FATF's Draft - Information Sharing Public Consultation
Group compliance at head office must not assume the full burden of assessing money laundering and terrorist financing within multinational banks, the Financial Action Task Force (FATF) has said.
Each operation within a global financial institution must have its own assessment responsibility and equally it may need information from group compliance, it said in new draft guidance on private sector information sharing.
"For this purpose, a local operation of a multi-national group in a given jurisdiction would equally require access to information from group compliance or from other parts of the group that is relevant to its own risk assessment," the draft guidance said.
The draft guidance specifies group compliance and its information sharing for the first time, a FATF spokeswoman confirmed. It is based on an existing principle that financial institutions should have policies, controls and procedures to enable them to assess and manage the AML/CTF risks proportionately.
"This will help bring specificity to risk identification and mitigation process, taking into account geographical, customer, product and other risk parameters," the spokeswoman said.
A group should have a mechanism to decide when its operations must assess multi-jurisdictional risk in a client relationship and when it would be justified or required to share customer or transaction information across locations, the draft guidance said.
For an effective group-wide compliance programme, financial institutions should understand the ML/TF risk they are exposed to on a global basis, and information from branches, subsidiaries, affiliates and other parts of its business should feed into the risk assessment, it said.
Information shared by a financial institution with group compliance on identified misuse of products and measures taken to mitigate the risks may help the group to take a consistent approach, the draft guidance said.
Sharing information related to a suspicion of terrorist financing should not cause a delay in submitting a suspicious transaction report in the host jurisdiction where the suspicion arose or the transactions happened, it said.
Clarity about data protection and other issues may help an efficient application of obligations, the draft guidance said.
"In some cases, data protection principles have been cited as preventing appropriate risk profiling of customers for CDD purposes. This may be considered to inhibit consolidating and sharing of such information at the financial group level," it said.
According to FATF, the final guidance will also cover information sharing between financial institutions which are not part of the same group, which could include in correspondence relationships and wire transfers.
The FATF consultation closes on July 31, 2017.