MLRO’s and the MLRO Annual Report to Senior Management (“AR to SM”)
Published January 2006
The AR to SM is a regulatory requirement, it is common practise however to
submit the report more frequently than annually, I have heard of many methods as
to how other firms meet this requirement. An MLRO has to assess a firms risk,
then decide the appropriate way in which to achieve compliance with this
requirement.
I am aware of some firms with a very low risk profile that do submit an AR to
SM, others do it half yearly, then others quarterly and then there are some that
receive monthly reports from their business units, which are compiled and then
used to compile the main report/reports.
At NIBC we are a low risk business, we have no private customers, and do not
hold cash and all our customers are Market Counterparties, additionally, we only
have 55 staff here in the UK and all the KYC’s are built by my department, as a
result of this I deemed it acceptable (risk based approach) to submit a biannual
report.
Personally I believe the AR to SM is a great tool given to us by the FSA, use
this wisely and it will assist you to prosper and maintain some self protection
(which is of course important to us all).
For the record, like my MLRO forum, this article is by no means to be read as
your solution, but, it is to be taken as a useful idea or guide and hopefully
you will pick up something useful from it.
For those of you whom are not the CO and MLRO, then I would suggest the two of
you getting together to discuss the drafting, and certainly getting duel
agreement before distribution to Senior Management, for those of us that wear
both hats life is obviously a little easier.
I always start the report reminding my senior management the reasons why I
complete the report, an example as follows:
United Kingdom Legislation requires the Financial Services Authority (“FSA”)
authorised firms to distribute a Money Laundering Report to the Senior
Management of a financial firm at least annually. The purpose of this report is
to assess a firm’s compliance with the Joint Money Laundering Steering Group
Guidance Notes and the FSA’s Money Laundering Sourcebook and Senior Management’s
responsibilities in relation to these.
In view of the FSA having stated that an annual report is a minimum requirement,
and the low money laundering risk business conducted by NIBC UK, I have deemed
it appropriate to issue two reports a year. Please find below the first report
for the six months to June 2006.
Once you have made it clear as to why you are submitting the report, then you
need to consider the content, certainly I would make the paragraphs short and to
the point, unless of course you have a serious problem/s, if that’s the case,
then make sure you clearly define the problem and, hopefully the solution, or,
what you are doing to resolve the problem and/or looking for in the form of a
decision / guidance from Senior Management.
Some content ideas:
1 Employee Awareness:
List here the ways in which staff are made aware of Anti Money Laundering
(“AML”), this may be several means, but from me for example, I have a
circulation file that is sent out to all my Approved Persons and other
designated individuals, the file has to be signed and returned (round robin
style) the content will always contain articles on AML, for example:
• European/international anti money laundering news;
• FSA rule amendments;
• Compliance notifications;
• Breaches/fines (incurred by other financial institutions); (I think this often
assists in focussing the powers that be); and
• General news, such as procedural reminders/changes, clear desk
reminders/results and more.
For larger institutions one circulation file to all Approved Persons would not
work, trust me, once distributed you will never se it again, however I would
recommend copying the file for each business unit, these can be given to each
business units line manager to distribute (keep him focussed and give him some
responsibility, if the manager leads, the others will follow, well that’s the
theory).
Other points I mention (reaffirm here) are that:
New employees continue to receive a Compliance Induction, which includes an AML
presentation and copies of the following: Know Your Customer forms (“KYC’s”),
the Anti Money Laundering Section from the Compliance Manual, the latest
Financial Action Task Force information and a Suspicious Transaction Reporting
Form.
2 Annual Refresher Training:
This section confirms that annual refresher training n has been undertaken and
that all designated staff have received the training, or, how many are still to
undergo the training. I conduct this during the last quarter of every year, new
employees who received an induction during the first three months of any year
will be required to attend, employees joining after 1st April can wait until the
following year for refresher training.
3 Complaints:
This section obviously only relates to AML complaints (make sure you clarify
that). At NIBC we have not received any complaints of this nature in the four
years I have been MLRO, but if we had, I would simply state an outline of the
complaint, and its final outcome (once resolved, if not resolved, I would give
an update as to where the complaint was at. Make sure you mention the outcome in
your next AR to SM).
4 Reports to the National Criminal Intelligence Service (“NCIS”):
Here I would list the reports made (in date order) and the outcome.
4a Reports to the Local City Police Fraud Office
(“CPFO”):
As above.
