Module Application
- Do those within your organisation understand how to conduct due diligence and, in particular, risk-based enhanced due diligence?
- Is your organisation familiar with the UK financial sanctions obligations following its withdrawal from the EU (Brexit)?
Module Scope
The UK AML/CFT/Sanctions framework is contained in a number of laws and regulations, which together place an obligation on an organisation to ensure that it has in place robust internal controls and processes to safeguard the integrity and stability of the UK’s financial system against money laundering and terrorism financing risks.
At the heart of the framework is the need for an organisation to ensure that its staff know and understand how to conduct proper due diligence when entering into a business relationship with a customer, identify and report suspicious transactions and keep adequate records of their dealings. Additionally, there is recognition that an organisation will need to give effect to financial sanctions (through asset freezing measures) as directed by the Office of Financial Sanctions Implementation (OFSI).
The AML/CFT/Sanctions module addresses the regulatory framework, which itself is largely derived from international standard-setting bodies, such as the Financial Action Task Force (FATF) and the UN (through its penal conventions, including UNTOC and UNCAC, and UN Security Council Resolutions (UNSCRs)). Following Brexit, the AML/CFT/Sanctions obligations are now entirely contained within UK law.
The AML/CFT/Sanctions module works through 5 core obligations, which are themselves supplemented by sub-obligations that detail the actions required and the consequences of non-compliance.
The core legal and regulatory obligations are based on the following considerations:
- Accountability;
- Stewardship;
- Internal controls, policies and processes;
- Direction; and
- Control.
An organisation is required to ensure that its staff (including part-time members of staff and contractors) are familiar with the AML/CFT legal obligations and requirements to which it is subject, as well as their individual responsibilities. Given the practical difficulties in carrying out the AML/CFT obligations, the module sets them out in a concise way and also takes into account any sector or industry-specific guidance, such as the detailed guidance developed by the Joint Money Laundering Steering Group (JMLSG).
The aim of the module is to equip the subscriber with a practical and clear understanding of its duties and responsibilities when operating within the UK and to provide an answer to the following questions:
- What are our legal obligations?
- What is the source of those legal obligations?
- How may we best ensure that we are complying with our legal obligations?
- What are the consequences of non-compliance?
The AML/CFT/Sanctions module recognises that an obligation breach has potentially serious consequences for both the individual and the organisation and may result in severe financial penalties, reputational damage, and in the case of individuals, imprisonment of up to 14 years’ for money laundering or terrorism financing and in the case of sanctions violation, imprisonment of up to 7 years. Indeed, there is also the risk of the FCA winding up or restricting the business of an organisation and taking enforcement action to recover funds and assets.
With all the above in mind, the module also addresses the role of the regulators and their approach to investigations and prosecutions, as well as guidance and recommendations issued by the regulators and standard-setting bodies in order to provide an organisation with practical assistance in the implementation and maintenance of its obligations across its operations.
The module is divided into 5 core obligations:
- AML/CFT Programmes
- Customer Due Diligence
- Suspicious Activity Reports
- Reporting
- Financial sanctions
Each obligation is accompanied by detailed sub-obligations, which examine the various requirements and how a member of the compliance team may carry out the requisite AML/CFT duties and comply with reporting requirements through internal and external mechanisms when a transaction or individual raises suspicion.
The AML/CFT/Sanctions module is set out in non-technical language, so that all staff (irrespective of position or seniority) are readily able to understand what is expected of them, where the legal obligations comes from and the risks and consequences faced. Equally, from an organisation’s perspective, it is vital that all staff are fully trained and equipped to discharge their duties, which include having an understanding of both individual and organisational legal risk and exposure. The module has been written with an appreciation of the challenges faced by non-legal staff, such as the conducting of effective enhanced due diligence.
Post-Brexit, it should also be noted that the AML/CFT/Sanctions module focuses primarily on UK law and, going forward, will not cover EU regulations or directives (unless applicable).
The module does not address the rights or entitlements of individuals who have suffered damages or losses due to breaches of legal obligations by UK organisations, nor does it cover the process that an entity or an individual would follow to report or seek compensation for the breach and any loss.