Anti-money laundering (AML) and combating terrorist financing (CTF)
17 November 2006
What are your responsibilities?
All regulated firms have regulatory and legal obligations aimed at combating financial crime. Our self assessment tool will help you consider some of the things you should be thinking about to make sure you are meeting your responsibilities.
Anti-money laundering self assessment tool [PDF]
Where are these obligations set out?
Firms have regulatory obligations under the FSA Handbook (SYSC).
Practical assistance can be found in the Joint Money Laundering Steering Group (JMLSG) Guidance. This outlines good practice on how to comply with their legal and regulatory obligations.
The FSA Handbook
We recently (August 2006) replaced detailed rules with high level-provisions.
The new money laundering provisions put a clear focus on senior management responsibility for AML and CTF systems and controls. It gives firms' senior management, no matter what size of firm, flexibility to implement systems and controls in the most appropriate way for their firms.
JMLSG Guidance
The JMLSG Guidance provides authoritative good practice guidance on effective mitigation of money laundering and terrorist financing risk. It is a key resource firms should draw on when designing and implementing their systems and controls. The Guidance is available free of charge in PDF format from the JMLSG website.
The JMLSG Guidance is split into two sections: Part I sets out generic guidance which is relevant to all firms; and Part II contains sector specific additional material relevant to financial advisers including in Chapters 6 & 7. The JMLSG advises that the sector guidance must be read in conjunction with the main guidance set out in Part I.
The FSA, when considering whether a firm has breached our money laundering rules in SYSC, will have regard to whether the firm has followed the relevant provisions of the JMLSG Guidance.
Our thematic work
Following the move to a more principles-based approach to anti money laundering, we recently undertook thematic work to assess the systems and controls in small financial adviser firms for preventing money laundering and combating terrorist financing.
We found that most firms within our sample had reviewed their procedures in light of the changes to the money laundering requirements in the FSA Handbook. The FSA expects firms either to be following the Guidance or to be doing something else that delivers the same standards of risk mitigation (and meets firms' legal obligations).
We have highlighted the key areas to focus on below, along with some of our findings. To consider the questions you should be asking yourself and your firm, please see our AML/CTF self assessment tool [PDF].
Senior Management Responsibility
The ultimate responsibility for a firm's systems and controls lies with the senior management. A large number of firms within our project sample used compliance consultants to help review and formulate their AML policy and procedures. Whilst this is a perfectly acceptable practice, there is a risk that firms have comprehensive procedures but senior managers do not ensure they are tailored to their firm. There is also a risk that senior management within the firm do not completely understand how these procedures are helping them to manage their money laundering and terrorist financing risk. This would not be acceptable as we will hold firms responsible for any policies and procedures they adopt. Whether firms use consultants or not, it remains the responsibility of a firm to ensure that they have AML procedures which are relevant to the business of the firm and understood and followed by all staff.
Relevant rules and guidance
SYSC 1.2.1G & 3.2.6H R
JMLSG Guidance, Part I, Chapter 1
MLRO reports
The role of the MLRO report is to bring to the attention of senior management how effective AML / CTF systems and controls are and where improvements are required. Firms should consider what goes in to, and how they respond to, the information in MLRO reports. We found that some firms used templates provided by compliance consultants to produce the MLRO report. Again, whilst this is an acceptable practice, firms must be able to demonstrate that they are considering how effective their controls are, where improvements are needed and how improvements will be made.
Relevant rules and guidance
SYSC 3.2.6G (2) G
JMLSG Guidance, Part 1, Chapter 3, 3.29 – 3.37
Risk Based Approach
The risk based approach allows senior management the flexibility to develop and manage their firm's business process to prevent money laundering and combat terrorist financing. This enables firms to channel their resources where they would be most effective and where the risk is greatest. Firms need to understand the AML risk posed to their business by their customers and the business they transact. Firms must identify, assess, monitor and manage their money laundering and terrorist financing risk, and document their risk management policies and risk profiles. This should be kept under review. Such processes need to be proportionate to the business.
Some firms were unclear about what was meant in respect of money laundering risk. The JMLSG provides guidance on this, both in terms of customers and transactions. Whilst we found that few higher risk transactions had been carried out by the firms that were visited, firms should consider the greater risk posed by, for example, execution only customers, non face to face customers, Non EU customers, insistent customers and transactions on the secondary market, which may require enhanced due diligence procedures.
Relevant rules and guidance
SYSC 3.2.6R, 3.2.6A R, 3.2.6B G, 3.2.6F G, 3.2.6G(3) G, 3.2.6G(4) G
JMLSG Guidance, Part I, Chapter 4, Part II, Sector 6, 6.7 -6.10 & 7.1 – 7.27
Customer Due Diligence (CDD)
Firms should consider the reliability of the identification documents they accept. They should also ensure that their CDD procedures are robust and proportionate to any transaction. Enhanced due diligence may be required for higher risk customers and transactions. Identification procedures were found to be adequate in firms in the sample, but we found that firms continue to follow the practice recommended in the 2003 edition of the JMLSG Guidance.
The revised JMLSG Guidance offers firms the opportunity to streamline their identification procedures, particularly where money laundering risks are low. We would encourage firms to review their policies and procedures in line with the JMLSG Guidance and implement changes where appropriate.
Less than half of the firms had procedures for checking the Bank of England Sanctions list. Firms in the UK are subject to a range of UK and EU legislation over sanctions, which in essence requires them not to have any dealings with certain named individuals or organisations. Firms need to be aware of the sanctions list and, therefore, should have in place systems and controls for complying with their legal obligations. The nature of these systems and controls will depend on the size of the firm and the risks posed by their customers and the geographical area in which they operate. Further detail on the list can be found on the Bank of England Website.
Relevant rules and guidance
SYSC 3.2.6G(4) G, SYSC 3.2.6(5) G
JMLSG Guidance, Part I, Chapter 5, Part II, Sector 6: 6.11-6.17
Training
Firms in the sample were found to give specific AML training but not all tested its effectiveness. We also found that most training was not tailored to the specific roles of staff in each firm. Staff are one of the first lines of defence against money laundering and terrorist financing. When delivering training each firm must train staff on their legal obligations and how to recognise and deal with suspicious transactions. Consideration should also be given to adapting training to make it relevant to the risks posed to the firm, and to the roles that staff undertake.
Relevant rules and guidance
SYSC 3.2.6G(1) G
JMLSG Guidance, Part 1, Chapter 8, Part II, Sector 6: 6.24 – 6.25
Suspicious Activity Reporting
All firms have a legal obligation to report where there is knowledge or suspicion, or reasonable grounds for knowledge or suspicion of money laundering or terrorist financing. We found that very few suspicious activity reports had been made by firms in the sample, but procedures were in place in the vast majority of cases. However, staff spotting suspicious activity require effective and appropriate training as to what this activity might look like. This might include indicators or illustrations on the type of situation which might give rise to suspicious activity. There should also be a culture where staff can make confidential reports. Firms' procedures must also be clearly understood and accessible.
Relevant rules and guidance
JMSLG Guidance, Part 1, Chapter 7, Part II, Sector 6: 6.22 – 6.23