening, you need mention clear procedures for that.
- Reporting: In this section , you need to describe what type of reporting is being done to your regulatory bodies, it may be TTR , STR or other reports. But keep in mind to exclude the exact provisions/clause mentioned in AML/CFT Laws and Regulations as they are subject to change with changes in regulatory environment . However, you may want to include the provisions that may remain same for longer period of time in like red flags to identify suspicious activities.
- Wire Transfer: Here you should include what the information is required to transfer any wire messages, further what information should be verified at the time of accepting wire transfer. Also you need to mention, what should be done if any discrepancies were observed. If you have mechanism for monitoring wire transfer for the purpose of verification of source of fund and purpose of fund, that should be mentioned here.
- Correspondent Banking: This section should included how organization is going to establish correspondent banking relationship, what information should it verify, who have authority to approve correspondent banking relationship.
- Know Your Employee: This should include the detail procedure regarding what information should be collected for doing Due Diligence of employee before hiring them like performing background screening, checking with references.
- Know Your Agent: Same as above you need to mention what are steps that organization should take before and after assigning task to a agent. Organization may hire agent for various purposes like for remittance, marketing, updating KYC and so on.
- New Technology: As ML/FT risk may arise due to introduction of new product and services, therefore there should be a mechanism where introduction of any new product should be reviewed by the AML/CFT department for any ML/TF risk.
- Miscellaneous: You may include other sections as you deem fit like Awareness and Training Program, penalties, relationship with other department’s policies and so on.
- Annexes: This section includes the list for formats, checklist that you have developed for implementation AML/CFT policy and procedures.
These are component that may be included in AML/CFT Manual. Point to remember here is that, it is not by far exhaustive list but can be integral part of Manual.
4. AML/CFT Risk Assessment Framework:
If you are following me from my first article series, then you should already know that risk assessment is basis for the formulation of any kind of AML/CFT policies. Therefore, organization may want to formalize this risk based approach as a policy . The detail guideline for the risk assessment is given in following article, you can take the basis of this article to write you own risk assessment framework.
Policy and manual development life cycle can be divided into two parts:
- Policy and Manual Development
- Implementation of Policy and Manual
We have completed the 50% task of development of policy and manual, now in the next article series, we will discuss how we are going to implement them.
Next Article: On Developing AML/CFT Organization Structure