Azərbaycan Respublikası Mərkəzi Bankı Banklara Nəzarət Departamenti
Yüklə 1,1 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Examples of POOR practice
- Examples of GOOD Practice
Supervision Department - AML/CFT Training Sanctions and Asset Freezing - Governance - An individual of sufficient authority is responsible for overseeing the financial institution‘s adherence to the sanctions regime. - It is clear at what stage customers are screened in different situations (e.g. when customers are passed from agents or other companies in the group). - There is appropriate escalation of actual target matches and breaches of sanctions. Notifications are timely. - The financial institution believes payments to sanctioned individuals and entities are permitted when the sums are small. Without a license from the Asset Freezing Unit, this could be a criminal offense. - No internal audit resource is allocated to monitoring sanctions compliance. - Some business units in a large organization think they are exempt. Examples of GOOD Practice 2 Senior management should be sufficiently aware of the financial institution‘s obligations regarding financial sanctions to enable them to discharge their functions effectively. Self-assessment questions: • Has your financial institution clearly allocated responsibility for adherence to the sanctions regime? To whom? • How does the financial institution monitor performance? (For example, statistical or narrative reports on matches or breaches.) Examples of POOR practice Supervision Department - AML/CFT Training Sanctions and Asset Freezing - Risk Assessment - A financial institution with international operations, or that deals in currencies other than sterling, understands the requirements of relevant local financial sanctions regimes. - A small financial institution is aware of the sanctions regime and where it is most vulnerable, even if risk assessment is only informal. - There is no process for updating the risk assessment. - The financial institution assumes financial sanctions only apply to money transfers and so has not assessed its risks. Examples of GOOD Practice 2 A financial institution should consider which areas of its business are most likely to provide services or resources to individuals or entities on the Consolidated List. Self-assessment questions: • Does your financial institution have a clear view on where within the financial institution breaches are most likely to occur? (This may cover different business lines, sales channels, customer types, geographical locations, etc.) • How is the risk assessment kept up to date, particularly after the financial institution enters a new jurisdiction or introduces a new product? Examples of POOR practice Supervision Department - AML/CFT Training Sanctions and Asset Freezing - List Screening - The financial institution has considered what mixture of manual and automated screening is most appropriate. - There are quality control checks over manual screening. - Where a financial institution uses automated systems these can make ‘fuzzy matches’ (e.g. able to identify similar or variant spellings of names, name reversal, digit rotation, character manipulation, etc.). - The financial institution screens customers‘ directors and known beneficial owners on a risk- sensitive basis. - Where the financial institution maintains an account for a listed individual, the status of this account is clearly flagged to staff. - A financial institution only places faith in other financial institutions’ screening (such as outsourcers or intermediaries) after taking steps to satisfy themselves this is appropriate. - The financial institution assumes that an intermediary has screened a customer, but does not check this. - Where a financial institution uses automated systems, it does not understand how to calibrate them and does not check whether the number of hits is unexpectedly high or low. - An insurance company only screens when claims are made on a policy. - Screening of customer databases is a one-off exercise. - Updating from the Consolidated List is haphazard. Some business units use out-of-date lists. - The financial institution has no means of monitoring payment instructions. Examples of GOOD Practice 2 A financial institution should have effective, up-to-date screening systems appropriate to the nature, size and risk of its business. Although screening itself is not a legal requirement, screening new customers and payments against the Consolidated List, and screening existing customers when new names are added to the list, helps to ensure that financial institutions will not breach the sanctions regime. (Some financial institutions may knowingly continue to retain customers who are listed under sanctions: this is permitted if the Asset Freezing Unit has granted a license.) Self-assessment questions: • When are customers screened against lists, whether the Consolidated List, internal watch lists maintained by the financial institution, or lists from commercial providers? (Screening should take place at the time of customer take-on. Good reasons are needed to justify the risk posed by retrospective screening, such as the existence of general licenses.) • If a customer was referred to the financial institution, how does the financial institution ensure the person is not listed? (Does the financial institution screen the customer against the list itself, or does it seek assurances from the referring party?) • How does the financial institution become aware of changes to the Consolidated List? (Are there manual or automated systems? Are customer lists rescreened after each update is issued?) Examples of POOR practice Yüklə 1,1 Mb. Dostları ilə paylaş:
|