LO 61.1: Explain best practices recommended by the Basel Committee for the assessment, management, mitigation, and monitoring of money laundering and financial terrorism (ML/FT) risks.
The Basel committee (referred to as the Committee) is committed to combating money laundering (ML) and the financing of terrorism (FT) as part of its mandate to enhance worldwide financial stability via a strengthening of regulation, supervision, and bank practices. The Committee has a long-standing commitment to sound Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT) policies and procedures in banks. Banks without sound ML/FT risk management practices are exposed to serious risks including, but not limited to: reputational, operational, compliance, and concentration risks. Costs associated with these risks include fines and sanctions by regulators, the termination of wholesale funding and facilities, claims against the bank, loan losses, asset seizures, asset freezes, and investigative costs.
Risk Assessment
The Committees Core Principles fo r Effective Banking Supervision was updated in 2012 and requires that all banks, have adequate policies and processes, including strict customer due diligence (CDD) rules to promote high ethical and professional standards in the banking sector and prevent the bank from being used, intentionally or unintentionally, for criminal activities. Sound risk management means the bank must identify and manage
Page 316
2018 Kaplan, Inc.
Topic 61 Cross Reference to GARP Assigned Reading – Basel Committee on Banking Supervision
ML/FT risks, designing and implementing policies and procedures corresponding to the identified risks. These risks must be assessed at the country, sector, bank, and business relationship levels. The bank must have policies and procedures for: Customer identification. Customer due diligence. Customer acceptance. Monitoring of business relationships. Monitoring of business operations. The bank must develop a thorough understanding of ML/FT risks present in: The customer base. The banks products and services. The delivery channels for products and services, including products and services in the
development stage.
The jurisdictions within which the bank and the banks customers do business. The banks understanding of inherent ML/FT risks is based on both internal and external data sources, including operational and transaction data (internal) and national risk assessments and country reports from international organizations (external).
Risk Management
Proper governance arrangements are necessary for the management of ML/FT risks. Prior publications from the Committee (specifically, The Internal Audit Function in Banks, June 2012, Principles fo r Enhancing Corporate Governance, October 2010, and Compliance and the Compliance Function in Banks, April 2005) describe proper governance arrangements. In particular, these publications require the board of directors to approve and oversee risk policies, risk management activities, and compliance. These functions are critical to the management and mitigation of ML/FT risks. ML/FT risk assessments must be communicated to the board of directors in a timely, complete, accurate, and understandable manner.
The board of directors and senior management should appoint a qualified chief AML/ CFT officer with the stature and authority to garner the attention of the board, senior management, and business lines when ML/FT issues arise.
Risk Mitigation
First line o f defense. The business units (e.g., the front office and customer facing activities) are the first line of defense in identifying, assessing, and controlling ML/FT risks. Policies and procedures should be specified in writing and communicated to bank personnel. Employees should know what they are supposed to do and how to comply with regulations. There should be procedures in place for detecting and reporting suspicious transactions. High ethical and professional standards are essential. The bank should carry out employee training on how to identify and report suspicious transactions.
Second line o f defense. The chief officer in charge of AML/CFT is the second line of defense. The officer should engage in ongoing monitoring and the fulfillment of AML/CFT duties. The officer should be the contact person for .AML/CFT issues both internally and externally
2018 Kaplan, Inc.
Page 317
Topic 61 Cross Reference to GARP Assigned Reading – Basel Committee on Banking Superversion
[e.g., supervisory authorities and financial intelligence units (FIUs)]. To avoid conflicts of interest, the officer should not have business line responsibilities or be responsible for data protection or internal audits. The officer may also be the chief risk officer and should have a direct reporting line to senior management and/or the board of directors.
Third line o f defense. The third line of defense is internal audits. The bank should establish policies for conducting internal audits of the banks AML/CFT policies. External audits may also play a role in evaluating a banks policies and procedures with respect to the AML/CFT function.
Risk Monitoring
The banks risk monitoring systems should be commensurate with the banks size, activities, and complexity. For most banks, and especially for banks that are internationally active, some of the monitoring activities will be automated. A bank must document its decision to forgo information technology (IT) monitoring and demonstrate an effective alternative. Monitoring systems should be able to provide accurate information to senior management on issues such as changes in the transactional profiles of bank customers. The IT system should also enable a bank to determine its own criteria for monitoring and filing suspicious transaction reports (STR) or taking other steps to minimize ML/FT risks. Internal audits should evaluate the effectiveness of IT monitoring systems.