These are the initial steps that you need to undertake in implementing AML/CTF legislation. These steps are common to a lot of compliance projects, so they can be used a bit more generically. The important thing here is to get this under way soon so that you can demonstrate to AUSTRAC that you are trying to comply. There is a 15 month window in the legislation to achieve full compliance – but this will only be allowed if you can show you are actually trying.
Steps 1 to 4 run in sequence and steps A and B should be performed at the start, regularly through the project and periodically thereafter.
Perform a mapping exercise, by business area, of an organisation’s
product/service offering to the list of designated services to determine
exactly where you are caught/not caught by the legislation.
Purpose: You only need to implement AML obligations on areas where you are caught. Provides senior management with a nice summary on 1 page and management with a detailed summary of areas to address in implementation.
Deliverable: Summary and detailed matrix highlighting captured areas of an organisation’s business and product/service areas.
Conduct a money laundering and terrorism financing (ML/TF) risk assessment to determine your exposure to ML/TF risk.
Purpose: A risk assessment identifies and analyses the ML/TF risks associated with an organisation’s products/services, customers, channels and jurisdictions. By defining an organisation’s ML/TF risk profile, an organisation can:
- develop appropriate implementation strategies based on the level of risk
- demonstrate to regulators its rationale behind its risk-based approach.
Deliverable: Summary and detailed ML/TF risk assessment report
Perform a gap analysis and business impact assessment (these can be performed in conjunction with each other).
Purpose: To identify the gaps and impact for an organisation given its risk profile. Includes a comparison of the AML/CTF legislation requirements to existing processes to identify the gaps, then key impacts on bridging that gap. Impacts may be categorised under people, processes and technology;
Deliverable: Gap analysis and impact assessment report
Based on the results of the above, develop a project plan to implement the AML/CTF legislation
Purpose: Provides a clear roadmap to what must be done, by whom and by when, including: scope of suggested activities, estimate of resource requirements – both internal/external and indication of approximate project implementation timeframes
Deliverable: Project plan
A. Awareness/training sessions with the Board, Executive Management and employees;
B. Periodic health checks on progress agains