Credit unions

 

Policies and procedures

Credit Unions (CU) should have a well written policy and procedure in place on AML. A well written policy will help facilitate a knowledgeable Board, well informed staff/volunteers and allow ease of effective review by the supervisory committee.

Examples of good practices

  • Credit union Board (CU) sat down and worked out what the JMLSG guidance meant for them and produced an AML policy and procedure.
  • CU carried out a formally recorded, full assessment of risk to and from members relating to money laundering and identity theft opportunities.
  • Member details are regularly refreshed when a member applies for a loan. A general reminder to register any changes is issued with the members' annual statement.
  • CU has robust record-keeping policies and procedures when confirming members' identity. We saw examples, where the facilities existed, of photocopies of these documents being retained. Where the facilities did not exist, CUs made a note of the documents seen and of relevant details (e.g. reference numbers, date and place of issue).
  • CUs implement effective processes to confirm identity of juvenile members. We saw examples where the CU verified the identity of these members by using a confirmatory letter from school or ID of an introducing adult and the juvenile's birth certificate or passport etc.
  • CU staff/volunteers interviewed during the visits had a good day to day knowledge of their membership and saw this as a way of reducing the AML risk.

Examples of poor practices

  • CU did not know what the JMLSG Guidance was and was not aware of the credit union specific guidance to be found in section 2.
  • CU was not aware of the potential risk of money laundering and of potentially suspicious or unusual transactions. As a consequence, no effective transaction monitoring was carried out and volunteers/staff did not know how to recognise suspicious transactions.
  • CU did not have a formal AML policy, procedure or appropriate documentation. As a result the board were unable to demonstrate knowledge, staff/volunteers were unaware of formal policies and procedures and the supervisory committee could not, as a result, effectively review the credit union controls in this respect.
  • CU did not have a process for ensuring the data they held about their members was kept up to date (e.g. changes of address, employment).
  • We saw examples of general correspondence such as an advertisement letter for a satellite system, being used to confirm a member's identity. CUs were failing to make a note of or properly record the documents seen to confirm a member's identity and of any applicable reference numbers. Some CUs were even unaware of what documents were appropriate to verify an individual's identity.
  • Poor or no controls in place to properly verify a junior member's identity. Where a junior member joins the CU and their parent is not a member of the CU, CUs were failing to verify the identity of the adult as well.

Back to topBack to top

Training

Training of all directors, volunteers and staff forms an important part of the anti money laundering process, increasing individuals' knowledge of the reasons behind the rules and guidance and their individual responsibilities in combating financial crime. Training will also help staff/volunteers identify unusual behaviour or transactions that could be indicative of money laundering or transaction fraud and will form the basis of effective AML controls.

Examples of good practices

  • CUs made sure all staff were adequately trained on their AML responsibilities, with this training being assessed (role plays, test etc), to ensure it was understood and recorded. This training was provided on a 2 year cyclical basis.
  • Where CUs could not afford AML training provided by a trade body, they sought innovative ways of fulfilling this requirement. This included using their local chapter or contacting the local police for a representative to come and deliver the necessary training.
  • CU staff/volunteers were aware of the different forms of money laundering (e.g. large one off deposits, 'smurfing', loans) and had adequate transaction monitoring processes in place to spot potentially suspicious transactions.
  • CU staff were able to ascertain the source of funds without tipping off. It is a criminal offence for anyone to do or say anything that might ‘tip-off’ someone else that they are under suspicion of acquiring, retaining, using or controlling proceeds of crime. That applies whether or not any report has been made to SOCA.
  • CU staff were aware of the implications and repercussions to themselves if they were complicit in money laundering or guilty of tipping off.

Examples of poor practices

  • Staff had little or no training on AML relying only on common sense approach. This led to staff not being aware of what constituted a suspicious transaction. AML refresher training was not provided to staff
  • No training provided, staff/volunteers were unaware of the CUs own policies and procedures.
  • Staff and volunteers held the view that money laundering was not possible in a CU.
  • Staff and volunteers were unaware of the need to investigate suspicious transactions
  • Staff and volunteers were unaware of the implications and repercussions to themselves of the failure to abide by AML rules.
 

Back to topBack to top

Money Laundering Reporting Officer (MLRO)

The role and responsibilities of the MLRO are central to the AML process. Our rules on AML arrangements require firms to appoint a MLRO and to allocate overall responsibility for effective AML controls to a director or senior manager (who can also be the MLRO).

Examples of good practices

  • The MLRO had a job description/role profile clearly setting out the parameters of the role.
  • The MLRO compiled a regular report to the board and this is discussed as a standing item on the agenda
  • CU has a good process for highlighting suspicious transactions to the MLRO, with a receipt being given to the staff member concerned to confirm that report had been received.
  • Staff members were aware of the MLRO's identity and the process for reporting suspicious transactions.
  • All suspicious transactions were to be officially reported to the MLRO, who then decided whether to refer them on to SOCA (Serious Organised Crime Agency).
  • The decision to refer a Suspicious Activity Report (SAR) to SOCA was a decision for the MLRO. The SAR was not openly discussed within the CU.

Examples of poor practices

  • MLRO responsibilities not formalised by CU
  • The MLRO does not produce a report to the Board and AML is rarely – if ever – discussed at board meetings
  • Poor process for referring a Suspicious Activity Report (SAR) to the MLRO. SARs left out in the open allowing for them to be tampered with or removed before they could be received by the MLRO. No system of acknowledgement of the SAR by the MLRO to the original reporter.
  • No MLRO in place. Staff not adequately aware of CU's own policy and procedure.
  • CU not aware of the updated reporting process to SOCA – procedural notes still referred to NCIS
  • Decision to refer a SAR to SOCA was a joint decision made by the board.

Back to topBack to top