Regulatory Compliance
Anti-Money Laundering
The objective of the review is to determine the effectiveness of the documented compliance program as required by the Proceeds of Crime (Money Laundering) and Terrorist Financing Act. The pillars of a successful compliance program will be reviewed.
-
Appointing a compliance officer who is responsible for implementing the program;
-
Developing and applying written compliance policies and procedures that are kept up to date and approved by a senior officer;
-
Conducting a risk assessment of your business to assess and document the risk of a money laundering offence or a terrorist activity financing offence (ML/TF) occurring in the course of your activities;
-
Developing and Maintaining a written, ongoing compliance training program for your employees, agents or mandataries, or other authorized persons;
-
Instituting and documenting a plan for the ongoing compliance training program and delivering the training (training plan); and
-
Instituting and documenting a plan for a review of the compliance program for the purpose of testing its effectiveness and carrying out this review every two years at a minimum (two-year effectiveness review).
​
The process will include reference to the following materials:
-
Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and supporting Regulations (PCMLTFR)
-
FINTRAC Guidance for Financial Entities, and other FINTRAC summaries, interpretations, and publications
-
FINTRAC Guidance on the risk-based approach to combatting money laundering and terrorist financing
-
OSFI Instruction Guide on Designated Persons Listing and Sanctions Laws; OSFI Guideline E-17, Background Checks on Directors and Senior Management of Federally Regulated Banks
​
Procedures will consist of inquiry, inspection, tests, and sampling. Procedures will address all elements of the AML/ATF program. Specific procedures will include:
-
Appointment of the CAMLO and delegated AML responsibilities
-
Oversight responsibilities of the Board and/or Senior Management
-
Current documented Policies and Procedures
-
AML training program
-
Staff knowledge of the legislative requirements and implementation of policies and procedures, confirmed through interview with a sample of staff
-
AML risk assessment and mitigating strategies
-
Rationale and parameters for risk ratings in the AML monitoring system
-
Application of risk assessment to risk rate accounts/clients
-
Ongoing and enhanced monitoring of accounts/clients for all levels of risk
-
Criteria and process for identifying and reporting transactions
-
Reports submitted to FINTRAC
-
Client identification and record keeping, through data extracts and sampling of new account documentation
-
Overall compliance environment to support the AML compliance program
-
Functionality of the AML monitoring system
-
The remediation of prior Biennial Effectiveness Reviews and FINTRAC examination deficiencies
​
Regulatory Compliance Management System
The Office of the Superintendent of Financial Institutions (OSFI) Guideline E-13 Regulatory Compliance Management (RCM) sets out expectations for Financial Institutions regarding controls through which they manage regulatory risk inherent in their activities. Non-compliance with regulatory requirements can have a critical impact on an institution’s reputation as well as soundness. OSFI’s key expectation with respect to RCM is that the Financial Institution will establish and maintain an enterprise-wide regulatory framework of regulatory risk management controls including oversight by functions that are independent of the activities they oversee.
The guideline was revised in November 2014 and implemented in May 2015, to more effectively align with updated OSFI Guidelines and complement OSFI’s Supervisory Framework and Assessment Criteria. The revised Guideline does not create new regulatory requirements. Rather, it communicates OSFI’s key expectations in respect of the need for FRFIs to establish and maintain an enterprise-wide framework of regulatory risk management controls.
Within the specific processes to review and test, the objectives of our internal audit were as follows:
-
Assess corporate compliance with governing statutes, regulations, and OSFI guidelines;
-
Identify any internal control weaknesses that would expose your organization to regulatory risk;
-
Assess the adequacy of the controls in place to ensure regulatory compliance and adherence to the 9 key controls of the framework:
-
Role of the CCO
-
Procedures for identifying, risk assessing communicating, effectively managing and mitigating regulatory compliance risk and maintaining knowledge of applicable regulatory requirements
-
Day to day compliance procedures
-
Independent monitoring and testing procedures
-
Internal reporting
-
Role of Internal Audit or other independent review function
-
Adequate documentation
-
Role of Senior Management
-
Role of the Board
-
-
Validate the effectiveness of the Regulatory Compliance Management Function. Specifically, to verify, on a sample basis, management’s assertions on compliance
.