5 Communicating Issues to immediate Line Managers’ (I would include their
names):
Here I would simply list the ways in which I regularly communicate with my line
manager (in my case two line managers), and how this works/problems encountered
or not.
6 Money Laundering Information continues to be obtained from the following
sources:
Here I would list the main sources I obtain information from, for example (note:
this is not an exhaustive list by any means):
Bank of England Web Site (monthly)
Financial Services Authority Web Site (weekly)
Compliance Online Web Site (daily)
Joint Money Laundering Steering Group
(reference manual)
Financial Action Task Force List Web Site (Monthly)
Various courses attended (when relevant)
Other web sites; (when relevant)
And of course, my AML Practitioners Forum (MLROs.com and various other meetings
attended throughout the year.
7 FSA Arrow Monitoring Visits:
If you have had an Arrow visit, then no doubt AML has come into it. So here I
mention in what way and what the outcome was (FSA’s final report).
7a Other audits:
Mention here any other audits you may have had (IAD or external auditors) and of
course the outcome.
8 Know Your Customer Forms (“KYCs”):
Mention here how your KYC’s are believed to be working, if they are meeting the
current standards required ECT.
9 Procedural Changes:
Have any procedures been changed, if so what they were, why you made the changes
and the impact they have had.
10 Senior Management Support:
Mention the managers that have been most supportive (including your line
managers). Remember this report goes to senior management, so if business unit
line managers knows that he/she could get a mention here, it may well assist in
focussing them a little to your needs.
11 Money Laundering Risk:
Do I need mention anything here? Well you know clearly what I mean don’t you,
what’s your business risk, how you have come to make that risk based decision,
and of course, if there are any risks, what you are doing to mitigate them.
I would/could mention here the relations between you and the various
departments, this again helps the focus.
I additionally state the systems I use in order to mitigate the daily risk (both
internal and external), for example information providers are named and
amendments if any to internal systems and controls.
12 Forward Planning/ Resources:
Well of course you need to be aware (and assess) forthcoming JMLSG Guidance
Notes, FSA consultation documents and any EU directives that might be coming
your way and, the implications on your business.
Don’t forget to look at your own business units business plans, do they intend
an increase in business to a level your department cannot support, or, are there
complete new business units arriving?
13 The UK Proceeds of Crime Act (POCA), the Serious Organised Crime Agency (SOCA)
and the Asset Recovery Agency (ARA):
I simply give a bullet point update if there is any thing to report.
14 FSA – update/s:
As per the title.
15 UK Fraud:
I like to mention the UK Fraud trends, especially as the majority of people I
circulate my list to are based abroad. But having said that, as an MLRO you
should be on the ball as to what’s going on out there and as part of this report
you should be reporting/updating your readership. This report may be kept short
and simple, but keep it serious. Remember, FSA are taking fraud very serious in
2006, there are loads of stats being circulated and articles, you may do well to
refer to some of them.
16 Disaster Recovery (“DR”):
This is a big area that some MLRO’s are not as up to speed on as they should be,
one of my previous articles for Compliance Online was the MLRO and DR, if you
missed that then look it up, as I received some very positive feedback on that
article (its in this section somewhere).
Having said that, this is where you report on all the departments procedures
being up to date and tested and importantly, that includes your own department.
Additionally here’s another tip (I find this most useful), each time you send an
AR to SM, after saving it, then immediately (Word users only), open the document
and then close it saving it as your next report, this way, when anything new
comes along to include, you can cut and paste it into your next report (say in a
different colour, I use stand out red), this way, when you open the report to
rewrite it you already have some new things to report on.
Once distributed, I not only keep a copy in my AML files, but I place a copy in
my Compliance Monitoring Plan as well, this may seem to be duplication, but some
times the Annual Compliance Plan is monitored/audited but not the AML Training
file, so I keep copies in both places, let the auditors know what you are doing
and how organised you are.
Please contact me should you require any additional info, I will be only to
pleased to meet to discuss (lunch on you of course).
Remember, FSA will assess your reports against their perception of your business
risk, JMLSG, and BBA/BSA recommendations and the complexity of the organisation
concerned and the money laundering risk if it differs in different areas of your
institution.
Lastly, I hope all goes well for you in your AR to SM.
Ben Hur
Compliance Officer and MLRO NIBC Bank N.V.
Chairman: The Anti Money Laundering Practitioners Forum
(www.mlros.com)