What is a Compliance Programme?
A Compliance Programme is a written document of AML/CFT policies and procedures developed and approved by senior management of the Supervised Entity.
Compliance Programme should be designed to suit the business to address money laundering/financing of terrorism/proliferation financing (ML/FT/PF) risks identified during the risk assessment. In developing its programme, risk factors including the size, complexity and nature of business taking into consideration:
- Type of customers;
- Payment systems (i.e. cash intensity, cross border payments, etc);
- type of products and services offered;
- jurisdictions you conduct business with; and
- the types of transactions which its customers engage.
Once these risks are assessed the Compliance Programme should reflect the higher risk areas and the policies and procedures to mitigate the identified risks.
What should be included in the Compliance Programme?
The Compliance Programme must contain policies and controls for the following:
- Customer Due Diligence measures;
- Identification and internal reporting of suspicious transactions;
- Adoption of a risk based approach to monitoring financial transactions;
- External and independent testing for compliance;
- Retention of transaction and identification records; and
- High risk and designated jurisdictions.
There is no one-size fits all when it comes to the Compliance Programme. Though there are templates that Supervised Entities can utilize, each programme must be designed for the specific business.
You can consult the FIUTT’s Guidance Note on how to structure the Compliance Programme.
Implementation of the Compliance Programme
The Compliance Programme must be implemented immediately upon approval by the Board of Directors or senior management. That means the programme must be signed and dated. It is important that the approved Compliance Programme be circulated so all staff are aware of the contents.