We continue to identify significant gaps in the anti-money laundering and counter-terrorist financing (AML/CTF) compliance programs of EMDs, PMs and investment fund managers (IFMs). The most common gaps we observe are:
- Inadequate/insufficiently documented risk assessments (risk assessments that are pro forma or “boilerplate”)
- Failure to perform an independent effectiveness review every two years, or inadequate documentation of the review
- Incomplete client identification information and documentation (e.g., expired ID and missing prescribed information for beneficial owners of corporate or other entity clients)
- Documentation to determine whether a client is acting on behalf of a third party (Third Party Determination) is particularly problematic and poorly understood
- Policies and procedures have not been properly updated to reflect the Risk Based Approach and incorporate required customer due diligence, ongoing monitoring and enhanced measures to be applied to identified high risk business relationships
- As it happens, these are the very things that pop up frequently when FINTRAC imposes administrative monetary penalties.
This is a gentle reminder that the unofficial “grace period” to allow for reporting entities to bring their AML/CTF financing into full compliance with the amendments which took effect last year has expired. During its examinations, FINTRAC expects to see a robust and up-to-date AML/CTF program. In particular, there is an expectation that reporting entities have understood and implemented the Risk Based Approach.