Are we doing enough?
Johanna B?ck
Managing Director & Co-Team Head Advisense | Board Director SweFinTech | Subject Matter Expert | ex S-FSA
In all of my years of conducting independent reviews of AML/CTF programs, I have heard this question infinitely many times: Are we doing enough? The risk-based approach, which on a good day gives businesses a certain amount of freedom to take the measures and prioritize their resources in way they find they deem appropriate, is on a bad day just confusing and indefinable.
To keep up with regulation and to get a better picture of authority's expectations and industry practice, it is a good idea to consider an external review once in a while. An impartial assessment of your AML/CTF program helps you to check that you’re complying with your program and that it properly addresses your money laundering and terrorism financing risks as well as complies with your legal obligations.
This is something that regulators also have highlighted. In the updated ML/TF Risk Factors GL, the new Guideline 7.2 is introduced which states that firms should consider whether an independent review of their approach may be warranted or required.
The EBA notes that firms shall ensure that their approach to AML/CFT is effective and in line with applicable legal and regulatory obligations. As part of this, firms should consider whether an independent effectiveness review of their AML/CFT systems and controls is needed and if it is needed, what its scope should be. The review could for example take place on all or some of its policies, controls and procedures depending on the need. In any case, firms should be able to justify their approach to their competent authority.
How you have your AML/CTF program independently reviewed, and how often, depends on the size, nature and complexity of your business or organisation. Your risk assessment should also help you plan your independent reviews. High-risk organisations, businesses that grow and changes often or businesses where there are or have been difficulties complying are all factors that indicate that more frequent reviews may be needed.
When choosing an independent reviewer, it is a good idea to consider both that the reviewer understands your products and your business, as well as has a deep understanding of, not only regulation, but AML/CTF risks. An experienced reviewer should also be able to provide you with well-proven methodology and a fitting scope.
So, if you are in a place where you ask yourself the question Are we doing enough? please reach out if you would like to discuss and learn more!