What is an AML Programme
This article explains the objective of an AML Programme and how to develop and maintain the same.
An AML programme represents the policies, procedures and controls a business will apply to meet their commitments of managing money laundering compliance obligations.
The AML programme is required to be updated following a review of the AML risk assessment. This order of priority ensures that the programme addresses the risks that the assessment has identified. Therefore if the risk assessment is inadequate then the business that is operating under that risk assessment has failed to meet its regulatory expectations. This is why a business must adopt an adequate methodology when performing an AML/CFT risk assessment.
As the AML programme represents policies, procedures and controls, it can be expected to be a comprehensive document. Some businesses elect to have the procedures set out in a separate document.
Structure of an AML Programme
A programme should have a contents index. This will assist staff to quickly decipher the chapter or page that they need to refer to. It also allows an auditor and AML supervisor to gauge, at a high level, the content of the programme.
The programme should set out what money laundering and financing of terrorism is. Brief information will be suitable.
An introductory paragraph of the nature, size and complexity of your business, including the products / services distributed, the number of branches and staff numbers is useful to third parties and any new employee who has taken on an AML/CFT role. You should then set out, in summary detail, the risks that your business presents to unwittingly facilitating money laundering or financing of terrorism. You will gain this knowledge from your AML risk assessment.
Policies
Throughout the programme you should set out the principles that your business will apply for mitigating and managing money laundering risks. It should be made clear that your business takes its obligations seriously and that any AML compliance breaches must be reported.
Your AML compliance officer is responsible for the ongoing maintenance of the programme. Senior managers are also obligated to have oversight. This includes Board members.
Procedures
For every policy principle that your programme stipulates, you need to describe how this will be applied in practice. Therefore for customer due diligence you should set out the principles as being the need verify that the customer is who they claim to be and obtaining knowledge of the nature and purpose of the customer’s relationship with your business. The procedures will set out how you achieve this objective. Examples of procedures for Know Your Customer (KYC) would include obtaining copies of relevant identity documents, such as a passport, national identity and driver licence, then independently verifying the document is valid and represents a true likeness to the customer. You are likely to also include KYC profiling.
Customer profiling will allow your business to know the extent of risk that the customer presents and the expected volume and value of transactions / activity that customer is likely to carry out.
Controls
The third aspect of your programme is to set out the controls you will apply to meet the policy and procedures. An example of controls for AML training includes keeping a record of each employee that has a role linked to AML/CFT and noting when their training was last undertaken and when it is due next. A further control for AML training may include a calendar reminder to prompt the training to commence.
Measuring Effectiveness
A compliance obligation often overlooked is making sure the programme remains adequate and effective. This can be achieved by measuring the strengths and weaknesses of each control. AML360 has a compliance review for your business to utilise. Your report includes 70+ hot-spots that auditors and AML/CFT Supervisors commonly review. Your report includes heat maps for quick interpretation and AML/CFT Act references to the compliance obligation.