An effective compliance regime includes policies and procedures and shows your commitment to prevent, detect and address non-compliance. Your compliance program has to include written policies and procedures to assess the risks related to money laundering and terrorist financing in the course of your activities.
The level of detail of these policies and procedures depends on your needs and the complexity of your business. It will also depend on your risk of exposure to money laundering or terrorist financing.
For example, the compliance policies and procedures of a small business may be less detailed and simpler than those of a large bank. However, your policies and procedures have to be in writing and be kept up to date, whether you are a small business, an individual or an entity. Several factors could trigger the need to update, as often as necessary, your policies and procedures, such as changes in legislation, non-compliance issues, or new services or products.
In addition, if you are an entity, your policies and procedures also have to be approved by a senior officer. A senior officer of an entity includes its director, chief executive officer, chief operating officer, president, secretary, treasurer, controller, chief financial officer, chief accountant, chief auditor or chief actuary, as well as any individual who performs any of those functions. It also includes any other officer who reports directly to the entity’s board of directors, chief executive officer or chief operating officer.
It is important that your compliance policies and procedures are communicated, understood and adhered to by all within your business who deal with clients or any property owned or controlled on behalf of clients. This includes those who work in the areas relating to client identification, record keeping, and any of the types of transactions that have to be reported to FIU or other Supervisory Authority. They need enough information to process and complete a transaction properly as well to identify clients and keep records as required.
They also need to know when an enhanced level of caution is required in dealing with transactions, such as those involving countries or territories that have not yet established adequate anti-money laundering or anti terrorist financing regimes consistent with international standards or when dealing with Political Exposed Persons (PEPs).
Your compliance policies and procedures should incorporate, at a minimum, the reporting, record keeping, client identification, risk assessment and risk mitigation requirements applicable to you. For example, in the case of your reporting obligations relating to terrorist property or suspicions of terrorist financing, your policies and procedures should include the verification of related lists published on the Consolidated United Nations Security Council Sanctions List.
Although directors and senior officers may not be involved in day-to-day compliance, they need to understand the statutory duties placed upon them, their staff and the entity itself.