Embed Size (px)
Citation preview
BSA / AML – US (Pages 1-6)
AML / CTF – Cayman Islands (Pages 7-15)
Detection, Data Validation, Risk Assessment
BSA / AML –Building a Compliant System
▪ System of Internal Controls ▪ Independent Testing ▪ Training staff▪ Designation of individual responsible
for BSA / AML compliance▪ Line of Communication – regularly
reports to Board or Board Committee and Senior Management, carries out directives of Board re BSA/AML Board
CEOGener
al Couns
el
Compliance Officer
CFO
RECOMMENDED - INTERNAL CONTROLS▪ Identify the Risk Areas - types of services or products including deposit accounts, checking, investment
accounts; geographic locations; type of transactions▪ Inform and Notify Management - compliance initiatives, deficiencies, corrective actions, SARs▪ Appoint a Compliance Officer – person responsible for BSA/AML compliance▪ Provide for Continuity – change in control contingencies, staffing▪ Recordkeeping and reporting – ensure compliance with all reporting and recordkeeping, timely update when
change in regulation▪ Implement Risk Based customer due diligence (CDD)(KYC) policies, procedures and processes▪ Identify and file all reportable transactions (SARs, CTRs, CTR exemptions) – centralize review and report filing
functions▪ Provide for dual controls and segregation of duties – decision maker to file is separate from reporting/filing
party▪ Provide controls and systems for filing CTRs and CTR exemptions▪ Provide controls and monitoring systems for timely detection and reporting of suspicious activities▪ Adequate supervision of employees (i) handling currency transactions, (ii) completing reports, (iii) granting
exemptions, (iv) monitoring suspicious activities, etc.▪ Incorporate BSA/AML compliance into job descriptions and performance evaluations of employees, as
appropriate▪ Train and re-train periodically for awareness of regulations and internal policies and procedures.
RECOMMENDED - INDEPENDENT TESTING:▪ Evaluate adequacy and effectiveness of BSA/AML compliance program, policies, procedures by (1) statement as
to effectiveness and compliance with regulations, (2) inclusion of sufficient information which is basis for this conclusion
▪ Review of financial institution’s risk assessment – reasonable based upon risk profile of products, services, customers, entities, geographic locations?
▪ Risk Based Transaction Testing – verify financial institution’s recordkeeping and reporting (CIP, SARs, CTRs, CTR exemptions, information sharing requests)
▪ Evaluation of Management’s actions – resolving violations and deficiencies reported / noted in prior audits, exams, progress of outstanding supervisory actions
▪ Review of Staff Training – adequacy, accuracy, completeness
▪ Review of effectiveness of suspicious activity monitoring systems – manual, automated, combination by reviewing SARs, large currency aggregation reports, monetary instrument reports, funds transfer records, NSF reports, large balance fluctuation reports, account relationship reports
▪ Assessment of overall process for identifying and reporting suspicious activity – review of filed or prepared SARs – accuracy, timeliness, completeness, effectiveness of financial institution’s policies
▪ Assessment of integrity and accuracy of management information system (MIS) used in BSA/AML compliance program – reports used to identify large currency transactions, aggregate daily currency transactions, funds transfer transactions, monetary instrument sales transactions, analytical and trend reports
RECOMMENDED - COMPLIANCE OFFICER:▪ Key Qualities – expertise, authority, resources and time to perform the role
▪ Responsible for – Coordinating and monitoring day-to-day compliance.– Managing all aspects of the compliance program
▪ Board of Directors are responsible for ensuring the Compliance Officer has sufficient authority and resources (monetary, physical and personnel) to administer the compliance program effectively based upon the financial institution’s risk profile.
▪ Fully knowledgeable of BSA and related regulations
▪ Understand financial institution’s products, services, customers, entities and geographic locations as well as the risks associated with those
RECOMMENDED – TRAINING, TRAINING & MORE TRAINING:▪ Train regularly
- Regulatory requirements– Internal policies, procedures and processes
▪ Train staff whose specific duties involve BSA risk– Tailor training to specific duties and responsibilities, applicable line of business or operational unit (e.g.
