From July 2021, the AML/CFT Act requires all reporting entities to complete an independent audit every three years – where previously it was every two years. The audit obligation is a systematic check of a reporting entity’s AML/CFT programme. It will assess whether the AML/CFT programme is functioning in practice and that the policies, procedures and controls in place are based on the money laundering and financing terrorism risks identified by that business.
Even though there are many firms that are AML compliant, companies still end up paying huge penalties to the authorities due to violations and deficiencies occurring in their compliance programme. With the time period between audits being increased, the rate of risk increases simultaneously as mistakes and deficiencies won’t be picked up in a timely fashion, leaving your firm vulnerable.
Customer Due Diligence Mistakes
A core part of the AML/CFT act is Customer Due Diligence (CDD). As BDO notes, it’s a “broad and complex point, so it’s not surprising at all that many reporting entities are attempting to comply yet falling just short of the mark”. Here are the most common areas where firms fail to comply with CDD.
1. Incomplete source of wealth information
Proving where your client’s funds or wealth has come from can be a tricky box to tick. Simple documentation such as payslips, work contracts and bank accounts will usually do the trick, however for larger and more unique cases, more due diligence is needed. It’s important to train your staff to understand when there is a trickier case, and for them to understand how these transactions could be a money laundering issue. Rather than having rigid checklists in place, it’s better to teach your staff what the red flags are, and how you can find out the legal source of funds in each transaction.
2. Additional requirements in your own compliance framework
As a firm, you establish your own set of rules – or compliance framework – that your business must follow. These rules at a minimum must meet the requirements of the Act, however some firms decide to take extra measures to be cautious. It’s important to ensure that each of your compliance framework measures are being followed, as a breach of your own rules will result in a breach of the Act itself.
3. Identity Verification Code of Practice (IVCOP) Compliance
The Amended Identification Verification Code of Practice 2013 is a guideline issued by the regulator, that states which forms of ID are acceptable ways to verify identity. Some of the guidelines in this document are: if originals can’t be used for ID, copies will need to be certified, and a drivers’ license alone isn’t enough to verify identity – you need more than one form of ID. Biometric Identity Verification tools are an excellent and easy way to keep compliant by scanning ID documents, verifying them with government agencies, and biometrically testing the identity of the user using a camera.
Common non-CDD related mistakes
Mistakes can arise in other areas of your compliance program, not just in the due diligence/customer onboarding process. This can include internal requirements that are imperative to ensuring your compliance program is a success.
4. Not self-monitoring
As part of the act, it is a legal requirement to self monitor your AML compliance – particularly the CDD element of this. Many firms believe that the three-yearly audit will suffice as self monitoring. It does not, and that is where some firms may fail this element of the audit process. It’s important to set up regular compliance checks to ensure that your firm is meeting all of your compliance framework requirements.
5. Vetting and training your staff
Training your staff on an ongoing basis is a legal requirement of the AML act. Not only is it legally required though, it is imperative that you do train your staff as this will ensure they are equipped with the knowledge to meet your compliance program, and therefore abide by the Act.
6. Appointing a Compliance Officer
It is important to appoint a full time compliance officer that will enforce the risk assessment and compliance framework in your business. This person must be a full time staff member – however they are allowed to undertake other responsibilities during their hours. Several businesses have made the mistake of employing a part time CO, and therefore not complying with the AML/CTF requirements.
About First AML
First AML streamlines the entire anti-money laundering onboarding and compliance process. Backed by real expertise, its cloud-based KYC Passport allows complex entities to share their verification across multiple companies and geographies, at their discretion.
Making an otherwise complex and manual onboarding process simple for clients and cost effective and compliant for businesses, First AML delivers efficiency and time savings, protecting reputations, and enabling companies to be on the right side of history in the face of global threats.