Review of principles and procedures

Review of principles and procedures

Effective AML and CTF efforts are critical to combating illicit financial activities and ensuring the integrity of financial systems. The review of principles, procedures, and controls plays a pivotal role in achieving this objective.

The review of principles, procedures, and controls is an integral part of AML and CTF efforts, as highlighted by the 4th AMLD, the German GwG, and associated guidance. It encompasses various facets, including risk management, personnel responsibilities, group-wide coordination, technology adaptation, employee reliability, and continuous training. Ultimately, an effective review process ensures that businesses are equipped to prevent and detect illicit financial activities, contributing to the broader goal of safeguarding the financial system and promoting transparency.

Business- and customer-related Internal Controls and Safeguards

Internal Principles, Procedures, and Controls:

Dealing with Risks
  • AML regulations, such as the 4th AMLD and GwG, require businesses to establish internal principles, procedures, and controls to address risks associated with money laundering and terrorist financing.
  • These measures should be tailored to the specific risks faced by the obliged entity, considering factors like the nature of their business and customer base.
Customer Due Diligence
  • Adequate customer due diligence (CDD) procedures are essential for identifying and verifying the identities of customers.
  • Entities must establish and maintain effective CDD measures, including verification of customer information, risk assessments, and ongoing monitoring.
Compliance with Reporting
  • Compliance with reporting obligations is crucial. Businesses must report suspicious activities promptly to relevant authorities.
  • Detailed procedures should be in place to ensure accurate reporting, and these procedures must be regularly reviewed and updated.
Recording of Information and Retention of Documents
  • To maintain transparency and compliance, businesses must record relevant information and retain documents.
  • Adequate document retention policies ensure that records are kept for the required duration, as specified by regulations like GwG.
Compliance with Other Provisions under AML and CTF Law
  • AML and CTF laws encompass various provisions, including those related to sanctions, beneficial ownership, and politically exposed persons (PEPs).
  • Businesses should have controls and procedures in place to ensure compliance with all relevant provisions.

Money Laundering Officer and Deputy

  • Appointing a Money Laundering Officer (MLO) and a deputy is a legal requirement in many AML frameworks, including the German GwG.
  • The MLO and deputy are responsible for overseeing and implementing AML and CTF measures within the organization.

Group-Wide Procedures

  • In cases where an obliged entity is a parent company of a group, group-wide procedures must be established.
  • These procedures ensure consistency and coordination of AML and CTF efforts across the entire group.

Measures to Prevent the Abuse of New Products and Technologies

  • Emerging products and technologies can present new opportunities for money laundering and terrorist financing.
  • Businesses should continuously develop and update measures to prevent the misuse of these innovations, ensuring they remain compliant and secure.

Reliability Screening of Employees

  • Ensuring the integrity of employees is crucial. Reliable screening mechanisms, such as background checks, should be in place.
  • Internal systems can be used for controlling and evaluating staff reliability and trustworthiness.

Initial and Ongoing Training of Employees

  • Employees are often the first line of defense against money laundering and terrorist financing.
  • Comprehensive training programs should cover typologies, current methods, relevant legal provisions, obligations, and data protection rules. This training is not a one-time event but an ongoing process to keep employees updated.

4th AMLD

Article 8(4)(b) of the 4th Anti-Money Laundering Directive (Directive (EU) 2015/849) outlines a requirement regarding the review and testing of internal policies, controls, and procedures within businesses for the prevention of money laundering and terrorist financing.

This provision states that the policies, controls, and procedures mentioned must include, where it is deemed appropriate based on the size and nature of the business, an independent audit function. This independent audit function is responsible for testing the effectiveness and compliance of the internal policies, controls, and procedures mentioned in point (a) of the same article.

In essence, this article emphasizes the importance of having a mechanism in place to assess the adequacy and efficiency of the anti-money laundering and counter-terrorist financing measures within a business.

