Section 42 of the Financial Intelligence Centre’s Act 1 of 2017 places an obligation on an accountable institution to develop, document, maintain, and implement a Risk Management Compliance Program which must be sufficient for countering the money laundering and terrorist financing risks facing the institution.
WHAT IS AN RMCP?
- Practical framework that “tells a story” on how the institution will identify, assess, and manage its money laundering and terrorist financing risks
- Specific to the institution and the risks faced by the institution
- Living document
WHAT IS IT NOT?
- Not another policy document
- Not a once-off generic overview of an institution’s AML/CFT risks and controls
THE PURPOSE OF THE RMCP IS TO:
- Provide for a program which incorporates the obligations of the Act
- Provide for a practical framework for the management of money laundering and terrorist financing risks, and serves as a tool in decision making
- Establish the risk tolerance and appetite levels in relation to the management of money laundering and terrorist financing risks
- Provides for the anti-money laundering and counter terrorist financing governance and reporting structures
SUGGESTED COMPONENTS OF AN EFFECTIVE RMCP
- Consists of an AML charter which sets out the vision, mission, and strategic objectives of the AML function, the commitment by the Board in relation to the management of anti-money laundering and terrorist financing risks and a clearly crafted strategy to drive program effectiveness
- Provide a high level overview of the institutions business model, target market, and geographical locations
- Detail the compliance obligations in terms of the Act, and how each obligation will be assessed and managed
- Detail the institution’s risk appetite and tolerance levels including as assessment of which money laundering risks will be treated versus avoided
- Detail the program components, i.e. identification, assessment, management of risks, AML function, AML culture, training and awareness, reporting and communication, monitoring and auditing
- Detail the control environment, control owners and approach to testing of controls
- Detail the processes, systems, and operating standards adopted by the institution
- Governance structures for AML/CFT compliance
- Reliance on third parties and commercial databases, and their associated risk assessments
- Business Risk Assessment and its associated risk-based approach framework and methodology
Senior and Executive Management will be expected to explain the RMCP to regulatory and supervisory bodies. Any flaws in the RMCP may indicate flaws in an institutions level of compliance. The RMCP is to be approved by the highest level of authority in an institution.
Sholane is a seasoned professional in Regulatory Compliance with a keen focus on Financial Crime. She has assisted a number of institutions in becoming compliant with regulatory requirements, and has built numerous AML programmes, Centres of Excellence, and online learning academies. She is a trusted advisor in the industry for financial crime compliance matters.
Author: Sholane Sathu – Adept Advisory Engagement Professional / Compliance SME
For more information, email: sholane@adeptadvisory.co.za
