Chapter 31 Flashcards
What records have no retention period officially specified?
- Internal reports
- The MLRO’s consideration of internal reports
- Any subsequent reporting decisions
- Issues connected to consent, production or documents and similar matters
- suspicious activity reports
Although suggested these records are kept for 5 years
Where should internal and external SARs be located?
Separately and securely
What’re the requirements regarding deletion of personal data?
Once the periods specified have expired, the business deletes any personal data unless:
• The business is required to retain it under statutory obligation; or
• The business is required to retain it for legal proceedings; or
• The data subject has consented to the retention
How many years after the end of the business relationship is a company no longer required to keep any records?
10 years
Someone accused of a failure-to-disclose offence has a defence if what?
- They don’t know or suspect that someone has engaged in ML even though they should have
- Their employer had failed to provide them with the appropriate training
This defence is likely to put business at risk of prosecution for a regulatory breach
Do training programs for AML need to be tailored to each business area?
Yes
What needs to be included in the records with regards to AML training?
- Who has received training
- The training received
- When training took place
- Any test results
