Having an adequate AML/CTF program is one the most important, yet often dreaded, things for FinTech enterprises, especially if they fall under the radar of the big regulators such as FCA, ASIC and NFA.
In this swiftly changing industry, companies should be constantly on the lookout for ways to enhance and strengthen their programs, hence the many solutions that are currently on the market, including Omnio. But before you even start thinking about using outside software to make your program more complex, you need to make sure you have the basics straight:
1. Compliance-oriented management
The base of every company and team is the leader (management) of the pack. Prior to starting to write your program you need to make sure that the company’s management is well aware of the importance of the compliance team and the work it is going to do, and is ready to provide the necessary resources so that the AML program can be created and applied diligently.
2. Internal policies and procedures
This is an absolutely essential part of any AML/CTF program. The policies and procedures, created both for use inside the team and throughout the whole company, need to include thorough information about risk appetite, sanctions, ongoing monitoring, PEP approach, market abuse, internal employee monitoring, etc. The procedures should also include in depth training guidelines and new employee onboarding process.
3. Risk assessment
Just because risk assessment is on third place in our list, does not mean that it is less important than the other two. Risk assessments are not and should not be the same for each company in the industry – they vary depending on the company’s business model, customers, location (which regulator is the company reporting to?), etc. Every company decides for itself how to score its clients and what factors should this scoring be based on. But regardless of all variables, the risk assessment’s main task is to help companies define, maintain and amend their risk levels so that they are still staying on the safe side without losing potential business opportunities.
4. Internal controls and independent monitoring
It is a general rule that sometimes you need to look from afar at a certain problem to see where it lies and how to resolve it. It is the same in compliance as well – a good practice for FinTech companies is to either have an internal control team to monitor the compliance team’s job and review their policies at a certain time (yearly, twice a year, etc), or have an independent third-party audit come, review the AML program and the team and point out what areas need further improvements.
5. Compliance training
Although we have mentioned employee training briefly in point 2, this is also one of the main aspects of a successful AML program. By employee training here we do not mean only additional training for compliance team members, but also training of other divisions of the company, such as Customer Support, Sales, Accounting, etc. This is required, for example, because employees who are not part of the compliance team, but have a direct communication with clients, need to be able to identify cases when a client is engaged in a suspicious activity (maybe the client said something unintentionally, or did something questionable) so that they can report it to the relevant team and start a client investigation. Of course, even when such cases are highly unlikely to happen, training your employees on the basic AML regulations can only benefit your organization.