Internal Policies, Compliance, Audit & Training under IFSCA AML/CFT

Chapter VIII of the IFSCA (Anti Money Laundering, Counter-Terrorist Financing & Know Your Customer) Guidelines, 2022 provides the provisions for Internal Policies, Compliance, Audit & training. The above guidelines are issued to eliminate any activity of Money Laundering or Terror financing risks. The regulated entity shall frame an internal policy based on its size and business activities. After framing internal policy, the regulated entity shall comply with the provision of the policies at the time of appointing or designating a principal officer. Further, to regularly assess the internal policy of the regulated entity, there shall be an audit at such intervals as may be prescribed. Moreover, in order to fully protect the entity from any risk, the employees shall also undergo training from time to time. The present article will discuss in detail the provisions for internal policies, compliance, audit & training under IFSCA AML or CFT guidelines.

Why Should The Internal Policies Of The Regulated Entity Be Framed?

The chapter on Internal Policies, Compliance, Audit & Training provides that the regulated entity shall frame adequate internal policies, procedures & controls and further aim to implement them during the course of business. The internal policy of the regulated entity shall be framed in such a way that it considers all the ML or TF risks and the size of the business and can prevent those risks.  

Moreover, the internal policies of the regulated entity serve as a guide to the officers, representatives and employees in ensuring that the laws and regulations relating to AML or CFT are strictly adhered to. Further, it is also mandatory that the regulated entity updates its internal policies in a timely manner to avoid any emerging ML or TF risks and simultaneously institutionalise new operational, legal & regulatory developments.

What Are The Provisions For Compliance Under The Guidelines?

The chapter on Internal Policies, Compliance, Audit & Training provides that there shall be proper compliance management and framework. Further, the provision for compliance under the chapter Internal Policies, Compliance, Audit & Training of the IFSCA guidelines provides that compliance frameworks shall be developed and implemented for appointing and designating a principal officer at the management level. The chapter further enumerates the provisions for compliance framework in relation to Principal Officer, which shall be as follows:

• The regulated entity shall ensure that the Principal Officer and the person appointed to assist him are qualified. The entity shall ensure that the principal officer has adequate resources & timely access to all the customer’s information and other relevant information to discharge his functions.
• The regulated entity must ensure that the principal officer has authority and seniority within the entity to perform his responsibilities effectively.
• The principal officer must refrain its presence from any internal audit and business line functions to ensure unbiased judgements and impartial advice to management.
• If there is a conflict between the responsibilities of the principal officer and the business line functions, in that case, it shall be made sure that adequate procedures are put in place to ensure the AML or CFT concerns are objectively considered & addressed at the appropriate level.

Responsibilities of Principal Officer

The chapter on Internal Policies, Compliance, Audit & Training, defines the responsibilities of the principal officer as:

• Carrying out ongoing monitoring of business relations for compliance with the guidelines
• Overseeing the carrying out of ongoing monitoring of Business relations for compliance with the guidelines.
• Promotion of the IFSCA AML/CFT guidelines
• Taking charge of all Money laundering and terrorist financing matters of the organisation.
• Promptly inform the representatives, employees and officers of changes in regulatory affairs.
• Take speedy and appropriate action if there is a suspicion of money laundering & terrorist financing risks.
• Reporting or overseeing the reporting of transactions that are suspicious.
• Providing advice and training officers, representatives and employees on developing & implementing internal policies and procedures on AML or CFT.
• The result of the review of the regulated entity’s compliance with the guidelines & risk assessment procedures shall be reported to the senior management.
• Regularly report on the AML or CFT risk management and control issues to the senior management.
• Providing remedial action on the internal policies, compliance, Audit & training reviews to the senior management.

What Is An Audit Function Under The Guidelines?

The chapter on Internal Policies, Compliance, Audit & Training provides that there shall be an audit function that is independent and adequately resourced. The audit will ensure that the regulated entity’s policies and procedures are regularly assessed and are in compliance with the requirements mentioned in the guidelines.

The AML or CFT framework of the regulated entity shall be periodically audited. Further, the audit shall be performed on individual business functions as well as on regulated entity-wise functions.

Assessment of Measures

In order to assess the effectiveness of measures taken to prevent ML and TF risks by the auditors, the chapter of Internal Policies, Compliance, Audit & Training requires the auditor to undertake the following activities:

• Determination of the adequacy of the Regulated entity’s AML or CFT policies and procedures.
• Determining the adequacy of ML or TF risk assessment framework & application of the risk-based approach.
• Reviewing the frequency and content of the AML or CFT training programmes.
• Review the extent to which the officers, representatives and employees comply with AML or CFT policies and procedures of the regulated entity.
• Assess whether any non-compliance is reported to the Senior Management in a timely manner.
• The extent and frequency of the audit shall be proportionate to the Ml or TF risks, size and the complexities of the regulated entity’s business.

What Is Training And Awareness Under The Guidelines?

The chapter of Internal Policies, Compliance, Audit & Training provides that the training be provided to the officers, representatives and employees of the regulated entity in relation to the internal policies and procedures. The training will ensure that the staff becomes well aware of any money laundering and terrorist financing risk they become exposed to during the course of business. Moreover, the regulated entity shall provide training to existing as well as new employees after their commencement of employment. The training in AML or CFT is not necessarily required to be formal; it may include any mode that is considered suitable and appropriate.

Purpose of AML or CFT Training and Awareness

The purpose of training and awareness by the regulated entity shall be:

1. To periodically provide AML or CFT training to all its employees.

2. To ensure that the AML or CFT training will make the employees to:

• Comprehend the laws relating to ML or TF, including rules and regulations.
• Understand the policies, procedures & controls relating to AML or CFT and any amendments or modifications.
• Understand and recognise the transactions that are related to ML or TF risks.
• Understand the type of activity that may constitute suspicious activity and warrant instant action of notifying it to the principal officer.
• Possess the relevant knowledge about the prevailing techniques, trends and methods in ML or TF.
• Understanding their responsibilities towards combating any ML and TF risks.
• Understanding the identity and duties of the principal officer and other associated persons of the regulated entity.
• Understand the findings, guidance, recommendations, resolutions, directives, notices, sanctions and any other conclusion provided by the third-party conducting CDD measures.

3. To ensure that the AML or CFT training is:

• Related and relevant to the activities, product & services, distribution channels, customer, level and nature of transactions, business partner of the regulated entity and
• Identifies & indicates the level of risks and vulnerabilities associated with the activities mentioned in point 3 (a) above.

Conclusion

The chapter of Internal Policies, Compliance, Audit & Training, is an essential chapter in the IFSCA^[1] guidelines as it provides the regulated entity to frame policies which shall be audited by eth on periodical bases. Further, the regulated entity shall train their representatives, employees and officers to effectively implement the policies. Further, for the proper implementation of the AML or CFT policies, the Principal Officer shall be appointed, who will be responsible for carrying out or overseeing the carrying out of the policies and procedures. Henceforth, it can be implied that the ML and TF risk could be avoided by regular monitoring of business relations of the regulated entity with the customer and framing policies and procedures that will assist the entity in determining the suspicious activity in advance.

Read Our Article: Grants under IFSCA (FinTech Incentive) Scheme, 2022