The AML Compliance program is based Four (4) Pillars.
1. Development of written internal policies, procedures and controls
a. Development includes a comprehensive Risk Assessment
2. Designation of Compliance Officer
3. Ongoing and periodic training of employees
4. Annual, periodic independent testing of AML Program
In this post we will discuss what is required for pillar three and four. Check yesterday’s post for information on pillars one and two.
Pillar Three – Training
The AML Compliance program must include both initial and ongoing AML training for all staff. This includes Executive Management and Board of Directors.
Ongoing training must be provided, (generally annually). In addition, new employees must be trained as soon as practical, usually within their first 30 days of employment, which is similar to the method Fair Lending training that is currently conducted.
Training and Testing
Training to include testing and information on high risk areas; fraud, red flags and company policy and procedures as well as how to report suspicious activity.
Records Maintenance is required for all AML training and must include the following:
– Dates of training
– Test Results (yes, there needs to be a test)
Ongoing Training Program
The training program should include the following elements:
• Require a sign-in and sign-out of participants
• Have a level of testing
• Function along the lines of your Fair Lending training
• Should use a learning management system or central management system
On the Job Training
The AML Compliance Officer is to communicate/alert staff of new developments in:
- Laws, regulations, government guidance, money laundering or fraud cases;
- Policy and procedure changes
- Enforcement actions
Copies of communications/alerts to be retained along with:
- Date distributed, and;
- Actions taken as a result
Training is the Focus!
NOT JUST ENOUGH TO SAY YOU DID IT!
YOU NOW NEED TO SHOW YOU’VE DONE IT!
Pillar Four -Independent Testing of Policy
Testing will be dependent upon the organizations size and risk. It must be completed at least annually or more frequently if warranted. It can be done by an independent 3rd party, or; can be done by Company personnel provided they do not:
1. Work for the Compliance Officer, nor
2. Perform any of the AML functions to be tested
We can help you with your AML policies and procedures and training.
Contact us today to find out more!