In the US, the Bank Secrecy Act (BSA) and FinCEN regulations articulate the following policies and procedures, known as the five pillars of an effective AML compliance program:
- development of written internal policies, procedures and controls;
- designation of an AML compliance officer;
- ongoing AML employee training;
- independent testing of the AML program; and
- appropriate risk-based procedures for conducting ongoing customer due diligence in order to understand the nature and purpose of customer relationships and to conduct ongoing monitoring to identify and report suspicious transactions, and, consistent with the level of risk, to maintain and update customer information.
The UK Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (2017 Regulations) similarly require firms in the regulated sector to implement the following, which are considered to be the hallmarks of an effective AML compliance program in the UK:
- risk assessment;
- customer due diligence;
- policies and procedures covering customer due diligence, risk management, internal controls, reporting, and recordkeeping;
- ongoing AML employee training; and
- where appropriate based on the size and nature of the business, internal audit of the AML program and designation of an individual who is a member of the board of directors (or of its senior management) as responsible for compliance with the 2017 Regulations.
For more on firms in the regulated sector, see here.