Supervised entities must have risk management methods in place for money laundering and terrorist financing that are adequate in view of the nature and scope of supervised entities’ business operations. In assessing its risks, a supervised entity needs to take account of the risks related to its sector, products and services, technological advances, its customers and their operations.Supervised entities must be able to demonstrate to their supervisor that they have such risk management methods in place as required under the Act on Preventing and Clearing Money Laundering and Terrorist Financing for customer due diligence and ongoing monitoring.
In addition, supervised entities must maintain internal guidelines commensurate with their own operations and clearly defined working processes for customer due diligence and prevention of money laundering and terrorist financing. Supervised entities are required to ensure continued training of their staff.
Compliance officer and internal processes
A supervised entity must appoint a compliance officer or a contact person to whom unusual business transactions may be reported and who is authorised to report such cases to the Financial Intelligence Unit. The compliance officer's name and other details must also be forwarded to the Financial Intelligence Unit and the Financial Supervisory Authority, including any changes in this information.
Moreover, due attention must be paid to the clarity of tasks and division of responsibilities, working processes, reporting and the functionality of internal controls systems. The following principles related to a company's internal control and risk management are generally adequate for the prevention of money laundering and terrorist financing:
- The company’s management is responsible for risk management and establishment of procedures to combat money laundering and counter terrorist financing.
- The company has a clear understanding of who their customers are and to whom it offers its services.
- The compliance officer has expertise and adequate decision-making powers to deal without delay, on the company’s behalf, with matters related to money laundering and other abuse.
- Initiation and training of staff is comprehensive and ongoing.
- Internal guidance is in line with the company’s own operations and products.
- Working processes are clear.
- The threshold for internal reporting is as low as possible.
- Internal controls also covers compliance with obligations to prevent money laundering and terrorist financing, and related methods.