AML/CFT Policies and Procedures Manual

An AML/CFT policies and procedures manual is a formal document that lays down the step-by-step activities, also known as process steps, necessary for an entity to adhere with the AML / CFT regulatory requirements. The procedure manual should incorporate controls necessary to prevent or detect any operational errors that may result in a breach of the AML / CFT regulation. A breach in the regulatory requirement may attract penalties like regulatory censures, fines or even cancellation of business license.

The AML/CFT regulations released by all the supervisory authorities, necessitate the need for a structured manual by every organization like Financial Institutions, Virtual Asset Service providers and Designated Non-Financial Businesses and Professionals (DNFBPs), like real estate agents, audit and accounting firms, entities dealing in precious metals and stones, legal consultants.

A well-defined procedure manual enables the organization to,

  1. Prevent any breaches through a set of controls embedded within their processes,
  2. Detect control lapses on a timely basis thereby limiting the impact.

An effective control should have the following characteristics:

  • Preventive
  • Automated
  • Measurable
  • Efficient

A control lapse should trigger a root-cause analysis with an objective to enhance the control.  Such enhancements should be duly captured in a refreshed procedure manual.

The manual discusses in detail the Money Laundering and Financing of Terrorism (ML/FT) risk mitigation steps during the entire customer life cycle, considering the risks identified through the entity’s Business Risk Assessment (BRA). 

At minimum, the following topics should be covered in the AML policies and procedures manual.

  • An entity’s nature of engagement with its clients (one-off transaction or ongoing business relationship)
  • A KYC form to collect necessary details from the clients of the entity
  • Customer Identification and verification methods
  • Sanctions screening
  • Screening for adverse media news and political exposure (PEP)
  • Customer Risk Assessment using standard templates and consistent application of the methodology.
  • Applying Enhanced or Simplified Due Diligence measures based on risk rating.
  • Ongoing monitoring for suspicious activities or transactions and wherever necessary, process of reporting suspicions to the regulator
  • Periodically reviewing the risk profiling of customers based on Customer Due Diligence (CDD) process.
  • Governance of the AML/CFT framework which includes, appointment of a Compliance Officer, Staff training, Record Keeping, Independent audit, etc.

Refreshing the AML/CFT Manual

Based on the size and complexity of the business, entities are required to periodically refresh their policies and procedures manual.  An annual refresh is a good practise.  While refreshing the manual the following details should be kept in mind.

  • Recent changes to the regulatory framework
  • New risks identified through risk assessment, control assessments, etc. and subsequent control enhancements.
  • External or internal event necessitating control enhancements

How can we help?

We at Adventant, work closely with our clients in ensuring their AML/CFT policies and procedures manual are up to date, covering the key regulations, their risk appetite and enhancements necessitated through the root-cause analysis of prior control lapses. As part of the service, we provide consultation in designing various forms and templates that are needed for demonstrating adherence with the AML controls. These are,

  • KYC form:
    Used to collect basic customer details and signed by customers.
  • Customer Risk Assessment:
    Used to risk rate clients based on the risk factors stipulated by the regulations.
  • Client Risk Classification Register:
    Used to maintain an up-to-date client list with their respective risk rating (High, Medium, Low)
  • Politically Exposed Person (PEP) register:
    An internal register containing the list of PEPs serviced by the entity.
  • Register for SAR, STR, PNMR, FFR:
    Details of internal reports raised to assess suspicious activities and transactions and any such events used for submitting STR / SAR
  • KYC exceptions tracker:
    Any exceptions approved by senior management to the KYC documents of clients.
  • Training plan and register:
    AML / CFT trainings attended by staff and certificates.

Our services do not stop with providing the manuals and trackers.  We conduct staff training so that the processes and controls are fully embedded within the entity.

Request a consultation