Policies & Procedures of Compliance
Compliance meeting the national and international standards set by applicable laws, rules, regulations, and guiding institution behavior by its values.
Compliance in its space of working as supervisor of combating all financial crimes requires institutions to establish and maintain a culture of high ethics standards which protect the FI from the potential risk of penalties & fines and reputation risk.
Important functions of compliance program:-
The compliance plan for the bank contains variety of items, the most important ones:-
Goals and policies
The plan should contain formulated compliance policies, and a means by which future policies can be formulated and modified, these policies addresses:
-Customer’s profiles and their classifications according to the products, services, channels of distributions, and geographical areas
– Monitoring of daily transactions
– Checking customers in sanctions lists
-How to deal with political exposed persons (PEP)
– Non face to face transactions
– Evaluate new products.
-Types of goods
-Geographical areas such as sanction countries or un*non-cooperative countries
The compliance plan states the bank’s goal and policies regarding setting up customers relationship (know your customer) or KYC, ordinary controls must be taken when establishing relationship with a new customer this required the basic information as the full name, date of birth, the identity, address, type of business and copies of documents approved this data and other information, and other information that is used as an important indicator of money laundering and transmitted to know the activities and transactions of the customer.
Particular attention must be paid to determining who exercises effective control over the entity and who is the real beneficiary.
Conduct continuous due diligence for customers, and monitor all transactions in light of the customer’s business profile when evaluating the nature of business of potential customers, the products they use, and through which channels.
Numbered, anonymous, code, false, fictitious names prohibited to open account.
In the context of identifying customers, KYC includes having sufficient knowledge of the customer and its business adequate to assess its risk for committing or being used for money laundering or terrorism financing or other financial crimes, the bank must be able to form reasonable belief that it knows the true identity of the customer and requires any additional information which can help in this.
Conducting sanctions screening & monitoring of customers & transactions:
To detect and prevent money laundering, terrorism finance & all commercial crimes,
there is many indicators hich can be detected by the following procedures:
-Checking customer’s names against world and local sanctions list on boarding and on a regular basis every six months.
-Monitoring of customers & transaction through the AML system include:
Large sum cash deposit/withdrawals exceeding the limit.
Frequent cash deposits (structuring).
Large single transaction clean payments.
Sudden increase in cash activity.
Repetitive wire transfers in round amount.
Sudden increase in activity non cash.
Recurrent activity involving high risk areas.
Customers conducting business in higher risk areas.
Customers credit transaction exceeding his business nature.
Recurrent cash deposit by non- account holders.
Round amount LC.
Frequently a mended LCs.
The bank principles prevent bribery & corruption to avoid the damage effects of their risk, the anti-bribery policies are:
-Continuing risks assessment.
– Monitor &manage conflict of interest to directors, managers & employees.
– All forms of bribes are prohibited whether they take place directly or through third parties.
-political contributions banks employees, agents or other intermediaries should not make direct or indirect contribution to political parties.
-Gifts, hospitality and expenses, the bank policies prohibit the offering, giving or receipt of gifts. hospitality or expenses whenever they could influence or reasonably be perceived to influence improperly the outcome of business transactions.
-Facilitation payments, recognizing that facilitation payments are bribes, the enterprise should prohibit them.
Proliferation of weapons
The bank should prevent & combated financing of proliferation of weapons through the following tools:
– paid particular attention when establishing the customer account relationship
– Export controls, licensing.
– The requirement of preapproval for export or the manufacture of designated goods.
– Ordinary controls for setting up accounts and for transferring funds.
-Identifying who exercises effective control of the entity.
-Due diligence regarding transactions (to products related) can have significant impact.
When assessing the nature of the potential customer’s business, the product lines and countries involved should be carefully scrutinized.
The program contains control for screening the current and new staff for criminal or links to problematic causes for risk factors.
Vetting of employees should not only occur at the time of initial employment or promotion but on a regular basis because a person circumstances change and the regulatory and sanctions change
Follow-up the bank’s compliance with the applicable rules, regulations and guidance from the central bank of Sudan.
Reporting suspicious activities
As an essential requirements, the bank must have a system to detect money laundering & all financial crimes indicators and notify the relevant authorities of any suspicious activities (SAR) or suspicious transaction(STR), reports and saved the records of those notifications, and if the decision of the monitoring process is to make no action it also must be reported to protect a bank from being potentially considered judgment as suspicious, there are a variety of reasons for screening & filtering potentially unusual activities , which include preventing overwhelming the system and causing unnecessary difficulties for customers engaged in legitimate business activities .
The records of these steps should be made and saved so that management and also supervising authorities may be able to understand and retrace the decision-making process.
It is important to record decisions taken and their rationale. It is also essential to have a record keeping plan by which these records can be saved and easy to be accessed ,searched and retrieved upon the request of regulators or examiners. The bank must determine the minimum retention period for records, what records must be kept, and who must create and file them.
A proper documentation and record-keeping policy applies to every decision, whether it results in an action, or a decision not to act, where action exists, indicating that the bank responded to a perceived problem. But if no action was taken, it is necessarily for the bank to explain why this action taken and it was a ppropriate than other possible actions.
Training & Education
Compliance plan must provide adequate overall compliance training for staff and special training with respect to anti money laundering & countering of terrorism finance, how to detect it and how to prevent it.
Training must be given to all staff in accordance with their duties and responsibilities, including directors and senior management.
The content of training must enable employees to:
-Increase their awareness of how to assess and evaluate the banks compliance with new and developed products.
-Understand the purpose and rational of various policies and rules, and be applicable to practical situations.
-The high values and ethics to perform work.
As indicated complete records of training must be kept so the bank can show the evidence of its seriousness towards compliance issues during an investigation or auditing process.
As feedback of training the compliance office follow-up the performance of employees and must be to high level of efficiency and ethics, and must consider any cases of breaches and how to treat them , investigate their reasons and put the proposals to avoid and prevent it.
Audit & testing
For the compliance program to be effective it must have on- going testing according to the policies of the bank.
Elements for an adequate compliance program:-
Compliance unit must:-
- Be an independent part in the bank
- Have a written compliance program approved by the Board of Directors.
- Provide the required reports to the board of directors.
- Consist of a qualified compliance team .It is necessary to designate a qualified and expertise senior person to act as a compliance officer and at least two assistant employees.
- Allocate sufficient resources to enable the fulfillment of responsibilities, and supported with sufficient adequately qualified staff to carry out their duties.
- have direct access to the board of directors or to an appropriate committee of the board , also must have access to senior management of the bank.
- The bank must provide the compliance unit with the necessary budget and resources to accomplish their compliance goals.
Independent testing means an undertaken by an internal unit of the bank and person that was not responsible for setting the plan or connected with it.
The testing must report to the Board of Directors and have access to them.
This monitoring can be done by internally, or external organization that is not part of the Bank.
Adequate resources must be devoted to the testing process.
Such independent testing is important to ensure that the program is functioning as intended, and show commitment of the banks activities and operations.
References & Guidance :
The compliance office collects and studies all law, regulations, publications and recommendations governing the work:
- Regulations and publications issued by the Central Bank
- Internal regulations and publications issued by the bank
- The Act no2004, regulation of banking business.
- Companies Act 2015
- Anti money laundering (AML) & Terrorism financing law 2014.
- The law of credit information and scoring agency for 2011.
- FATF Recommendations.
- Basel Committee Principles and Standards.