From July 2021, the AML/CFT Act requires all reporting entities to complete an independent audit every three years – where previously it was every two years. The audit obligation is a systematic check of a reporting entity’s AML/CFT programme. It will assess whether the AML/CFT programme is functioning in practice and that the policies, procedures and controls in place are based on the money laundering and financing terrorism risks identified by that business.
Even though there are many firms that are AML compliant, companies still end up paying huge penalties to the authorities due to violations and deficiencies occurring in their compliance programme. With the time period between audits being increased, the rate of risk increases simultaneously as mistakes and deficiencies won’t be picked up in a timely fashion, leaving your firm vulnerable.
Customer Due Diligence Mistakes
A core part of the AML/CFT act is Customer Due Diligence (CDD). As BDO notes, it’s a “broad and complex point, so it’s not surprising at all that many reporting entities are attempting to comply yet falling just short of the mark”. Here are the most common areas where firms fail to comply with CDD.
1. Incomplete source of wealth information
Proving where your client’s funds or wealth has come from can be a tricky box to tick. Simple documentation such as payslips, work contracts and bank accounts will usually do the trick, however for larger and more unique cases, more due diligence is needed. It’s important to train your staff to understand when there is a trickier case, and for them to understand how these transactions could be a money laundering issue. Rather than having rigid checklists in place, it’s better to teach your staff what the red flags are, and how you can find out the legal source of funds in each transaction.
2. Additional requirements in your own compliance framework
As a firm, you establish your own set of rules – or compliance framework – that your business must follow. These rules at a minimum must meet the requirements of the Act, however some firms decide to take extra measures to be cautious. It’s important to ensure that each of your compliance framework measures are being followed, as a breach of your own rules will result in a breach of the Act itself.
3. Identity Verification Code of Practice (IVCOP) Compliance
The Amended Identification Verification Code of Practice 2013 is a guideline issued by the regulator, that states which forms of ID are acceptable ways to verify identity. Some of the guidelines in this document are: if originals can’t be used for ID, copies will need to be certified, and a drivers’ license alone isn’t enough to verify identity – you need more than one form of ID. Biometric Identity Verification tools are an excellent and easy way to keep compliant by scanning ID documents, verifying them with government agencies, and biometrically testing the identity of the user using a camera.
Common non-CDD related mistakes
Mistakes can arise in other areas of your compliance program, not just in the due diligence/customer onboarding process. This can include internal requirements that are imperative to ensuring your compliance program is a success.
4. Not self-monitoring
As part of the act, it is a legal requirement to self monitor your AML compliance – particularly the CDD element of this. Many firms believe that the three-yearly audit will suffice as self monitoring. It does not, and that is where some firms may fail this element of the audit process. It’s important to set up regular compliance checks to ensure that your firm is meeting all of your compliance framework requirements.
5. Vetting and training your staff
Training your staff on an ongoing basis is a legal requirement of the AML act. Not only is it legally required though, it is imperative that you do train your staff as this will ensure they are equipped with the knowledge to meet your compliance program, and therefore abide by the Act.
6. Appointing a Compliance Officer
It is important to appoint a full time compliance officer that will enforce the risk assessment and compliance framework in your business. This person must be a full time staff member – however they are allowed to undertake other responsibilities during their hours. Several businesses have made the mistake of employing a part time CO, and therefore not complying with the AML/CTF requirements.
About First AML
This article is not only written from the perspective of a technology provider, but also from the lens of compliance professionals. Prior to releasing Source, First AML’s orchestration platform, we processed over 2,000,000 AML cases ourselves. Understanding the acute problem that faces firms these days as they try to scale their own AML, is in our DNA.
That's why Source now powers thousands of compliance experts around the globe to reduce the time and cost burden of complex and international entity KYC. Source stands out as a leading solution for organisations with complex or international onboarding needs. It provides streamlined collaboration and ensures uniformity in all AML practices.
Keen to find out more? Book a demo today!