AML/CFT audits uncover some common issues
Strategi identified a number of common issues in AML/CFT audits conducted January – April 2019. These issues and potential solutions are listed below:
Not updating the AML/CFT Programme for suspicious activity reporting
Solution: From 1 July 2018, suspicious activity reporting (SAR) replaced suspicious transaction reporting (STR). The NZ Police Financial Intelligence Unit (FIU) published a handy reporting guideline explaining what is required. Reporting entities should update the AML/CFT Programme to include adequate and effective policy, procedure and control. The Strategi Institute AML/CFT manual and templates for phase two reporting entities contains a full explanation of SAR and appropriate wording to include. If you are a Phase One reporting entity and are not sure on what to change then contact Strategi Institute for a sample template.
Not describing, in the AML/CFT Programme, an exception handling process when clients cannot provide the documents prescribed by the Amended Identity Verification Code of Practice (IVCOP), for verification of their identity
Solution: In the Customer Due Diligence section of the AML/CFT Programme, REs should include the exception handling process in place when on-boarding clients who are unable to furnish the identification documents prescribed by the IVCOP.
Not describing, a policy, procedure, and control for reporting prescribed transactions in the AML/CFT Programme, and not providing a reason for not including that description
Solution: Update the AML/CFT Programme to include a section describing the policy, procedure, and control in place to report prescribed transactions (if prescribed transactions are undertaken). If prescribed transactions are not undertaken, then provide a brief description in the AML/CFT Programme explaining why such a policy, procedure, and control are not required to be included.
Not reviewing and/or not keeping up to date, the Risk Assessment and the AML/CFT Programme
Solution: Periodically review these documents and, where necessary, update them to ensure they continue to remain effective. For Phase 1 reporting entities, check that the risk assessment reflects the DIA updated Sector Risk Assessment published September 2018.