by InScope-AML
March 15, 2023
Regulated entities face a lot of pressure to comply with AML and KYC obligations and, more often than not, this pressure falls on the company’s MLRO. How the MLRO and their team deal with this pressure depends on the processes and systems they have in place. Take this test to determine if you and your team are on top of things, or if things will very soon get out of control.
How is client onboarding carried out?
(a) By meeting up with the customer to ask for the required information; a lot of coming and going.
(b) Through a series of scheduled phone calls and emails.
(c) We send the customer a self-service link where they can provide the required information when it is convenient to them.
How and where is data about the customer held?
(a) Spread out in different places, drawers, excel sheets, and all these sources need to be brought together to provide a complete picture.
(b) Spread in different sources in CRM, excel sheets, and other digital sources, and all these sources need to be brought together to provide a complete picture.
(c) Is all in one place, in our AML Compliance Management solution.
How do you ensure that procedures are being followed by everyone involved?
(a) Micro-management, keeping an eye on everything and everyone.
(b) Everyone has a role, but everything is then signed off by the MLRO.
(c) Our compliance management solution guides users through the various processes, providing consistency. Also, audit trails are there to ensure that processes are followed.
How do you ensure that the information you gathered and processed cannot be tampered with, stolen, destroyed or lost?
(a) Physical files are stored on our premises and care is taken to ensure that the appropriate measures are taken to safeguard the information.
(b) The data in our on-premise systems is regularly backed-up.
(c) All data is on the cloud, with the necessary processes for back-ups, and security is applied across all levels using a Defence in Depth approach.
What happens when a country is added or removed from a list of high-risk countries?
(a) We need to go over every client to identify the ones with ties to that country, and change the risk profile of said clients. We would then need to determine which extra measures and documentation we need to gather and will reach out to the client accordingly.
(b) We need to identify the affected clients on our excel sheets and then contact each of these for the required information.
(c) Our AML Compliance Software automatically reassesses the affected clients and generates the related alerts so that the required information and documentation is collected.
How is information for adhoc reporting for internal or external users collected?
(a) After my initial panic, we start compiling the information from multiple places, double checking every time that different sources are not providing a contradictory picture.
(b) Using Excel, we sort through multiple sheets to sort the information required for the requested reports.
(c) Our AML Compliance Software supports filtering by multiple criteria and provides a highly flexible tool to generate custom reports.
How do you ensure that the documents you hold are not expired?
(a) We physically keep a list of documents and related dates, and we go through this regularly and take the required action.
(b) We use a spreadsheet to keep track of expiring documents.
(c) Our AML Compliance Software tracks the expiry dates of each document and sends the necessary alerts when these are due to expire.
SCORE
If you chose mostly option (a) – it seems like you are drowning in physical files and manual processes. If you aren’t already drowning with things out of control, it is only a matter of time unfortunately.
If you chose mostly option (b) – just because you are using spreadsheets does not mean that you are doing things the right way.
If you chose mostly option (c) – it looks like you are a client of InScope-AML.
Share this...
by InScope-AML
July 01, 2024
AML Compliance challenges when operating in a multi-jurisdictional environment
