Incorporating AML Compliance Into a Compliance Program (Part III of III)
Global companies should implement an AML program and KYC practices that follow the general outline for best practices, though it does not need to be as rigorous as a financial institution. For most companies, AML risks can be addressed in existing policies and procedures and would not require extensive additions to a compliance program.
However, a company has to document its risk assessment, mitigation strategies and implementation. It requires some time and attention but for most companies should be a relatively minor burden in comparison to other more significant risks. A basic AML program for non-financial institutions is an important back up to other more critical compliance program elements, and provides important protections against real and significant reputational risks.
A program that focuses on clearly defining processes to carry out the three key KYC areas (CIP, Due Diligence and Ongoing Monitoring) should be tailored to address the specific risks identified through a formalized risk assessment program.
A basic AML and KYC process should include the following:
- Distributor and Reseller Information: Global companies should collect relevant information from its customers to enable a customer risk assessment based on the specific factors outlined above. Pubic data and intelligence databases should be employed as part of the assessment process.
- CDD v. EDD Process: Global companies have to define in advance a process for distinguishing between CDD and EDD requirements for AML risks. It is important for global companies to conduct a risk assessment and use that risk assessment to identify relevant factors to determine whether to conduct a CDD or EDD for a specific distributor or reseller. The projected revenues, the geographic location, beneficial owners of the distributor or reseller, and possible PEP involvement will be important factors in this analysis.
- Beneficial Owners: It is important, for anti-corruption, sanctions and AML compliance that global companies identify the beneficial owners of its distributors and resellers. That can be a very challenging process, especially in high-risk countries such as Russia and China. Each beneficial owner has to be screened for corruption, sanctions and AML risks.
- Flow-Down Compliance: While global companies do not deal directly with sub-distributors or resellers, global companies should consider taking some steps to ensure that its distributors verify information and monitor transactions with resellers. In addition, global companies may build into its anti-corruption due diligence program a set of questions or follow up issues to collect information needed to assess AML risks among selected resellers. This information could be shared with distributors to increase monitoring of high-risk resellers.
- Monitoring and Auditing: Global companies should incorporate into its monitoring and/or auditing programs a process to identify relevant trends and transactions that may raise AML risks. For example, if a distributor is expected to engage in a range of transactions and subsequently conducts numerous transactions well-above the expected range, global companies should have a mechanism to trigger notification of compliance staff so that follow-up inquiries can be made as to the reasons for the transactions.
- Policy and Contract Review: Global companies’ existing policies and procedures should be reviewed for consistency and definition of its AML compliance program and policies and procedures. Similarly, global companies should review all of its written contracts with distributors, resellers, vendors and suppliers to ensure that AML risks, responsibilities, termination procedures and audit rights are addressed.
- Documentation: Global companies have to maintain documents related to its AML compliance program, including due diligence, monitoring and auditing activities. Documentation is critical for evaluating its AML program as well as protecting companies from government investigation and enforcement actions.