7 minute read
examination Findings and the examination Report
● enhance transparency of the supervisory framework and make available information on
AML/CFt enforcement measures imposed on institutions;
● ensure that the respondent banks have no business relationships with shell banks, wherever located; and
● strictly supervise the AML/CFt compliance framework of respondent banks and ensure that they meet their AML/CFt obligations, including enhanced customer due diligence measures on nested correspondent accounts and on customers who directly access payable-through accounts.
For banks whose accounts have been terminated, supervisors should investigate the exacerbating factors and circumstances and take the necessary supervisory and corrective measures where deficiencies are identified.
In developing a risk-based AML/CFt supervision plan, supervisory authorities should be aware that “de-risking can frustrate AML/CFt objectives and may not be an effective way to fight financial crime and terrorism financing. By pushing higher-risk transactions out of the regulated system into more opaque, informal channels, they become harder to monitor” (World Bank 2016). supervisory authorities have a key role to play in strengthening the AML/CFt regime and providing guidance on the AML/CFt requirements to ensure their consistent implementation.
EXAMINATION FINDINGS AND THE EXAMINATION REPORT
examiners should determine the level of compliance with each specific requirement being examined, based on a general classification of how the findings will be assessed. For instance, table 5.1 presents an example of a classification of compliance with the requirement to identify and verify the identity of a customer.
TABLE 5.1 Example of an Assessment of Compliance with an AML/CFT Requirement
Customer due diligence: identification and verification of the identity The identification of a client and the verification of the identity of the client should be done on the basis of documents, data, or information obtained from a reliable and independent source. Expected behavior Compliant Largely compliant Partially compliant Not compliant
the institution has policies and procedures for identifying and verifying the identity of customers, and those procedures are implemented adequately. evidence of this verification is recorded in the customer files. there are clear procedures for verifying the identity that describe the documents to be used and in which cases a certified copy or an apostille is required. Procedures are applied in practice, and documents are present in the examined customer files. there are mostly clear procedures for verifying the identity that describe the documents to be used. Procedures are not always applied in practice, and required documents are not always present in the examined customer files. the procedures only give some examples of documents that can be used to verify the identity of customers. In several examined customer files, incorrect documents are found or ones not duly certified. the procedures do not describe the documents to be used. In the examined customer files, there are hardly any documents indicating that the identity of the customer has been verified.
Source: World Bank.
Based on the examination results, supervisors should reach sound conclusions with respect to the effectiveness of the AML/CFt compliance framework of the institution and determine whether there are deficiencies and breaches of law. the examination should provide supervisors with the essential elements for writing an examination report that the institution can use to improve its AML/CFt compliance systems and practices. the examination report should clearly show that the objectives of the inspection were achieved and provide a sound basis for addressing the findings and identified deficiencies. For internal purposes, the examination report should provide a proper basis for determining enforcement actions for noncompliance with AML/CFt requirements. this report should follow the enforcement and sanctions policy and procedures of the supervisory authority.
Developing Conclusions and Recommendations
When developing conclusions for the examination report, the examiners should take account of all pertinent findings arising from the inspection and determine the following:
● Is the AML/CFt compliance system proportional and adequate in relation to the institution’s risk profile, size, and complexity?
● Are the board of directors and senior management fully engaged in overseeing implementation of the AML/CFt program and knowledgeable about their institution’s risks and compliance obligations?
● Does the institution adequately identify and assess the inherent ML/tF risks with respect to customers, products, services, geographic exposure, and delivery channels?
● Does the institution have adequate AML/CFt policies, procedures, and controls in line with legal requirements and implement these policies, procedures, and controls effectively?
● Is the audit function independent, and does it execute AML/CFt–related audits in compliance with the applicable AML/CFt laws and regulations?
● Is the AML/CFt compliance function competent, and does it have the necessary resources and authority to carry out its responsibilities?
● Is there an adequate training program supported by the compliance function that takes into account the risk profile, size, and complexity of operations?
examiners should also determine whether deficiencies or violations previously identified by the supervisor or through compliance monitoring or an audit have been remedied. they should also assess the overall level of compliance, as shown in table 5.2.
TABLE 5.2 Example of an Assessment of the Overall Level of AML/CFT Compliance
Assessed level of compliance
Compliant
Largely compliant
Description
Level of compliance exposes the institution to low risks due to no or minor gaps; no administrative sanction or other measures; no notable impact on reputation Level of compliance exposes the institution to moderate risks due to several gaps; limited administrative sanction or other measures; some reputational risk
(table continues next page)
TABLE 5.2 (continued)
Assessed level of compliance
Partially compliant
not compliant
Source: World Bank.
Description
Level of compliance exposes the institution to significant risks due to major gaps; major administrative sanctions or other measures, including a fine; major reputational risk Level of compliance exposes the institution to serious risks due to material gaps; significant administrative or criminal sanctions, including fines; loss of operating license, grave reputational impact
the assessment of findings should be the basis for recommending enforcement measures and sanctions. Additionally, the risk profile of the institution should be updated.
Structure of the Examination Report
As indicated, at the end of the on-site examination, the key preliminary findings should be discussed with the management of the institution. these discussions and management’s commitments should be documented in the final examination report. the supervisory authority or the AML/CFt supervision unit should determine the structure for the examination report based on several factors. nevertheless, the examination report should follow a consistent, agreed-on format. Furthermore, the type, scope, objectives, and findings of the examination should generally determine the content and length of the report. the following basic outline provides a guide for drafting the report:
● Background of the institution, including the type of institution, type and date of license, corporate structure, markets, and business model;5
● summary of the ML/tF risk profile as determined by the off-site risk assessment, subject to the discretion of the supervisory authority, which may not want to disclose detailed information on its risk assessment of the institution;
● Description of the legal basis, objective, type, scope, and duration of the examination and names of the examiners;
● summary of key findings and recommendations of the examination;
● Description of the examination procedures that were applied;
● Description of findings for each area examined, supported by deficiencies found in customer or transaction files; and
● Clear recommendations for corrective measures, action plan, and timelines.
World Bank’s Data Collection Tool for Supervisory Activities
the World Bank has developed a basic supervision data tool to support the supervisory authorities in keeping the summary records of the on-site supervisory activities and conducting strategic analyses based on these records. this simple tool asks the authorities to record the following systematically:
● examination dates and total time spent for an examination;
● examination team;
● Focus and characteristics of the examination (full, partial, thematic);
● Inherent and residual risk levels before and after the examination;
● Ratings for examination areas (customer due diligence, stR, governance, and compliance function);
● Findings of the examination (policies, procedures, and effectiveness aspects);
● Recommendations and relevant deadlines; and
● sanctions (as a result of the examination).
the outputs of the tool aim to support the authorities in undertaking the following activities:
● track the on-site supervision activities in all institutions
● Monitor the general trends about efficiency of AML/CFt controls;
● track the recommendations and progress made by the institutions; and
● track trends in inherent and residual risks in the sector.
Monitoring and analyzing such kinds of data on supervision activities can eventually inform strategic decisions such as planning staff and other resources, determining focus areas for future supervision, identifying common deficiencies at the institutions, and developing guidance and training material accordingly. Annex 5A presents the entry fields and some outputs of this data collection tool.
