We have summarised the key takeaways of the thematic review:
Knowledge, skill and experience of MLRO and MLCO: It is vital that MLRO and MLCO have the appropriate knowledge, skill and experience.
Capacity, resources and independence of MLRO and MLCO: Boards should be mindful of emerging resourcing issues where key individuals occupy more than one key role
Policies, procedures and controls:. Boards should ensure that there are appropriate and effective policies and procedures covering Board Management Information, Maintenance of SAR records, Themis functions, Sharing of SARs within the Group, Maintenance of customers following SAR and Interaction with FIS regarding consent.
Management Information (“MI”) of Suspicious Activity Reporting: MI provided to the Board should contain the number of internal disclosures received by the MLRO or a nominated officer; the number of external disclosures reported onward to the FIS, an indication of the length of time taken by the MLRO or nominated officer in deciding whether or not to externalise an internal SAR and the nature of the disclosures. Firms should use the MI to identify and monitor AML/CFT trends and ensure that the appropriate policies and procedures are implemented to mitigate the risk identified.
Review of compliance with the AML/CFT regulatory framework: The effectiveness of the SAR procedures and controls should be tested at least annually. Where a firm has one person responsible for compliance and reporting, Boards could mitigate the inherent conflict of interest by utilising the services of external party to test the appropriateness and effectiveness of their policies, procedures and controls on SARs. More information on how Aspida can help firms with this requirement.
Training: All relevant employees should be provided comprehensive ongoing training that must include the reporting of suspicion, the criminal and regulatory sanctions that can be applied to both the firm and individuals for failing to report suspicion, and the identity and responsibilities of the MLRO, MLCO and NO.
FIS guidance to improve suspicious activity reporting: All firms should ensure that they have incorporated the Guidance to Improve Suspicious Activity Reporting into their internal policies, procedures and controls.
Internal suspicious activity thresholds: The approach to internal reporting should be based on the size, nature and complexity of the business.
Timeliness of suspicious activity reports: Firms should ensure that their staff receive training on typical financial crime red flags to enable prompt identification of suspicion and make the resulting internal or external SAR.
Internal record keeping and controls: Firms are required to keep records of any internal SARs made to the MLRO or nominated officer and of any external SARs to the FIS. Records must include details of the actions taken by the MLRO and nominated officers, details of enquiries made and reasons for decisions not to externalise an internal SAR as well as reasons for making an external SAR.
Information to be provided to the FIS: A full account of the circumstances and grounds for suspicion and relevant documentation should be submitted to the FIS to enable the FIS to fully understand the purpose and intended nature of the business relationship/occasional transaction and the reasons for the suspicion
FIS requests for additional information: Firms should understand their responsibilities pertaining to providing information to the FIS upon receipt of formal notification from the FIS.
Tipping off: Firms should ensure that their AML/CFT Training covers tipping off.
Our Advisory Services Trainee Programme has been introduced to find our next generation of consultants which could lead to a career in Compliance, Cyber Security, Risk and Assurance, Governance, IT or ESG.