The Financial and Capital Market Commission (FCMC) has developed a new approach to inspections in the field of money laundering and terrorism and proliferation financing (ML/TPF). The new procedure will reduce an administrative burden for financial institutions and their business relations with customers, balancing inspections with risk tolerance for individual financial institution, and ensure faster obtaining results of inspections.
On 27 November 2020, the Financial Sector Development Board supported the “Action plan to strengthen a proportionate approach to the implementation of anti-money laundering and counter-terrorism and proliferation financing requirements”. It provides for the FCMC to make amendments to the existing manual for inspection approach. The changes to the procedures for the conducting of full-scope inspections in the field of ML/TPF and international and national sanctions risk management provide for a new approach to the inspections. It will increase the effectiveness of inspections and reduce the administrative burden both in supervision and in the business relations between banks and customers.
More focus on inspection planning
The frequency of inspections in the field of ML/TPF performed by the FCMC depends on the risk level defined for the bank. High-risk banks are subject to annual inspections, medium-high risk banks – once in one and a half year, medium-low risk banks – once in three years, but low-risk banks – once in four years. Since 2021, a planned inspection plan has been published on the FCMC’s website, in which inspections in the field of the prevention of ML/TPF have been coordinated with prudential inspections.
The inspection process consists of three consecutive steps: planning, carrying out the inspection and preparing the report. The new approach is based on focusing more on the initial inspection planning process. The focus and priorities of the test are determined taking into account the major risks inherent in the banking activities. This means that prior to the inspection, all information on the bank at the disposal of the FCMC has been carefully assessed, including external audit results, quarterly ML/TPF risk exposure indicators, prevention measures identified as a result of previous inspections and audits, prudential supervision information showing potential ML/TPF risks or sanctions risks in the activities of the bank. Major external risks related to the sector risk assessment also should be taken into account, as well as changes or significant projects planned by the institution, and the information provided by the Financial Intelligence Unit on the quality of the reports provided by the bank and its ability to identify suspicious transactions.
The new procedure involves holding a meeting with the bank before the approval of the inspection plan, in order to discuss the conduct of the inspection, namely the purpose and scope of the inspection and the expected timing of the inspection and interviews with the responsible staff, as well as major changes that have occurred at the bank following the last inspection and identifying the potential risks or areas on which increased attention should be focused during the inspection.
From a sample testing to comprehensive assessment of internal control system
The objective of each inspection is to obtain assurance that the bank identifies and understands the ML/TPF risks or international sanctions risks inherent in its activities and has developed an appropriate and comprehensive control system for the mitigation and effective management of these risks.
Unlike the previous FCMC’s inspection approach, which was more based on the sample testing, the new procedure provides for a comprehensive assessment of the sufficiency and effectiveness of the bank’s internal control system, based on an assessment of 10 core elements of the internal control system:
The scope and priorities of 10 core elements are determined at the stage of inspection planning.
Focus on effective management of the risks inherent in the banking activities
The focus of inspections is on the risks inherent in the bank’s activities, as well as on the facts at the FCMC’s disposal, which indicate potential weaknesses in the bank’s internal control system and effective risk management. Whereas sample testing will be used to explain shortcomings identified in the internal control system. Sample testing is expected to be selected according to identified risks.
The objective of inspection is to make certain that the bank has an effective internal control system in place that meets the regulatory framework requirements, namely that it exists not only on paper but is fully applied in practice.
Reduced administrative burden, increased efficiency
In order to ensure uniform and consistent progress of the inspection process, the fields to be tested and the tasks to be performed are identified for each member of the inspection team before starting the inspection, and a single register of requests and questions to be sent during the inspections under the responsibility of the inspection team member shall be established. This reduces inefficient use of resources in both the FCMC and banks.
Upon sending the letter of request, the head of the inspection team is expected to contact the contact person designated by the bank and discuss the content of the request, explaining what information needs to be submitted, thereby reducing any misunderstanding and reaching a common understanding of the extent, type and purpose of the information provided.
Central role of bank involvement in the preparation of a statement
The new inspection procedure also changes the arrangements for reporting the results of the inspection to the bank. A draft report on which the bank is entitled to provide its views and comments within 10 working days first of all is sent to the bank. Following receipt of the comments, a meeting between the FCMC and the bank representatives is held to discuss the deficiencies identified during the inspection. The final report statement is sent to the bank only after hearing and evaluating the comments made by the bank.
In the future, the inspection report will include a brief summary of the irregularities identified and the major shortcomings in each of the elements of the internal control system and provide an assessment of the impact of those irregularities and shortcomings on the internal control system. The statement will also highlight the good practices of the bank.
The number of the FCMC’s employees in the inspection group has been increased in order to ensure a faster conduct of the inspection and timely collecting and communication of the inspection results to the bank.
Changes to the inspection approach are based on a thorough assessment of existing practices as well as international experience. They are in line with and support changes to laws and regulations made at the beginning of this year.
In addition to changing the inspection approach, the FCMC contributes heavily in preparing explanations on different topics, providing manuals on the establishment and functioning of internal control systems, updating information, as well as by participating in and organising a variety of informational and educational activities. Open dialogue with the financial sector, entrepreneurs and investors is one of the FCMC’s priorities.