Recent robust enforcement action taken by regulators against banks could probably have been avoided had the banks maintained effective risk-based anti-money laundering and countering financing of terrorism (AML/CFT) policies and procedures, the Basel Committee on Banking Supervision says.
The Basel Committee, part of the Bank for International Settlements, blamed banks’ “lack of diligence in applying appropriate risk management policies, procedures and controls”.
The regulator has now issued final guidelines that describe how banks should include risks related to money laundering and the financing of terrorism (ML/FT) within their overall risk management framework. The new guidelines come after an earlier version was issued for consultation last June.
The guidelines list six “essential elements of sound ML/FT risk management”:
- Assessment, understanding, management and mitigation of risks: This includes a thorough understanding of the inherent ML/FT risks present in its customer base, products, delivery channels and services offered as well as the jurisdictions where the bank or its customers operate. It notes that the chief AML/CFT officer should be the contact point for all AML/CFT issues for internal and external authorities, including supervisory authorities or financial intelligence units (FIUs).
- Customer acceptance policy: This is to identify the types of customer that are likely to pose a higher risk of ML and FT
- Customer and beneficial owner identification, verification and risk profiling: The customer due diligence (CDD) guidelines make clear that when a bank is unable to complete CDD measures, it should not open an account, commence business relations or perform a transaction. However, it acknowledges that there may be situations where it would be permissible for customer verification to be completed after the establishment of the business relationship, but the bank will need to adopt appropriate risk management procedures including imposing restrictions under which a customer may make use of the banking relationship prior to verification.
- Ongoing monitoring: The Basel Committee reminds banks that their ability to effectively monitor and identify suspicious activity requires access to updated, comprehensive and accurate customer profiles and records.
- Management of information: Records need to be kept for at least five years after the termination of a banking relationship. Moreover, a bank should be able to demonstrate to its supervisors, on request, the adequacy of its assessment, management and mitigation of ML/FT risks.
- Reporting of suspicious transactions and asset freezing: The guidelines explain that funds used to finance terrorism may come from legal sources as well as criminal activity. In addition, transactions associated with the financing of terrorists may be conducted in very small amounts.
In a group-wide and cross-border context, the guidelines say that the group’s ability to obtain and review information in line with its global AML/CFT policies and procedures should not be impaired as a result of modifications to local policies necessitated by local legal requirements. “A bank should have robust information-sharing among the head office and all of its branches and subsidiaries,” the guidelines say.
The full guidelines can be found by clicking here.