Visitors
When visitors leave come on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Cookies
If you visit our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
AML COMPLIANCE
RBL TRUST– AML Policies
- Definitions
Companies in practically every industry should have in place a robust anti-money laundering (AML) and countering the financing of terrorism (CFT) compliance program and comprehensive set of AML compliance policies. AML compliance policies should consider the entity’s business, legal and regulatory environments, suppliers, and customers.
At the heart of AML policies is the prevention of money laundering and terrorist financing. Money laundering involves the intent to conceal the source of criminal proceeds so that it appears that the proceeds are legitimate. Money laundering typically occurs in three stages: (1) placement; (2) layering; and (3) integration. Terrorist financing refers to activities that conceal the purpose or source of the funds that are then used to support terrorist acts and/or organizations. Note that the source, or origin, of the funds may or may not be criminal; the violation with terrorist financing involves providing the financial support to certain foreign governments or terrorists.
- Purpose of AML Compliance Policies
AML compliance policies are designed to minimize the risk of money laundering, criminal activity, weaknesses in internal controls, executive and personnel misconduct, and other illegal acts. In addition to protecting the entity’s reputation and demonstrating compliance with the law, it establishes a strong, ethical culture of commitment to the law. The entity’s compliance officer should ensure that the entity and its personnel are following the Bank Secrecy Act (BSA), the PATRIOT Act, and applicable FinCEN rules for reporting.
- AML Compliance Program
The BSA (31 U.S.C. 5311 et seq.) authorizes the Treasury Department to mandate that companies establish certain critical AML measures such as AML compliance programs, monitoring, recordkeeping, and reporting of suspicious transactions or transactions over a specified value. The PATRIOT Act was enacted to strengthen AML provisions; it imposes various additional due diligence procedures and increases the penalty amounts. Section 352 of the PATRIOT Act added subsection (h) to 31 U.S.C. 5318 of the BSA. This section requires all entities classified as “financial institutions” to establish and maintain AML compliance programs. “Financial institutions” is broad and encompasses more entities than just banks; for instance, it includes broker dealers or other entities providing financial services to customers.
Specifically, the Act requires that each entity satisfying the definition of a financial institution establish AML and CFT policies that include, at a minimum: “(A) the development of internal policies, procedures, and controls; (B) the designation of a compliance officer; (C) an ongoing employee training program; and (D) an independent audit function to test programs.” AML policies are typically in writing.
- AML Risk Assessment Policies and Procedures
An entity’s risk assessment policies and procedures aim to identify the business’ risks of money laundering, corruption and bribery, material weaknesses, and other crimes. When designing these policies, entities must adopt a risk-based approach. This ensures that certain high-risk or sensitive areas are prioritized and are assessed in terms of likelihood of occurrence, severity, and mitigation strategies available.
Businesses need to consider industry risks as it relates to their AML risk assessment. This includes evaluating customer risk, product and services risk, supplier and vendor risk, and geographic risk. AML risk assessment also mandates an evaluation of organizational risks. Among these organizational risks include those pertaining to the legal and regulatory environment in which the business operates, the compliance aspects demanded from the business, financial considerations, and even reputational and image concerns.
- AML Due Diligence Procedures
AML due diligence is arguably the most important element of successful AML policies. Due diligence refers to measures that a business undertakes to more fully understand the customers, transactions, or other endeavors for which it plans to engage before formally committing to it. AML due diligence procedures typically separate due diligence into two categories: (1) basic customer due diligence procedures for routine transactions and situations and (2) special or enhanced due diligence procedures for more complex, sensitive, unusual transactions and situations.
Basic or customer due diligence involves activities by a business to verify and gain more knowledge about its customers. This type of due diligence is unique to each customer or transaction. Examples of these activities include background and criminal checks, identity verification, analyzing risk profiles, verifying the authenticity of documents, and other basic screening tools.
Special or enhanced due diligence are undertaken only if the business is dealing with individuals, countries and entities, governments, or transactions that are considered more “high-risk.” High-risk situations include dealing with novel financial assets such as crypto and NFTs, certain foreign countries, large one-off transactions, or complex or multi-part transactions. Other circumstances that may be deemed “high risk” include purchases of goods or services with no identifiable purpose or insufficient documentation on the counterparties. Lack of third-party references is also a strong indicator of a transaction that is “high risk.”
Within this “high-risk” category, due diligence procedures should surpass the basic measures of identity verification. More enhanced measures include requesting bank statements, searching public records, contacting third parties for account verification, or confirming the origin of funds. Covered financial institutions are also required to establish and maintain written policies and procedures that are reasonably designed to identify and verify beneficial owners of customers. Further, these policies and procedures on beneficial ownership identification should be incorporated in the business’ AML compliance program as per 31 U.S.C. 5318(h). Businesses should be prepared to apply such enhanced measures whenever they determine that a certain situation or transaction is high-risk. Continuous monitoring and documentation is imperative with high-risk transactions and enhanced due diligence measures.
