Chapter 3 - Policies, Procedures and Controls Required of Firms Flashcards
What is a risk to financial firms associated with ISAs or pensions?
Tax evasion
What are the types of risks that a firm would have to consider?
- Risk posed by customers - PEP, high risk jurisdiction, high risk business.
- Risk posed by customer behaviour - patterns, trends, requests for secrecy, transfers to mask origin of funds, is an account operator willing to disclose the beneficiaries.
- Risks posed by the way the customer became a customer - was due diligence performed, was a financial intermediary involved, was the intermediary’s due diligence adequate, was the customer acquired through distance comms.
- Risk posed by the products/services the customer is using - Does it allow 3rd party payments, could it be used for ML or TF.
What are controls that can be used to prevent internal fraud?
Quality control checks (ensure accuracy of processing), segregation of duties (work must pass through different departments before payments are made).
What are controls that can be used to prevent against ML and TF?
- Customer identity checks - varied depending on the ML/TF risk of customer.
- Customer due diligence - Documentary/electronic/3rd party assurance.
- Monitoring transactions
What factors must a firm’s senior management consider when deciding on the most appropriate controls?
- Cost
2. Risk appetite
How often should a firm revisit it’s ML/TF risk assessment process?
At least annually.
Where should the results of the firm’s assessment of the ML/TF risk be included?
In the MLRO’s annual report
What are the key criteria for a AML/CTF training programme?
- Understanding of risk and corresponding controls.
- Staff responsibilities - obtaining sufficient ID, recognising and reporting suspicions
- Identity and responsibility of nominated officer or MLRO.
- Impact on firm, employees and customers for breach of any law on ML or TF.
- Content and frequency of training should reflect the risk assessment.
- Assessment at the end of the training to ensure it is effective.
What types of additional training should be provided to certain employees?
- Training on potential fraud activity.
- Criminal law relating to ML and TF.
- Regulations and guidance issued by regulator.
Who is eligible to raise an internal report regarding suspicions of ML or TF?
All staff
How soon must the MLRO inform the relevant LEA of a suspicion?
ASAP if they believe their internal reports are credible.
Can a firm continue with a transactions after reporting it to the LEA?
No, they must obtain consent from the LEA before proceeding.
If a firm identifies a customer on a sanctions list or terror list, what must they do?
- Freeze assets
- Inform LEA in its home state.
What are the record keeping requirements for suspicious activity reports?
- Details of disclosures
- Reason why a SAR or STR was/was not submitted
- Any comms with the LEA
- Details of any need for consent to proceed with transaction and details of the consent.
