magnifying glass

AML / CFT audits uncover some common issues

Strategi identified a number of common issues in AML / CFT audits conducted January – April 2019. These issues and potential solutions are listed below:

Not updating the AML / CFT Programme for suspicious activity reporting

Solution: From 1 July 2018, suspicious activity reporting (SAR) replaced suspicious transaction reporting (STR). The NZ Police Financial Intelligence Unit (FIU) published a handy reporting guideline explaining what is required. Reporting entities should update the AML / CFT Programme to include adequate and effective policy, procedure and control. The Strategi Institute AML / CFT manual and templates for phase two reporting entities contains a full explanation of SAR and appropriate wording to include. If you are a Phase One reporting entity and are not sure on what to change then contact Strategi Institute for a sample template.

Not describing, in the AML / CFT Programme, an exception handling process when clients cannot provide the documents prescribed by the Amended Identity Verification Code of Practice (IVCOP), for verification of their identity

Solution: In the Customer Due Diligence section of the AML / CFT Programme, REs should include the exception handling process in place when on-boarding clients who are unable to furnish the identification documents prescribed by the IVCOP. 

Not describing, a policy, procedure, and control for reporting prescribed transactions in the AML / CFT Programme, and not providing a reason for not including that description

Solution: Update the AML / CFT Programme to include a section describing the policy, procedure, and control in place to report prescribed transactions (if prescribed transactions are undertaken). If prescribed transactions are not undertaken, then provide a brief description in the AML / CFT Programme explaining why such a policy, procedure, and control are not required to be included.

Not reviewing and/or not keeping up to date, the Risk Assessment and the AML / CFT Programme

Solution: Periodically review these documents and, where necessary, update them to ensure they continue to remain effective. For Phase 1 reporting entities, check that the risk assessment reflects the DIA updated Sector Risk Assessment published September 2018.