Section 326 of the PATRIOT Act also amended the BSA to require that businesses deemed “financial institutions” establish written customer identification programs (CIP). The purpose of CIP policies is to verify that the customer is who they say they are and that their documents are properly authenticated. A business’ CIP should include policies and procedures that obtain customer identifying information prior to engaging in the transaction or opening customer accounts; compile customer identification and verification information; maintain a record of the customer’s profile; determine whether there are any high-risk associations with the customer such as terrorist organization affiliation or prior AML or CFT violations; and provide the customer with notice of the business’ verification procedures.
- Filing Suspicious Activity Reports (“SARs”) and Other Cash Payment Reports
Businesses need to understand what constitutes a suspicious transaction. A suspicious transaction is one that gives rise to reasonable suspicion with respect to the circumstances of the transaction. These circumstances may involve the terms, the parties, the means of execution, or any other factors leading a reasonable person to question its veracity or sincerity or to believe that the transaction is being undertaken to evade or otherwise circumvent the law. To the extent such a suspicious transaction is identified, the business must file a suspicious activity report (SAR) and report the details on FinCEN Form 109. Suspicious activity reporting should be done as soon as possible to reduce the risks of money laundering, the financing of terrorism, or other crimes that could severely impact the business.
Other obligations include Form 8300—which requires that businesses report cash payments over $10,000 received in a trade or business. Specifically, both the BSA in Section 5331 and Internal Revenue Code at Section 6050I require that individuals file Form 8300 anytime they receive over $10,000 in cash or cash equivalents in a transaction or series of related transactions during the course of their trade or business. These forms must be filed within fifteen days of receiving over $10,000.
- AML Monitoring Procedures
Successful AML policies require that businesses implement strong and continuous monitoring and internal review procedures. These procedures should be examined and updated periodically for new requirements in the law, changes in the entity’s industry or specific business needs of the entity and/or its customers, or advances in technology. The entity’s compliance officer is responsible for evaluating business policies and procedures, making recommendations for improvement in AML compliance, and ensuring that personnel prepare the required reports for the business, third parties, or government.
Monitoring should focus not only on areas of high risk for money laundering and financing of terrorism but also on internal company-wide measures such as internal controls. AML monitoring includes measures adopted as preventative policies as well as remedial policies. Preventative policies aim at reducing the possibility of a breach or other incident of money laundering. Remedial policies focus on approaches that mitigate a breach after it occurs to lessen the damage to the business, its customers and suppliers, and reputation.
- AML Personnel Training
The entity’s compliance officer should ensure that the business receives the proper training needed to stay abreast of AML policies and procedures and changes in the law. Training should focus on the importance and appreciation of strong AML policies across the entire company. It should also emphasize procedures and tips for recognizing red flags of money laundering, communicating to upper management and supervisors, and ensuring adequate reporting and prompt, corrective action.
Many companies implement mandatory training sessions for all personnel and often have additional training sessions for personnel dealing in more high-risk areas or for upper management and executives due to the control and supervisory nature of their positions. For instance, all personnel are typically trained in basic AML policies and procedures; however, those individuals within the business that deal with budgeting or account creation should receive more focused training on finance and asset management.
- AML Reporting and Whistleblower Program
AML policies should include a clear and easy to understand section on the business’ whistleblower program. A whistleblower program should provide an easy mechanism for company employees and personnel to report – oftentimes anonymously – potential violations of AML laws and regulations, bribery and corruption, suspicions of financing of terrorism, and even internal company issues such as theft, fraud, or other misconduct. Many companies use anonymous forms that can be submitted online, set up anonymous hotlines where an individual can call and report the alleged violation, or even establish an independent department that hears complaints from company personnel.
The compliance officer should ensure that such a program is free from retaliatory action such as demotion, termination, denial of promotions or other benefits, or discrimination. The overarching goal of a whistleblower program is to instill confidence and security in the company’s employees for reporting AML violations in order to better serve the needs of the company and potentially protect it from situations that could be devastating if such potential violative conduct were not brought to the company’s attention.
- AML Recordkeeping Practices
Under 31 CFR § 1010.410, entities deemed “financial institutions” are required to retain records for a period of five years. The compliance officer is obligated to ensure that records are kept and maintained in an organized manner, remain up-to-date, and that access and control is granted only to authorized individuals. Exactly which “records” must be kept for this specified time period is a relative term but generally includes the following: contact details of employees, vendors, suppliers, and counterparties; contracts and sales agreements; internal controls of the company; accounting and tax records; customer identity verification and files; corrective action measures; reports and documents required to be filed or submitted to government agencies; risk assessment policies and procedures; and due diligence measures undertaken for each transaction.