Implementation and Review of an AFC Program
Each institution shall make a review of the operational processes related to the complete AFC Risk Management program when the following topics are to be covered
- Does your regulatory compliance program follow the strategy and the risk appetite of your institution?
- Have your products been reviewed and approved on a regular basis to ensure proper risk controls and adequate mitigations?
- Can you improve the efficiency of your operating model and how do you know if your internal controls are strong, reliable and consistent?
- Are there any gaps within the current compliance program and how do you reduce costs without exposing your company more?
- How do you measure the maturity and the level of readiness of your institution for managing the potential money laundering risks?
- What updates shall be made to the policies and procedures to demonstrate the action in accordance with the business risk assessment?
- Are your Money Laundering Reporting Officer or designated person and compliance officer entitled to the necessary authority and resources to effectively execute all her/his duties?
- Are you aware of the potential conflicts of interest existing within the institution and how do you manage it?
– Maturity of the risk assessment and risk appetite
– Robustness on the regulatory surveillance and horizon scanning
– Compliance, granularity and logical organization of the policy framework, the policies, the procedures and the methodologies
– Awareness of the business, the culture of the company and tone from the management
– Level of implementation of the monitoring and testing controls, quality checks and quality assurance performed by Compliance or AFC
– Reliability and transparency of the reporting processes.
The responsible employees at the organisation shall also be protected and entitled to act within the regulatory requirements to ensure full compliance with the regulations.
The assessment is much more operational and granular than the Strategic Business Review and is required to ensure an optimal organisational structure that balances the business activities with the implemented policies and procedures.