The three general functions should be assigned to different people: (1) Physical custody of assets. (2) Record keeping of assets. (3) Authorization to acquire or dispose of assets.

Examples of effective controls at the enterprise level include Tone at the Top, Engagement of Senior Management, Ethical Code, and Privacy and Confidentiality.

Manual control is a simple control where an employee or manager is required to review and authorize a transaction before it can be permitted to move to the next stage. It is susceptible to human error which affects their reliability over time.

Information and technology controls can be more reliable, due to the consistency of their execution. Its logic within the computer application must be accurate and it’s essential that the information technology department has strong change management controls to update existing applications and the implementation of new systems that do not disrupt the business.

The policy and procedures should include (1) The periodic refresh procedures for existing customers that must be completed with a frequency that is dictated by the AML/CTF risk represented by the customer. (2) A definition of data integrity that must be enforced. (3) A list relating to the North America Industry Classification System Codes to the AML/CTF risk rating of customer groups. (4) The criteria for exiting a customer relationship.

The banks must establish risk-based CDD procedures that enable them to understand the nature and purpose of the customer relationship, to monitor accounts for the purpose of identifying and reporting suspicious transactions and to maintain beneficial ownership information of legal entity customers on a risk basis.

A significant component of the risk governance framework is regular reporting of the status of the AML/CTF program.

A financial institution must design and execute a process for the training needs of every employee, including all contingent workers, interns and consultants.

Personnel is the review of the actual job performance of the employees themselves.

It focuses on the tasks to be performed and the knowledge, skills, and abilities (KSAs) required for employee performance.

Inherent risks to medium and low priority products can be used for financial crime, it is equally important to identify. Recognizing how a financial crime occurs, enables employees to consider potential scenarios and use cases involving their own products.

The template should include Line of business name, Front line unit name, Cost center, Job title name, Job title code, and more.

A high rating is where the job function has the potential to detect or report potentially suspicious activity. It includes jobs involving KYC, compliance, internal audit, private banking, a teller and processing high-risk products and services.

The components include formal, and informal training, and communication.

The result of the financial crisis of 2007-2008, had a significant effect on the global economy, coupled with significant AML/CTF failures, the supervisory agencies, all over the globe, began to reconsider their supervisory strategies. So, financial institutions are required to manage risk more effectively and openly.

A course template should have the following course name, reference number, course title, name of the owner, version number, and more.

It contains a statement by the board of directors or senior management endorsing the culture of compliance; an affirmation by the employee confirming course attendance for both in-person and online courses; all relevant legal, regulatory and internal policies and procedures with consequences for compliance failures and contact personnel, and a description of the risk governance framework and risk assessment processes followed by the financial institution.

It is the senior management who needs appropriate training and to be reminded to constantly drive the importance of the culture of compliance.

Training metrics should include: Attendance at external courses and conferences.; Average scores by course.; Summary of course evaluations.; Course maintenance schedule.

It will include the restriction of editing or changing course material, except for the approved members of the financial crimes training faculty.

Advanced CAMS Risk Management will focus on demonstrating an advanced understanding of managing financial crime risk concepts, processes, regulations, and best practices. It isn’t “less” or “more” than the other advanced certifications; it is just different and accessible to more people.

The areas included are Organizations that should implement a firmwide approach to compliance risk management and oversight.; Independence of compliance staff. ; Compliance monitoring and testing.; Responsibilities of boards of directors and senior management regarding compliance risk management and oversight.

“We study the governance structure:
 To develop knowledge for managing a risk governance framework to an acceptable standard.
 To develop skills for managing a risk governance framework to an acceptable standard.
 To introduce an appreciation of a risk governance framework and a recognition of the important success factors. ”

On June 8, 2016, The Federal Reserve issued SR-16-11 entitled “Supervisory Guidance for Assessing Risk Management at Supervised Institutions with Total Consolidated Assets Less than $50 Billion.” It is very much in line with the OCC guidance and in conformance with the Basel Committee definition of operational risk, the guidance does address the needs of smaller institutions.

Joint Money Laundering Intelligence Taskforce (JMLIT) was formed in 2015, by the National Economic Crime Centre (NECC) in the United Kingdom.

Exercise independent judgment when providing active oversight, each member of the board of directors should exercise sound and independent judgment.

The current account charge includes uniform requirements for the security of electronic payments.; the abolition of additional charges claimed for card payments.; and clear rules for dealing with disputes and less responsibility for the customer in case of fraud.

The senior management establishes and maintains adequate policies and procedures to ensure compliance for model development and implementation. Another responsibility is reviewing the validation results and findings by the supervisory agency and internal audit, and take prompt remedial action where necessary.

The objectives are to develop knowledge and skills for producing a risk assessment to an acceptable standard and to introduce an appreciation of the risk assessment process and a recognition of the importance of policies and procedures.

The KYC Committee uses the feedback loop in their meetings to provide information about customer types including,the number of recent alerts generated and STRs filed.