The requirement for an independent audit function underscores the need for objective evaluation to ensure that the established policies and controls are effective and compliant with the directive’s provisions. The appropriateness of the audit function’s scope and depth should be tailored to the specific characteristics of the business, taking into consideration factors such as its size and nature.

German GwG

Under Section 6(2)(7) of the German Geldwäschegesetz (GwG), obliged entities are required to perform an independent inspection to review their „principles and procedures.“

These principles and procedures encompass a range of internal controls and safeguards related to anti-money laundering and counter-terrorist financing.

  1. Internal Principles, Procedures, and Controls:
    • Dealing with various risks
    • Implementing customer due diligence
    • Ensuring compliance with reporting requirements
    • Recording and retaining information and documents
    • Adhering to other provisions under anti-money laundering and counter-terrorist financing laws.
  2. Appointment of Money Laundering Officer: The obligation to appoint a money laundering officer and a deputy to oversee and manage anti-money laundering efforts.
  3. Group-Wide Procedures: In cases where the obliged entity is a parent company within a group, the establishment of procedures that apply across the entire group to ensure consistency in anti-money laundering measures.
  4. Preventing Abuse of New Technologies: Developing and regularly updating measures to prevent the misuse of emerging products and technologies for money laundering or terrorist financing purposes and for promoting the anonymity of business relationships or transactions.
  5. Employee Reliability Screening: Screening employees through appropriate means, particularly using systems within the obliged entity to assess and appraise staff reliability and integrity.
  6. Employee Training: Providing initial and ongoing training to employees, covering typologies and current methods of money laundering and terrorist financing, as well as relevant provisions and obligations, including data protection rules.

It’s important to note that these measures are considered appropriate only when they align with the specific risk profile of the obliged entity and adequately address those risks.

The independent inspection is conducted to verify the effectiveness and compliance of these principles and procedures.

The scope and depth of the review should be proportionate to the nature and size of the business, ensuring that the measures are tailored to the entity’s risk situation.

BaFin-Interpretation and Application Guidance on the German GwG

The BaFin-Interpretation and Application Guidance on the German Geldwäschegesetz (GwG) focuses on the „Review of principles and procedures“ related to internal safeguards for combating money laundering and terrorist financing.

  1. Independent Audit: Obliged entities must conduct an independent audit to review their internal principles and procedures. This audit can be conducted by internal auditors or external audit agencies but must align with the nature and scale of the obliged entity’s business.
  2. Complement to AML Officer’s Monitoring: The independent review required under Section 6(2) No. 7 of the GwG is in addition to the monitoring obligations of the Anti-Money Laundering (AML) officer and includes the field for which the AML officer is responsible.
  3. Scope and Frequency: Internal auditors or internal/external audit agencies should review compliance with all anti-money laundering obligations. Typically, an annual risk-appropriate review of segments is sufficient, provided that all segments undergo a review within a three-year cycle.
  4. Assessment Criteria: The audit reports must assess whether the safeguards established by the obliged entity to combat money laundering and terrorist financing are appropriate, feasible, up-to-date, and effective. They must also verify that the AML officer has fulfilled assigned tasks.
  5. Coverage of Duties: The assessment should cover all duties listed in the GwG, but the auditor may choose to focus on a representative sample. The sample size should be proportionate to the total number of transactions subject to anti-money laundering obligations and recorded under Section 8 of the GwG, with the ratio of the sample size to total transactions indicated in the audit report.
  6. Report Retention: Regardless of other retention periods, the audit reports must be kept for five years in accordance with Section 8(4) of the GwG.
  7. Access to Information: The body conducting the review must be granted full access to all relevant information, documents, and files concerning customers, individuals acting on behalf of the contracting party, beneficiaries, beneficial owners, business relationships, and transactions within these relationships.

In summary, this section underscores the importance of conducting regular and thorough independent audits to review the adequacy and effectiveness of internal safeguards against money laundering and terrorist financing. The audit process should encompass all duties outlined in the GwG, with reports retained for an extended period and auditors granted access to relevant information for their assessments.