From June 2017, the Money Laundering Regulations 2017 (MLR 2017) requires all reporting entities to establish an audit function to audit their compliance with the regulations and assess the effectiveness of the firms’ systems and controls. The audit obligation is a systematic check of a reporting entity’s AML/CFT programme and it can be either internal or external. It will assess whether the AML/CFT programme is functioning in practice and that the policies, procedures and controls in place are based on the money laundering and financing terrorism risks identified by that business.
Even though there are many firms that are AML compliant, companies still end up paying huge penalties to the authorities due to violations and deficiencies occurring in their compliance programme. With the time period between audits being left up to your firm, the rate of risk increases as mistakes and deficiencies won’t be picked up in a timely fashion, leaving your firm vulnerable.
Customer Due Diligence (CDD) Mistakes
A core part of the UK’s AML framework is Customer Due Diligence (CDD). As BDO notes, it’s a “broad and complex point, so it’s not surprising at all that many reporting entities are attempting to comply yet falling just short of the mark”. Here are the most common areas where firms fail to comply with CDD.
- Incomplete source of wealth information
Proving where your client’s funds or wealth has come from can be a tricky box to tick. Simple documentation such as payslips, work contracts and bank accounts will usually do the trick, however for larger and more unique cases, more due diligence is needed. It’s important to train your staff to understand when there is a trickier case, and for them to understand how these transactions could be a money laundering issue. Rather than having rigid checklists in place, it’s better to teach your staff what the red flags are, and how you can find out the legal source of funds in each transaction.
- Additional requirements in your own compliance framework
As a firm, you establish your own set of rules – or compliance framework – that your business must follow. These rules at a minimum must meet the requirements of the Act, however some firms decide to take extra measures to be cautious. It’s important to ensure that each of your compliance framework measures are being followed, as a breach of your own rules will result in a breach of the Act itself.
- An exit plan for your CDD data
UK AML laws say that you must retain your CDD data for 5 years following the end of the business relationship, at which time you must destroy the data unless you are granted permission from your client. When you hit your five years, an auditor/regulator is going to be looking at what you are doing with the personal information you have collected. It’s worth sitting down with your data protection team and figuring out how to dispose of the information when the time comes.
Common non-CDD related mistakes
Mistakes can arise in other areas of your compliance program, not just in the due diligence/customer onboarding process. This can include internal requirements that are imperative to ensuring your compliance program is a success.
- Not self-monitoring
As part of the act, it is a legal requirement to self monitor your AML compliance – particularly the CDD element of this. It’s important to set up regular compliance checks to ensure that your firm is meeting all of your compliance framework requirements.
- Vetting and training your staff
Training your staff on an ongoing basis is a legal requirement of the AML regulations – it is recommended to train them at least once every two years. Not only is it legally required though, it is imperative that you do train your staff as this will ensure they are equipped with the knowledge to meet your compliance program, and therefore abide by the Act. This is also important if you have any technology that assists your company in your AML processes. Do your staff understand the criteria for passing or failing an ID or sanctions check?
- Appointing a Money Laundering Reporting Officer (MLRO)
It is important to appoint a full time MLRO that will enforce the risk assessment and compliance framework in your business. This person must be a full time staff member – however they are allowed to undertake other responsibilities during their hours. Several businesses have made the mistake of employing a part time MLRO, and therefore not complying with the AML/CFT requirements.
About First AML
First AML streamlines anti-money laundering compliance through its online identity verification system that can be completed by individuals anywhere in the world on their smart device. Our end-to-end customer due diligence platform is used by financial service providers, lawyers, accountants and real estate agents, providing them complete visibility and management oversight on the go. Keen to find out more? Book a demo today!
No time for a long demo? No problem. See what First AML can do for your business in 2 minutes – watch the short demo here.