Having recently conducted a number of anti-money laundering, counter financing of terrorism and financial sanctions ("AML/CFT/FS") supervisory…
c. Where a Firm is relying on an OSP’s AML/CFT/FS policies and procedures to perform AML/CFT/FS activities on its behalf, the Firm should test such activities to ensure the effectiveness and the application of the OSP’s AML/CFT/FS policies and procedures and should ensure the activities are being performed to a level commensurate with the level of ML/TF risk as identified in the Firm’s BRA. 1. The Bulletin should be brought to the attention of the Board by summarising the key issues in the Bulletin and detailing the next steps in the critical assessment of the firm’s AML/CFT/FS framework against the Bulletin; We have also set out some suggested next steps for Firms in order to address the CBI’s expectations. a. Failure to demonstrate that appropriate arrangements were in place (for examples, SLAs), to govern the outsourced AML/CFT/FS activities and a failure to subject outsourcing arrangements to regular review and assessment at a senior level; a. Firms should document the methodology employed for the BRA and prepare a BRA which includes an assessment of the inherent ML/TF/ FS risk, an assessment of the effectiveness of the AML/CFT/FS control framework and details of the overall residual risk; c. Firms must demonstrate that they have implemented an AML/CFT/FS framework, to mitigate the risk of ML/TF/FS; c. Failure to demonstrate that processes were in place to measure the effectiveness of the AML/CFT/FS controls implemented to mitigate the inherent risks identified; and e. A failure to demonstrate that a comprehensive assurance testing programme was in place, to ensure effective and independent testing of the AML/CFT/FS framework. a. A failure to accurately reflect the consideration of AML/CFT/FS matters at a board level in the minutes of the meetings of the board of directors (the “Board”); c. Where warranted by the nature, scale and complexity of a firm’s activities, Firms should appoint an individual at management level (the “Compliance Officer”) to monitor and manage compliance with, and the internal communication of, the Firm’s internal AML/CFT/FS policies; c. A failure to demonstrate that appropriate action was taken to address identified deficiencies in the AML/CFT/FS framework in a timely manner; While the Bulletin focusses on issues in the Funds sector, the CBI has clarified that it expects all firms, irrespective of their sector, to critically assess their AML/CFT/FS frameworks against the CBI expectations as set out in the Bulletin. The CBI has indicated that it will continue to conduct supervisory engagements with Firms and expects Firms to be in a position to demonstrate that they have reviewed the findings and expectations detailed in the Bulletin against their AML/CFT/FS frameworks and have taken steps to remediate any identified gaps/weaknesses.