We hope that the results from the survey can provide firms with a useful reference to help build good standards in AML policies and procedures. Through the survey, we have identified certain trends that suggest firms need to improve the way in which they address the Money Laundering Regulations 2007 (MLR07), in particular we identified that firms need to maximise the benefit of the risk-based approach.
In 2011, we invited the top 150 firms to participate in the benchmarking survey and 13 firms participated. The population included 8 firms spaced evenly across the top 50, including 2 firms from the Top 10. In 2012, we invited the APA firms to participate and nine firms took part. All participants completed the same AML benchmarking questionnaire, which we designed to collate data on client due diligence, suspicious activity reports, training, policies and procedures, monitoring and the role of the MLRO.
Where can firms improve?
We've summarised our key observations and recommendations below.
Client due diligence
- Firms are still not maximising the benefit of the risk-based approach to client due diligence. Only 56% of the firms surveyed obtain the amount of CDD suggested by the CCAB guidance for normal-risk, UK based individuals (one piece if meeting the client face-to-face). Although the majority of firms require additional evidence for a high risk client, 11% of the firms surveyed require the same amount of evidence for their clients irrespective of whether they are normal or high risk. Firms should carefully consider the amount of evidence they are collecting for both normal and high-risk clients and make sure that additional pieces of evidence are not simply duplicating the evidence already obtained.
- In order to maintain and update CDD records on existing clients, 56% of firms perform ongoing CDD based solely on time. It is important that firms identify the full range of relevant trigger events that may lead to a need to update the CDD records - simply maintaining and updating CDD annually may not be enough (although it is a useful default).
- We recommend that all firms consider a wide range of risk-factors as part of their risk assessment including adverse publicity, legal or regulatory investigations and PEPs/sanctions reports.
- Only 56% of firms use an online tool to determine whether an individual is a PEP and only 67% of firms use electronic databases to check potential clients, and ongoing clients, against the financial sanctions list. Consideration should be given to ensuring that a suitable method of identifying PEPs is selected. Partner judgement and knowledge of the engagement staff may not be 100% reliable.
- We agree that it is best practice for a risk-matrix framework to be centrally determined rather than relying solely on partner judgement.
Suspicious activity reports
- Firms should consider whether staff require any additional training on the types of activity that should be reported to the MLRO and to SOCA, particularly where the number of internal suspicious activity reports is low.
- We recommend that internal reports are made in writing as this provides an excellent documentation trail to demonstrate the information provided to the MLRO, which he/she can build on when concluding whether there is a suspicion. We also recommend that all firms acknowledge receipt of the internal suspicious activity report and include a reminder about tipping-off.
- Firms should document their judgement on whether a suspicion exists using a proforma or aide-memoir that provides reminders of the key facts and considerations that the MLRO should record.
Training
- MLR07 requires that staff be given regular training in how to recognize and deal with transactions which may be related to money laundering or terrorist financing. Not all firms provide annual training to their staff. This was surprising given that many firms stated that they relied on staff training to make sure that the firm fully complied with the requirements of MLR07. We believe that ongoing training is very important, and all firms should be performing some firm of top-up, or training sessions, every year.
- In particular, some firms rely on partner and staff training for identifying potential clients that may be PEPs or who are on the financial sanctions register. and associated regimes. Training needs to be provided on an ongoing basis in order for this to be fully effective.
- Training should also be role-specific and tailored for all staff at the firm.
- We recommend that firms always conduct AML training for their staff on induction. This training can be tailored to suit each individual's role.
Policies and procedures
- We recommend that firms review their policies and procedures on a regular basis, with best practice being on an annual basis.
- All firms should consider a breach of their AML policies and procedures to be a disciplinary offence.
- We recommended that all firms perform an independent monitoring review at least annually.
The MLRO
- Although all firms reported AML matters to their Senior Management Boards, some firms only reported limited information. We recommend that firms submit a comprehensive report including information on the number of internal and external suspicious activity reports, the training provided to staff in the year, the results of internal compliance checks and planned remedial action, and key money laundering risks.