Risk-Based Approach â Guidance for Money Service Businesses
Risk-Based Approach â Guidance for Money Service Businesses
Risk-Based Approach â Guidance for Money Service Businesses
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Risk</strong>-<strong>Based</strong> <strong>Approach</strong> – <strong>Guidance</strong> <strong>for</strong> <strong>Money</strong> <strong>Service</strong> <strong>Businesses</strong> - July 2009 Focus on meeting all regulatory record keeping and reporting requirements and recommendations<strong>for</strong> AML/CFT compliance and provide <strong>for</strong> timely updates in response to changes in regulations.Provide <strong>for</strong> adequate controls <strong>for</strong> higher risk customers, transactions and products, agents, asnecessary, such as transaction limits or management approvals.Enable the timely identification of reportable transactions and ensure accurate filing of requiredreports.Provide <strong>for</strong> adequate management and oversight of its agents, including initial Know Your agentdue diligence, AML/CFT training, and ongoing risk-based monitoring.Provide <strong>for</strong> adequate supervision of employees who handle transactions, complete reports, grantexemptions, monitor <strong>for</strong> suspicious activity, or engage in any other activity that <strong>for</strong>ms part of thebusiness‟s AML/CFT programme.Develop and implement written AML/CFT policies, procedures and processes, with periodicinternal testing to ensure adherence by all staff with AML/CFT-related responsibilities.Incorporate AML/CFT compliance into job descriptions and per<strong>for</strong>mance evaluations ofappropriate personnel.Provide <strong>for</strong> appropriate initial and refresher training to be given to all relevant staff.Provide <strong>for</strong> appropriate initial and refresher training <strong>for</strong> agents at appropriate intervals.141. Senior management will need to have a means of independently validating the development andoperation of the risk assessment and management processes and related internal controls, and obtainingappropriate com<strong>for</strong>t that the adopted risk-based methodology reflects the risk profile of the MSB. Thisindependent testing and reporting should be conducted by, <strong>for</strong> example, the internal audit department,external auditors, specialist consultants or other qualified parties who are not involved in theimplementation or operation of the MSB‟s AML/CFT compliance programme. The testing should be riskbased(focusing attention on higher-risk customers, geography, products and services, agents); shouldevaluate the adequacy of the MSB‟s overall AML/CFT programme; and the quality of risk management <strong>for</strong>the MSB‟s operations, departments and subsidiaries; include comprehensive procedures and testing; andcover all activities.© 2009 FATF/OECD - 43