BOX 3.1 (continued) risk assessments and includes establishing the intensity and frequency of supervisory activities (on-site examinations), staffing, outsourcing, training, and related budgeting requirements. The BMA’s annual supervisory inspection plan is subject to regular review; the plan takes into account any new information on ML/TF risks affecting the sectors or individual entities. The BMA’s risk assessments are structured in three stages: understanding the inherent risk within a sector, assessing the effectiveness of the ML/TF controls in place, and estimating the level of residual risk in the sector. This risk assessment is used to inform the risk-based approach to AML/CFT supervision across all stages of the AML/CFT supervisory life cycle. The BMA’s off-site supervision also entails a review of the institution’s AML/CFT policies and procedures. In addition, the prudential and AML/CFT units of the BMA hold regular outreach meetings with industry groups, external auditors, and other stakeholders to discuss supervisory issues, including ML/TF risk issues. As part of its supervisory function, the BMA reviews the working papers of external auditors to verify the scope of a financial institution’s internal controls, corporate governance, and legal compliance framework. The independent audits are also a source of information on the effectiveness of the financial institution’s AML/CFT program and compliance with the AML/CFT legislation. The assessment of sectoral and institutional ML/TF risk profiles informs the supervisory strategy, objectives, scope, depth, and frequency of examinations, which include a mix of documentary reviews and interviews with key staff of financial institutions during inspections. The BMA uses on-site inspections to verify the adequacy of a financial institution’s AML/CFT risk management and mitigation systems (policies, procedures, risk management, and internal controls) and to determine if they are commensurate with the institution’s ML/TF risks, size, complexity, business model, and so forth. On-site inspections also verify compliance with national AML/CFT legal requirements, but do so taking a risk-based approach. On completion of an on-site examination, a draft report containing the main findings and recommendations, including remedial actions and, where applicable, sanctions, is presented to the examined entity. The combined supervisory activity of the AML/CFT unit’s on-site and off-site teams and the prudential unit teams complement each other and combine to ensure a highly effective, highly developed AML/CFT supervisory regime. Source: CFATF 2020.
OUTLINE OF AN AML/CFT SUPERVISION MANUAL Implementation of the supervisor’s AML/CFT supervision regime should demonstrate that its supervisory approach is commensurate to these risks. An AML/CFT supervision manual that includes specific procedures for off-site and on-site supervision is useful. Box 3.2 provides a guide for structuring an AML/CFT supervision manual. CHAPTER 3: INTRODUCTION TO A RISK-BASED AML/CFT SUPERVISORY FRAMEWORK
55
