DETERMINING AN AML COMPLIANCE PROGRAM & KEY STEPS TO DEVELOPING AML COMPLIANCE PROGRAMS
By Fombo Lega Nuyebga, LL.B, DRS, BL, CFIP
Co-founding partner & Compliance [Legal & Risk] Consultant
Determining and developing your AML Compliance Program in line with international and local (Cameroon) regulations;
COMBATING MONEY LAUNDERING & AML COMPLIANCE PROGRAM DESIGN
What is Money Laundering: Money Laundering is the process of illegally concealing the origins of money obtained illegally (through a predicate offence) by passing it through a complex network of commercial transactions and bank transfers so as to turn the money ‘clean’ and return it to the launderer in an indirect way.
Money laundering is one of the difficult crimes to detect by regulatory authorities because the proceeds are transferred in plain sight through standard transaction lines, legal institutions and financial intermediaries.
What is Anti-Money Laundering: Anti-Money Laundering (AML) is a term used in the financial and legal industries to refer to a set of policies, legislation (rules and regulations), procedures and technologies, structured to monitor, prevent and combat money laundering and related financial crimes. There are international and local regulators established for the monitoring, prevention and combatting of money laundering and other financial crimes.
The process of money laundering involves 3 steps; placement, layering and integration;
- Placement refers to the act of the offender putting the illegally obtained money into the legitimate financial system.
- Layering refers to the act of concealing the source of the money through a complex network of commercial transactions and bank transfers.
- Integration refers to the act of injecting the money into the legitimate financial system after withdrawal for the benefit of the offender.
Money laundering today has so many variants and with the internet today there is a new dimension to this age old white-collar crime. The rise of online banking and online payment services with the use of mobile devices has made the detection and prevention of illegal transfers even more difficult. However, there has been much advancement in security controls to make financial businesses fraud-free. This problem is universal and incorporating new measures does not come easily to businesses and especially financial institutions. Time and resources have to be injected in order to build a robust AML strategy. To this end, a strong AML compliance program is needed to resolve these issues.
Defining an AML Compliance Program: An AML Compliance Program refers to a structured internal operations and processing policy, customer due diligence and immediate report -filing of money laundering activity. The objective of an AML Compliance Program is to expose fraudulent activity and immediately react to mitigate the risks which it caused or could have caused. AML compliance is all that a company must do or does, relating to the detection and prevention of money laundering, terrorism financing and related offences.
After a compliance audit, where it is found that a business was not adequately AML Compliant, this will attract AML non-compliance penalties. To save businesses this tragedy, they have to follow certain requirements, in order to remain coherent with their AML Compliance program.
How to stay AML Compliant: In order to achieve this, a business must engage in 3 things;
- Employ an expert AML compliance officer or source for an external AML compliance firm. The AML compliance process is not an easy task and so requires an expert in the company with experience, skills and knowledge to keep the business in observance and to keep it compliant with regulatory demands. The officer must engage in organizing AML compliance trainings for compliance team members and other company personnel at all levels of the organization that may be exposed to treating such cases to recognize, identify and report their suspicions.
- There should be the creation of a robust reporting system which encourages information sharing and the immediate reporting of money laundering activities to the competent authorities.
- There must be a well-documented system for KYC (know Your Customer), CDD (Customer Due Diligence) and EDD (Enhanced Due Diligence), in order to properly assess clients’ profiles and evaluate risks.
Key Aspects of an AML Compliance program: An ideal compliance program for AML has to be structured with considerations to the potential risks and legal obligations which concern an organization. A proper risks analyses and classification has to be done in order to quickly identify exposure and thus provide a compliance solution, following these 4 steps;
- Identification of the AML Laws and regulations related to your jurisdiction
- Determination of predicate offences to Money laundering
- Evaluation of Business risk and customer due diligence
- Creation of robust internal compliance guidelines
6 Steps to developing an AML Compliance Program:
- IDENTIFY THE RELEVANT LEGISLATION AND REGULATIONS
This is a paramount step for every organization, to understand the laws within which it operates and the regulations governing its activities. The organization must seek to know the regulators, what the regulators expect of them and also communicate such to the competent members of the organization regarding matters of money laundering, terrorism financing and related crimes. A sound knowledge of the laws and regulations in any given sector of business activity on the part of the organization would increase observance of compliance. The legislation applied in Cameroon is Regulation No. 01/03- CEMAC-UMAC-CM of 4 April 2003 on the Prevention and Combating of Money Laundering and Terrorism Financing in Central Africa. This regulation was adopted at the regional community level under the auspices of the Central African Economic & Monetary Community (CEMAC) made up of six states, to wit, Cameroon, Central African Republic (CAR), Chad, Congo Republic, Equatorial Guinea and Gabon.
- RISK ASSESSMENT
For a successful AML Compliance Program, there must be a robust risk assessment mechanism. Stakeholders of an organization are not the same. Organizations must conduct risks assessments to evaluate their clients and sort those with higher risks profiles. This could be done by developing or setting in place compliance software which assists in scoring information regarding; Due diligence (KYC, CDD & EDD), PEPs (assets obtained illegally by Politically Exposed Persons), UBOs (Ultimate Beneficial Owners), and transactions to countries under international sanctions (Screening tests). The implementation of the due diligence process is however subject to jurisdiction.
