AML/ CTF Control Plan

AML/ CTF Control Plan

The AML officer must ensure the appropriateness and effectiveness of the organisational and work
instructions established and of the business and customer-related internal protection systems of the
undertaking by means of risk-based monitoring activities, within the scope of a structured approach.

In principle, all key areas of the obliged entity’s operations must be included in this monitoring, including the risks for the individual business units.

The AML officer will implement this monitoring by means of his own risk-based audit activities or else through third-party audit activities.

Monitoring activities relate to transactions and business relationships which, on the basis of the obliged entity’s expertise, may entail money laundering or terrorist financing risks.

These monitoring activities are to be implemented independently of the retrospective audit obligations of the internal auditors.

Unlike the audits performed by the internal auditors, where necessary the AML officer will perform his monitoring activities in connection with the prevention of money laundering and terrorist financing during the course of a process, or at least promptly.

For the performance of his duties, the AML officer is moreover entitled to take samples without any
restrictions.

The AML officer must investigate transactions which are particularly complex or unusually large by comparison with similar transactions, which follow an unusual pattern of transactions or which are implemented without any obvious economic or legal purpose.

Risk-based audit plan

Checklist based on Section 56 (1) GwG

  1. Risk Identification and Assessment
  2. Risk Assessment Documentation and Regular Review
  3. Implementation and Monitoring of Internal Safeguards
  4. Operation and Updating of Data Processing Systems
  5. Compliance with Enforceable Orders
  6. Recording and Storing Information, Investigation Results, and Assessments
  7. Retention of Records or Evidence for Five Years
  8. Creation of Group-wide Uniform Arrangements, Procedures, and Internal Safeguards
  9. Effective Implementation of Group-wide Uniform Obligations and Internal Safeguards
  10. Compliance of Group Companies in EU Member States with AML Laws
  11. Ensuring Additional Measures in Third-Country Branches and Group Companies
  12. Adherence to Enforceable Orders for Group-wide Internal Safeguards
  13. Implementation of Specified Group-wide Internal Safeguards
  14. Implementation of Additional Specified Group-wide Internal Safeguards
  15. Identification of Contracting Party or Legal Representatives
  16. Verification of Contracting Party representing Beneficial Owner
  17. Identification of Beneficial Owner
  18. Obtaining and Evaluating Information on Business Relationship Purpose
  19. Determining Politically Exposed Persons (PEPs), Family Members, or Close Associates
  20. Continuous Monitoring of Business Relationships
  21. Determining Specific Scope of Due Diligence Measures
  22. Demonstrating Appropriateness of Internal Safeguards Based on Risks
  23. Compliance with Due Diligence Requirements
  24. Notification Requirement Compliance
  25. Establishment or Termination of Business Relationships; Execution of Transactions
  26. Timely Identification of Contracting Party, Legal Representatives, or Beneficial Owners
  27. Identification of Contracting Parties or Beneficial Owners
  28. Renewed Identification Requirements
  29. Collection of Required Information
  30. Establishing the Beneficial Owner’s Identity
  31. Verification and Monitoring of Transactions and Business Relationships
  32. Fulfillment of Enhanced Due Diligence
  33. Obtaining Senior Management Approval (in cases of High-Risk factor or PEP/RCA)
  34. Taking Required Measures as Specified
  35. Conducting Enhanced, Ongoing Monitoring of Business Relationships
  36. Gathering Information as Required
  37. Obtaining Senior Management Approval (in case of High-Risk Third County)
  38. Enhanced Monitoring of Business Relationships
  39. Examination of Transactions
  40. Enhanced, Ongoing Monitoring of Business Relationships
  41. Gathering Sufficient Information
  42. Obtaining Senior Management Approval (in case of cross-border correspondent relationship with respondents based in a third country)
  43. Determining and Documenting Responsibilities
  44. Taking Required Measures
  45. Compliance with Supervisory Authority Orders
  46. Allowing Players to Gamble
  47. Acceptance of Deposits or Other Repayable Funds
  48. Allowing Transactions in Specified Ways
  49. Fulfillment of Information Obligations
  50. Conducting Transactions on a Payment Account
  51. Specifying Payment Purpose Upon Supervisory Authority Request
  52. Complete and Timely Identification
  53. Delegation of Due Diligence to Third Parties in High-Risk Third Countries
  54. Timely Provision of Information
  55. Management of Information on Beneficial Owners
  56. Notification Obligation Fulfillment
  57. Unauthorized Electronic Notification to the Registrar
  58. Fulfillment of Notification Obligation (General)
  59. Fulfillment of Notification Obligation (Specific)
  60. Compliance with Documentation Obligation
  61. Management of Beneficial Owner Information
  62. Notification Obligation Fulfillment (Specific)
  63. Correction of Inaccurate Notifications
  64. Access to Transparency Register under False Pretenses
  65. Notification Obligation Fulfillment by Obligated Parties
  66. Provision of Information or Documents by Obligated Parties
  67. Compliance with Information Requests
  68. Adherence to Orders or Instructions
  69. Submission of Reports
  70. Timely Reporting Post-Detection
  71. Compliance with Prohibitions
  72. Provision of Information as Required
  73. Provision of Information and Documents
  74. Tolerance of Inspections

Checklist based on Section 56 (2) GwG

  1. Appointment of a Member of the Management Level
  2. Appointment of an Anti-Money Laundering Officer (AMLO) or Deputy
  3. Compliance with Enforceable Orders for Anti-Money Laundering Officers (AMLOs)
  4. Appointment of a Group Anti-Money Laundering Officer (GAMLO)
  5. Management of Business Relationships and Transactions
  6. Execution of Transactions contrary to Regulations
  7. Notification of Contracting Parties, Clients, or Third Parties in Violation of Regulations

Sources:

https://www.bafin.de/SharedDocs/Downloads/EN/Aufsichtsrecht/dl_gwg_en.html

https://www.bafin.de/SharedDocs/Downloads/EN/Auslegungsentscheidung/dl_ae_auas_gw2021_en.html

https://www.gesetze-im-internet.de/gwg_2017/__56.html