- This helps you keep a pulse of how well your teams are adopting this and the effectiveness of your firm's controls against IWT.
- This sets out how you are going to monitor and manage your firm's adherence to your IWT strategy and policy.
-
Governance Committees: Map out which governing bodies will be responsible for oversight and challenge of your IWT policy, as well as which body is responsible for the more detailed monitoring and testing of your IWT effectiveness.
-
Management Information (MI): Senior Management can only make the right decisions if they have the right level of data flowing into them on a regular basis. Your MI plan should include what level of information and data you are providing, to whom and how frequently. Regulators will often want to see what MI is being fed into Senior Management and other levels of the organisation.
-
We would recommend that your Governance & MI is formally documented to include the following:
-
Roles & Responsibilities: it is critical to map out who is responsible for protecting your business from IWT risk. In reality this would usually be all of your staff, so it is important to clearly communicate roles and responsibilities for all teams and business groupings. In this you will also want to draw out a couple of specific roles, including:
-
Who takes overall responsibility for the firm.
-
Who is responsible for compliance with local laws and regulations.
-
Who is responsible for filing Suspicious Activity Reports (SARs) (internally and externally).
-
-
- Senior management receive MI that is up to date and examines both specific high risk real time alerts as well as trends based on historical data.
- Good MI reports are both visual and relevant for their audience. The best firms will have different levels of MI for Senior Management, to the MLRO to each of the operational teams.
- In many countries it is a regulatory requirement for the Money Laundering Reporting Officer (MLRO) to produce an annual report. This should include references to all associated Financial Crimes, including the IWT.
- MI includes a heat map of Key Risk Indicators (KRIs) as well as volumes of internal and external Suspicious Activity Reports (SARs)/ Suspicious Transaction Reports (STRs) raised.
Useful resources:
- International Finance Corporation (IFC) - Anti-Money-Laundering (AML) & Countering Financing of Terrorism (CFT) Risk Management in Emerging Market Banks
- Themis Briefing Note: Senior Managers and Certification Regime: The Buck Stops Here
- Themis Briefing Note: Operational Resilience: Weathering the Storm
- Themis Guidance: MLRO Best Practice Guide
- Themis Guidance: Banking - Do You Have an Effective Anti-Financial Crime Culture?
- Themis Briefing Note: Financial Crime Compliance - The Cost of Getting it Wrong