- INTERNAL POLICIES, PROCEDURES AND CONTROLS
A successful internal policy, procedure and controls mechanism is dependent on solid knowledge of regulations and efficient risk assessment. Organizations have to set up internal guidelines and a hierarchy for information sharing. There must be a separation of roles for proper observation of the due diligence process (compliance officer should not have double responsibilities as in legal officer or company secretary). As such, there is a robust anonymous secure reporting line of money laundering activity, and based on evidence compiled by the compliance officer, it is reported to top management. However, the compliance officer takes the final step to report to the financial regulators (In Cameroon, the National Agency for Financial Investigation (NAFI)/ Agence Nationale d’Investigation Financière (ANIF) is the Financial Investigation Unit for the country, established by Presidential Decree No. 2005/187 of 31 May 2005 laying down its organization and functioning).
Other regulators and regulations in Cameroon include;
- The CEMAC (Communauté Economique et Monétaire de L’Afrique Centrale)
- The central bank – BEAC (Banque des Etats de l’Afrique Centrale) or the Bank of Central African States
- The regional supervisory authority – The Central African Banking Commission (Commission Bancaire de l’Afrique Centrale – COBAC). COBAC in accordance with CEMAC Regulation No. 01/03 has jurisdiction over issues concerning anti money laundering and combating terrorism financing.
- The Central African Action Group against Money Laundering or Groupe d’Action contre le Blanchiment d’Argent en Afrique Centrale (GABAC). As per Article 35 of Regulation No 01/03/CEMAC/UMAC/CM, the ANIF has to send statistics and information reports to the GABAC three times a year or annually. The GABAC also acts as a regional co-coordinator for the ANIFs of Member countries, and the GABAC in turn sends, every six months, a regional summary report on the activities of the ANIFs to the BEAC and CEMAC.
- The National Anti-Corruption Commission or Commission Nationale Anti-Corruption (CONAC) as established by Decree No. 2006/088 of March 2006 is the main organization responsible for the regulation and co-ordination of national anti-corruption issues in Cameroon.
- COMPLIANCE TRAINING
Employee trainings in compliance cannot be over emphasized. Such trainings have to be designed to meet the requirements of the organization in combatting money laundering, terrorism financing and other related crimes. Such trainings must also be done at intervals and designed to meet regulatory requirements when these are modified. Regular AML compliance training is effective for quick identification, reporting and exposure of offences. Most training should be targeted for employees operating within high risk units of the organization (staff who relate with clients, compliance team, finance and sales teams, senior management). However all employees are supposed to receive general compliance training. Trainings should focus on the risks areas of the organization’s business and then general training on AML regulations, penalties and a change in internal policies. Trainings can be offered within the organization (onsite), through a third party (compliance firm), or by the compliance officer and team. Generally it is done by regular staff meetings on compliance modifications, though other modes of training could be used like online presentations. This also is dependent on the organization in question as trainings should be tailored to the business needs of particular businesses. It is advisable to also document staff participation and completion of compliance trainings for compliance audit purposes.
- COMPLIANCE AUDIT
A compliance audit is the mechanism used to evaluate the strengths and weaknesses of an organization’s AML compliance program. Nothing can be done which is good if it is not tested. By reviewing the compliance program, omissions may be found at different levels of the compliance process; KYC, reporting or training. Such reviews must be done by an independent compliance auditor (particularly an experienced compliance auditor, individual or external compliance firm).
- COMPLIANCE OFFICER
There will be no effective AML compliance program without the presence and services of an expert compliance officer. The compliance officer must be charged with the management of the organization’s compliance and is ultimately responsible to the board of directors (reason why the compliance officer should not double roles as legal officer or company secretary). Apart from direct reporting to senior management, the compliance officer should also oversee the relations with regulatory authorities for AML related reporting and investigations. As an expert, the compliance officer addresses reports to the Board of Directors and senior management on compliance deficiencies and initiatives to remedy such, identifies persons responsible for internal policy breaches, ensures individuals concerned meet reporting and record-keeping obligations and provides his expertise in support to other units of the organization. It is advisable to have an expert with an LLM in Compliance, and also additional certifications like (CAMS, CFIP, CRCM, CFE, CCE, GDPR Compliance & Risk Management) or retain a law firm which has such lawyers or expertise on board.
Money laundering may be difficult to trace and observance of many international and local regulations may trouble a little. However, the right compliance strategy enables a company to quickly adjust within a short period of time. Though complex, with the skills and knowledge of a compliance expert, every organization can through such programs acquire a strategic advantage and save their reputation in the face of regulation.
The Role of Dayspring Law Firm:
At Dayspring Law Firm, our legal team constitutes experts who are ready with compliance solutions and employee trainings which are solicited by our clients to fulfill regulatory requirements. We assist our clients at all levels of the compliance process; drafting the framework compliance policies, setting up procedures and controls, compliance outsourcing, compliance training and audit. Our role is to establish strategic compliance solutions for our clients’ interests.