trust services, international transactions, private banking)– Cross train and re-train if assigned to new position or new hire
▪ Periodic, Ongoing and Up-to-date – Staff: train and re-train if assigned new duties, new products or services, change in regulations or
guidance, new identified risks– Management: keep informed, advise on changes and new developments in BSA/AML, implementation of
regulations, directives and guidance from regulatory agencies, ramifications of violations and risk for non-compliance, approve new and or review periodically the policies, procedures, and processes
▪ Document training – who attended– materials presented– Dates– tests administered & results
Money Laundering Regulations / Proceeds of Crime Law (MLR/POCL) - Caymans
▪ Relevant Financial Businesses Subject to MLR/POCL ▪ Schedule 2 Activities within definition of Relevant Financial
Business▪ Guidance for compliance with regulations relating to anti-money
laundering and counter-terrorism financing (AML/CTF)– Identification Know Your Customer (KYC)– Monitoring– Internal Reporting of Suspicious Activities– Compliance Management– Record Keeping
Customer Informatio
n
Account approve
d
Transaction
Monitoring
Entities Subject to Regulations
▪ Relevant Financial Businesses– Banking or trust business carried on by a person who is a
licensee under the Banks and Trust Companies Law – Building Societies licensed under the Buildings Societies Law– Co-operatives licensed under the Cooperative Societies Law– Insurance businesses, including insurance managers, agents,
sub-agents or brokers within meaning of the Insurance Law– Mutual Fund Administrator or mutual fund regulated under
Mutual Funds Law– Company Management as defined in Companies Management
Law– List of Activities under Schedule 2
Schedule 2 List of Activities by Businesses subjecting them to AML/CTF regulations (1 of 2)
▪ Acceptance of deposits and other repayable funds from the public.▪ Lending.▪ Financial leasing.▪ Money transmission services.▪ Issuing and administering means of payment (e.g. credit cards, travellers’ cheques
and bankers’ drafts).▪ Guarantees and commitments.▪ Trading for own account or for account of customers in: (a) money market
instruments (cheques, bills, CDs, etc.); (b) foreign exchange; (c) financial futures and options; (d) exchange and interest rate instruments; (e) transferable securities.
▪ Participation in securities issues and the provision of services related to such issues.▪ Advice to undertakings on capital structure, industrial strategy and related questions
and advice and services relating to mergers and the purchase of undertakings.▪ Money broking.
Schedule 2 List of Activities by Businesses subjecting them to AML/CTF regulations (2 of 2)
▪ Portfolio management and advice.▪ Safekeeping and administration of securities.▪ Safe custody services.▪ Financial, estate agency and legal services provided in the course of business relating to
the sale, purchase or mortgage of land or interests in land on behalf of clients or customers.
▪ The services of listing agents and broker members of the Cayman Islands Stock Exchange as defined in the CSX Listing Rules and the Cayman Islands Stock Exchange Membership Rules respectively.
▪ The conduct of Securities Investment Business.▪ Dealing in precious metals or precious stones, when engaging in a cash transaction of
fifteen thousand dollars or more.▪ The provision of registered office services to a private trust company by a company that
holds a Trust license under section 6(5)(c) of the Banks and Trust Companies Law (2009 Revision).
Know Your Customer (KYC)
▪ Individuals– Name, address, date and place of birth, nationality, occupation, purpose of account,
estimated level of turnover for account (deposits and debits), source of funds– Documentation of customer identification – passport, armed forces ID card, Cayman
Islands employer ID card (photo and signature), provisional or driver’s license (photo and signature)
– Documentation of name and address – reference from respected professional (lawyer, doctor, accountant), check register of electors, credit reference agency search, telephone directory, utility bill, personally visit home
▪ Corporations– Certificate of incorporation, details of registered office, place of business– Explanation of nature of business, reason for account, expected turnover, source of
funds, financial statements– Identify of owners (10% or more interest in business), directors, controller and
“beneficial owner(s)”– Resolution of Authority to enter into transaction
On-Going Monitoring of Relationship
▪ “One-off transaction" means any transaction other than a transaction carried on in the course of an established business relationship formed by a person acting in the course of relevant financial business
▪ “Exempted one-off transaction" means a one-off transaction (whether a single transaction or a series of linked transactions) where the amount of the transaction or the aggregate of a series of linked transactions is less than CI$15,000 or the equivalent in any other case.
▪ Develop and apply written policies and procedures for taking reasonable measures to ensure documents, data and information collected during KYC process are up-to-date
▪ Monitor for changes in – Transaction type– Frequency– Amount– Geographical origin/destination– Account signatories
Internal Reporting for Suspicious Activities
▪ Appointment of Money Laundering Reporting Officer (MLRO)– All staff should report all suspicious activities to MLRO (even if
business, customer was declined)– MLRO ▪ investigates the reported activity and – (1) submit report to Reporting Authority or – (2) document and keep records of why it was not substantiated suspicious
activity and therefore not reported; ▪ establish and maintain a register of ML referrals made to MLRO by
staff
Compliance Management System
▪ Appoint Compliance Officer (may be the MLRO)– Sufficient skills and experience– Reports directly to the Board– Sufficient seniority and authority so Board acts and reacts to CO’s
recommendations– Regular reporting and contact with Board – Sufficient resources (time, staff)– Unfettered access to all business lines, departments and information
necessary to appropriately perform the function Develop policies, procedures and processes Training of Staff Audit of Compliance Management System
Board
Compliance Officer / MLRO
Record Keeping
▪ Maintain for at least 5 years all records on transactions – Sufficient information to allow the reconstruction of the
transaction, evidence for prosecution – Records of Identification Data obtained for 5 years after
relationship has ended– Reports of Suspicious Activities – retain until confirmation
matter has been concluded– Verification of Identity– Records relating to transactions– Training records– Register of all enquiries made by Reporting Authority
