3 minute read
outline of an AML/CFt supervision Manual
BOX 3.1 (continued)
risk assessments and includes establishing the intensity and frequency of supervisory activities (on-site examinations), staffing, outsourcing, training, and related budgeting requirements. the BMA’s annual supervisory inspection plan is subject to regular review; the plan takes into account any new information on ML/tF risks affecting the sectors or individual entities. the BMA’s risk assessments are structured in three stages: understanding the inherent risk within a sector, assessing the effectiveness of the ML/tF controls in place, and estimating the level of residual risk in the sector. this risk assessment is used to inform the risk-based approach to AML/CFt supervision across all stages of the AML/CFt supervisory life cycle. the BMA’s off-site supervision also entails a review of the institution’s AML/CFt policies and procedures. In addition, the prudential and AML/CFt units of the BMA hold regular outreach meetings with industry groups, external auditors, and other stakeholders to discuss supervisory issues, including ML/tF risk issues. As part of its supervisory function, the BMA reviews the working papers of external auditors to verify the scope of a financial institution’s internal controls, corporate governance, and legal compliance framework. the independent audits are also a source of information on the effectiveness of the financial institution’s AML/CFt program and compliance with the AML/CFt legislation. the assessment of sectoral and institutional ML/tF risk profiles informs the supervisory strategy, objectives, scope, depth, and frequency of examinations, which include a mix of documentary reviews and interviews with key staff of financial institutions during inspections. the BMA uses on-site inspections to verify the adequacy of a financial institution’s AML/CFt risk management and mitigation systems (policies, procedures, risk management, and internal controls) and to determine if they are commensurate with the institution’s ML/tF risks, size, complexity, business model, and so forth. on-site inspections also verify compliance with national AML/CFt legal requirements, but do so taking a risk-based approach. on completion of an on-site examination, a draft report containing the main findings and recommendations, including remedial actions and, where applicable, sanctions, is presented to the examined entity. the combined supervisory activity of the AML/CFt unit’s on-site and off-site teams and the prudential unit teams complement each other and combine to ensure a highly effective, highly developed AML/CFt supervisory regime.
Source: CFATF 2020.
OUTLINE OF AN AML/CFT SUPERVISION MANUAL
Implementation of the supervisor’s AML/CFt supervision regime should demonstrate that its supervisory approach is commensurate to these risks. An AML/CFt supervision manual that includes specific procedures for off-site and on-site supervision is useful. Box 3.2 provides a guide for structuring an AML/CFt supervision manual.
PART I: INTRODUCTION
● Scope and purpose of the manual ● International AML/CFT standards applicable to financial institutions ● The outcomes of the national risk assessment ● Legal and regulatory AML/CFT framework applicable to financial institutions and financial groups ● AML/CFT supervision strategy and action plan ● Structure of the AML/CFT supervisory department or unit and supervisory tools ● Types of AML/CFT supervision and outreach: ■ Off-site supervision ■ On-site supervision ■ Other outreach (compliance meetings, seminars, publications, and guidance).
PART II: OFF-SITE AML/CFT SUPERVISION METHODOLOGY AND PROCESSES
● Objectives of off-site supervision ● Methodology for collecting, analyzing, and assessing information on institutional and sectoral risks ● Risk-profiling and -planning processes ● Group and cross-border supervisory issues.
PART III: ON-SITE AML/CFT EXAMINATION PROCEDURES AND PROCESSES
● Objectives of on-site examinations ● Types and objectives of on-site examinations: full scope, targeted, thematic, and ad hoc ● Inspection planning: ■ Frequency, scope, intensity, and resourcing (based on risk profile, size, and complexity of the institution and compliance issues) ■ Information and meetings requirements ■ Administrative procedures (for example, team selection, letter to management, and other required processes) ● Core examination procedures: ■ Documentary review; ■ Staff interviews ■ Evaluation of internal controls and compliance procedures ■ Testing of customer files, transactions, and monitoring and screening systems.
PART IV: STRUCTURE AND CONTENT OF THE EXAMINATION REPORT
● Legal basis ● Business and ML/TF risk profile summary ● Objectives, scope, and types of the examination ● Inspection procedures applied ● Executive summary
