Framework governance with clear accountabilities (including KYC, AML, Sanctions, PEP risk assessment), risk appetite, policy and procedures, management information and risk reporting, independent testing of the framework and program oversight.
Highlight key risk areas, how well those risks are managed and support a risk-based allocation of resources, as well as the establishment of strategic controls for managing the identified risks.
Client On Boarding
An appropriate client identification, client screening, system of risk classification, client due diligence process, enhanced due diligence, source of funds and wealth checks, processes for the acceptance and continuance of higher risk clients including Senior Management authorization.
Process for ongoing of risk based client screening including negative news, connected parties, source of funding checks, client review and periodic refresh of due diligence.
An automated system of transaction monitoring configured with risk based typologies to detect unusual activity, screen transactions and block transactions that must be investigated. A system of enhanced monitoring for customers rated as higher risk.
Process and procedures for the investigation of unusual transactions, appropriate investigation tools, investigation process, adequate number of appropriately trained investigations staff, escalation process, record keeping, disclosure rationale, disclosures. Backlog investigation.
Comprehensive management information reports detailing risk and control performance, provided to the nominated officer, senior management and, on a periodic (at least annual) basis to the board.
System of record keeping evidencing the due performance of client identification, determination of risk, periodic account review and transactions. Record retention in accordance with applicable regulation.
Training & Awareness
A comprehensive training and awareness program informed by a training need analysis, risk based all staff awareness, continuing professional development for control officers, system of evidencing attendance and attainment.
Program of ongoing independent testing of the AML/CTF program including adherence to policy and procedures, control performance, escalation and reporting.
Politically Exposed Persons
Definition of the organization PEP matrix with list of functions per country that should be taken in consideration. PEP identification and investigation process. Periodical PEP review. Training on PEP investigation and record keeping methodology. Organization compliance with regulatory PEP requirements.