Preparing For 2018: Is your company's AML/CFT system effective? How can you assess compliance with FATF’s Immediate Outcome Four?
In recent times, there has been increasing international pressure on offshore financial centers to prove their Anti-Money Laundering and Countering the Financing of Terrorism (AML and CFT) compliance. We all read about the Panama Papers, the US Department of Justice criticizing Ireland over shell companies issue and even Jeremy Corbyn, leader of the British Labour Party suggesting that the British Government consider intervening in the running of any overseas territory not in compliance with UK tax laws.
It is now more imperative than ever that companies attain compliance with the revised ATF/CFT standards set forth by Financial Action Task Force (FATF), an intergovernmental body that propagates guidance for AML standards to governmental bodies.
In 2018, Caribbean Financial Action Task Force (CFATF) will be evaluating how effective Bermuda’s AML/CFT system is. CFATF is an organization of states and territories of the Caribbean basin which have agreed to implement common counter-measures against money laundering. This means Bermuda will have to show its effectiveness in two areas – its technical compliance with the FATF recommendations, and their effective implementation.
The technical compliance with the FATF recommendations relates to the legal and institutional framework of Bermuda, and the powers and procedures of its competent authorities. These represent the fundamental building blocks of an AML/CFT system.
The effective implementation of the FATF recommendations focuses on the extent to which Bermuda is producing the expected results or the extent to which the defined outcomes are achieved. The effective implementation is not measured solely by meeting a specific FATF requirement or all elements of a given FATF recommendation, but is measured by judging whether the required outcomes are achieved or not.
For assessing any country’s effectiveness, FATF has adopted eleven defined outcomes, known as TheEleven Immediate Outcomes. Let’s look at the requirements of the fourth immediate outcome which concerns the private sector.
Immediate Outcome Four states that the Financial Institutions (FIs) and Designated Non-Financial Business or Profession (DNFBFs) should adequately apply AML/CFT preventive measures that are commensurate with their risks, and report suspicious transactions. It measures whether the FIs and DNFBFs have adequately assessed and understood their exposure to money laundering and terrorist financing risks, whether their policies, procedures and internal controls adequately address these risks, and whether regulatory requirements are properly implemented.
Ask yourself these questions while determining if this outcome is achieved:
What are your AML/CFT risks and obligations?
Have you undertaken a business risk assessment to evaluate and identify your risk profile?
Which mitigating risk factors have you applied to combat money laundering and terrorist financing risk?
Are your Customer Due Diligence (CDD) and record-keeping measures appropriate with respect to your risks?
What controls do you have in place to stop the transaction or business if the appropriate CDD is not completed?
What factors do you take into account while applying enhanced due diligence measures for high risk customers?
What procedure do you have in place to report suspicious activity to the Financial Intelligence Agency (FIA)?
What procedures do you use to prevent tipping-off?
What internal controls and procedures have you applied to ensure compliance with AML/CFT requirements?
Completing these checks and designing risk based compliance policies and procedures for businesses can help lead the way to a safe and worry-free 2018.