4.2. Policies and Procedures
Effective from 11/11/2021As required by Article 4.2.a) of the AML-CFT Decision and Paragraph 16.3 of the Standards, LEH must establish and implement comprehensive and documented AML/CFT policies and procedures to enable them to effectively manage and mitigate the risks they have identified. Under Paragraph 16.3.6 of The Standards, these must be approved by the Manager in Charge, the Compliance Officer, and the Board of Directors (or Owner/Partners where there is no Board of Directors). They must be reviewed and updated annually at a minimum to ensure that they are consistent with statutory obligations and other international best practices, and effective in mitigating existing as well as emerging ML/FT risks as per Paragraph 16.3.7 of the Standards. Policies and procedures should at a minimum:
| • | Be commensurate with the nature, size, and complexity of the LEH’s operations. | |||
| • | Outline the AML/CFT Program. | |||
| • | Be consistently implemented across all branches, subsidiaries and affiliated entities in which the LEH holds a majority interest. | |||
| • | Capture the LEH’s day-to-day operations and processes. | |||
| • | Clearly define the roles and the day-to-day responsibilities of the Manager in Charge, Compliance Officer, Compliance Committee and employees in relation to AML/CFT compliance as well as the ones of the Board of Directors (or Owner/Partners where there is no Board of Directors) in relation to implementing a robust compliance program across the business of the LEH. | |||
| • | Enable the LEH to clearly and effectively identify, escalate, and report suspicious transactions and activities. | |||
| • | Require enhanced due diligence to be conducted on all customers and transactions that are assessed to be high-risk. | |||
| • | Prohibit employees from, directly or indirectly, informing the customer or any third party that their transactions are subject to monitoring or under investigation or have been reported to the FIU as suspicious transactions. | |||
| • | Contain sufficient detail of their record keeping obligations. | |||
Policies and procedures should be clearly communicated to all relevant employees. They should be easy to follow and be designed to support the compliant and effective functioning of the AML/CFT program and prevent employees from engaging in misconduct.