Those companies that are found to be non-compliant with UK anti-money laundering regulations face stiff fines, reputational damage, and, if found to have helped a scheme individuals can even be handed custodial sentences.
Unfortunately, guidance on what exact processes a company needs to adopt is extremely vague; with each individual company being responsible for designing and implementing their own processes and ensuring that these are compliant.
This requires directors to not only be experts in their fields but to also become one on the topic of anti-money laundering. Not only is this unrealistic, it still leaves significant scope for the most well meaning of AML processes to still fall short of the mark.
Whilst each AML process will ultimately be different from company to company, many companies will make the same mistakes. Leaving them vulnerable to punitive action from regulators or their governing bodies.
The importance of the companywide risk assessment is something that is not often effectively communicated to directors. It is commonly mistaken for a cursory box ticking exercise that requires just a general overview of a company’s risk exposure.
In actuality it is the foundation of a company’s AML defenses and processes. Any investigation into an organisation’s AML compliance will scrutinize this document, and it can be the difference between passing or receiving a fine.
In creating your companywide risk assessment senior management and key staff members must review in extreme details all areas of risk; such as sector, customers, services, internal processes etc. This must then be fastidiously recorded and documented with best practice being to also record your approach.
This documentation should be easily accessible and able to be produced immediately should an investigator request it.
It is necessary to have someone at the business who takes on the responsibility of owning the company’s AML procedure and processes. They function as the expert at the company on AML, report directly to the board, monitor the efficacy of AML defences, and ensure staff have the relevant training to name just a few of their functions. It is key that they have the required authority to access the information they need to fill this role and that others in the business recognise their authority on such matters.
Companies in the regulated sector are required to have an MLRO but they are not usually hired specifically just for this role. Due to the access to information required in this role and the authority it provides, MLRO’s typically are C-suite or senior management; should a company have dedicated credit & risk staff the risk department head is often the MLRO.
A surprisingly common mistake is companies not knowing that they fall under the UK’s AML regulations. This is largely due to poor communication from the government and regulators around AML requirements.
Companies in certain industries are automatically required to comply with AML regulations. These are collectively known as the regulated sector and include accountancy, law, banking, and real estate.
But transactions for high value items are also required to undergo AML checks. As this is linked to an EU directive the threshold amount is currently in euros; any cash transaction over €10,000 or series of cash transactions totaling over €10,000 have AML requirements.
Simply completing AML checks is not enough to prove compliance. It is necessary to factor into your AML processes the fact that it is as important to record your efforts and how you have met regulations as it is to actually meet them.
If you are in the regulated sector it is likely that you will have your compliance processes assessed at some point. This can be by either the regulators or your governing body.
Whomever is conducting the assessment, they will require thorough evidence of your processes, such as your firmwide risk assessment, and ask for examples. Typically they will select a number of your customers at random and ask to see the full audit trail.
If these are not easily available and suitably detailed it is likely that you will fail your assessment.
Red Flag Alert automatically stores the full audit trail of your AML checks and results. These are available instantly and from anywhere via the cloud.
Your AML processes need to constantly reviewed and adjusted as necessary. As part of the MLRO’s role they should report to the board regularly on the performance of AML processes. They should also regularly review that the company’s processes are working correctly.
Your companywide AML risk assessment also needs to be regularly reviewed and adjusted should it be necessary. Best practice is to do this every twelve months but should your company introduce undergo any major structural or operational changes, such as moving into new sectors or adding new service lines, these need to be reviewed for risk and added to the companywide risk assessment.
AML processes, especially checks, require a significant amount of staff time to complete and leave a large amount of scope for human error if you are not employing a technological solution.
There are a host of tools that allow you to complete AML processes more efficiently and accurately. Red Flag Alert provides a fully digital platform of compliant AML and IDV checks, which take just 30 seconds to send out to customers and are completed conveniently on your clients device. Checks are sent out in your full branding and thanks to our AI-powered technology and multi-bureau analysis system you wont find a more accurate system.
Red Flag Alert takes the stress out of your AML checks and provides your customers with an excellent onboarding experience. Find out how we will upgrade your AML processes today and get a free trial of the platform!