BOX 5.1 (continued) ●● Where relevant, the focus of each inspection or review, taking into account specific risks that have been identified or specific objectives that have been agreed on (for example, fact-finding to inform an ongoing risk assessment); and ●● The supervisory resources required for each inspection or review as well as a timeline for each inspection or review. In addition, the inspection plan should have the following characteristics: ●● The approach to be taken on entities with different levels of risk exposure, in line with the supervisory strategy; ●● Sufficient flexibility to accommodate or address unplanned inspections triggered by risk events or new information that could not have been foreseen when the plan was agreed on; ●● Procedures for adequate documentation and amendments where the risk exposure of an entity included in the plan has changed or a new risk is identified in the course of on-site or off-site supervision; and ●● An internal policy that sets out the level at which the plan should be agreed on or approved within the supervisory unit, how progress against the plan can be reviewed, the process for approving changes to the plan, and the extent to which an overview of the plan can be published (for example, number of inspections per risk rating). Sources: Adapted from guidance from the European Banking Authority and the International Monetary Fund and from FATF (2021, 29).
RISK-BASED EXAMINATION PROCEDURES Under a risk-based approach to AML/CFT supervision, depending on the type of inspection to be conducted, each examination requires tailored approaches determined by the examination planning process. These tailored approaches are determined by the risk profile of the institution and the objective and scope of the examination. The following examination procedures apply to full-scope inspections but can be adapted for other types of inspections. In general, inspections follow a two-pronged approach. The first part consists of assessing the existence and design of AML/CFT mitigating measures against the inherent risks of the institution. The second part consists of assessing the actual and effective implementation of AML/CFT controls. An essential part of the examination is to assess the AML/CFT systems and controls regarding (a) corporate governance and role of the board and senior management in AML/CFT issues; (b) the AML/CFT compliance framework; (c) audit and compliance functions; (d) AML/CFT policies, procedures, and controls, including customer due diligence, record keeping, and STR systems; and (e) AML/CFT resources, budget, training, and technology. These examination procedures are elaborated below.
Corporate Governance: Role of the Board and Senior Management in AML/CFT Issues Supervisors should verify whether the governance of an institution includes the active involvement of the board and senior management in AML/CFT issues. Active involvement is a prerequisite for 104
PREVENTING MONEY LAUNDERING AND TERRORIST FINANCING
