other supervisory Activities

Next Article

References

Documenting Risk Profiles

supervisors should document the risk profile of each financial institution or financial sector. Where the assessment is of an institution, supervisors can provide a brief summary of the institution, followed by a summary of its inherent risks, mitigating measures, and residual risk. In addition, other relevant issues that may affect the risk profile of the institution can also be described. these issues can include, for instance, (proposed) changes in ownership, senior management, audit and compliance functions, mergers, acquisitions, or new product lines. this description can also take into account, as appropriate, the results of other areas of supervision, the internal control environment, and the culture of compliance. the following can serve as a guide:

● Background information on the financial institution, including

■ ownership and control, corporate structure, (foreign) branches, and subsidiaries;

■ sector, size, and financial position;

■ Business model, including client base and main business lines;

■ Management issues, including recent changes and risk appetite; and

■ Regulatory and supervisory history, including enforcement measures and other compliance issues.

● ML/tF risk profile, including

■ Principal inherent risks with respect to customers, products and services, geography, and delivery channels;

■ Adequacy of mitigating measures;

■ overall residual risk assessment; and

■ trends in the institution’s inherent risks, controls, and residual risks.

● other significant issues and events, including

■ Quality and history of stRs;

■ Compliance and audit coverage of AML/CFt and management response;

■ open-source information (for example, reported ML/tF cases involving the institution or its clients);

■ Home or host supervisory issues (where applicable); and

■ enforcement measures and regulatory measures by other (supervisory) authorities.

OTHER SUPERVISORY ACTIVITIES

Risk profiles and sectoral risk assessments are important not only for identifying financial institutions for on-site inspections but also for selecting institutions for outreach activities, such as compliance meetings, roundtable discussions, and seminars or conferences.

Compliance Meetings

Compliance meetings with a financial institution help supervisors to understand the AML/CFt framework of the institution. Although on-site inspections are the main tool for assessing the effectiveness of the AML/CFt framework of the institution, compliance meetings are also a useful tool for discussing an institution’s ML/tF risk and AML/CFt compliance issues. such meetings help supervisors to assess how well senior management and the managers of the compliance function understand the risks assumed by the institution and its AML/CFt obligations. these meetings are useful for informing the off-site risk assessment of an institution.

Compliance meetings should be tailored to each institution and should take into account both its risk profile and all previous supervisory activities. the following issues can be addressed in a compliance meeting:

● the role of the board of directors and senior management in preparing and approving the business-wide ML/tF risk assessment and AML/CFt policies and procedures;

● the resources dedicated to implementing AML/CFt policies and procedures; and

● specific issues such as the stR decision-making process or progress made on the remediation of previously identified shortcomings.

Depending on their specific objectives, supervisors can meet with directors, senior managers, compliance officers, or auditors. these compliance meetings can be scheduled on a periodic basis or on a case-by-case basis. they can help to raise the awareness of the board of directors and senior management by helping them to understand the rationale for the commitments and resources needed to fulfill AML/CFt requirements and strengthen their personal commitment to providing necessary AML/CFt resources. In some jurisdictions, supervisors can also observe the board meetings of an institution to collect information about its corporate governance and decision-making processes.

Outreach to Sector Representatives

supervisors should also ensure that all financial institutions have a consistent understanding of ML/ tF risks and AML/CFt obligations. this understanding can be attained through outreach to sector representatives, such as the banking association or any other sector association. outreach programs allow supervisors to provide useful guidance on the interpretation and effective implementation of AML/CFt requirements. the supervisor can, for instance, hold periodic meetings with representatives of a sector. these meetings can have multiple purposes. they can be used to discuss general compliance issues encountered by financial institutions, which will improve the information of the supervisors and provide a sense of issues that the sector encounters. they can also be used to discuss proposed guidance, questionnaires used for off-site supervision, or emerging risks. supervisors also need to raise awareness and clearly define supervisory expectations on the implementation of AML/CFt compliance controls. this awareness raising can be done in various ways. Instruments such as guidance, publications about good and bad practices, questions and answers, or feedback on (anonymized) inspection results or sanitized cases can be used to support these goals. In addition, conferences and seminars, whether organized by the supervisor or by the industry, are an important outreach tool.