Understanding record-keeping and reporting
Learn more about why comprehensive record-keeping and robust reporting methods matter in Part 4 of the Compliance Team’s Guide to Onboarding.
Read Part 4Risk management activities in financial crime prevention include preventive, detective, and corrective controls. Preventive controls include robust due diligence, recordkeeping, and record retention. Detective controls include reporting suspicious activity to the appropriate authorities. Corrective controls include the eventual dismissal of a customer relationship where necessary.
Part 4 of the Compliance Team’s Guide to Onboarding discusses the importance of preventative and detective controls, particularly record-keeping and reporting measures.
To demonstrate how much control compliance teams have over the onboarding process, firms need secure and accessible records. These records are the essential breadcrumbs in the audit trail of any money laundering or terrorist financing investigation.
While there is no definitive set of record-keeping requirements for every business type, there must be enough documentation that underpins a firm’s onboarding process to demonstrate why a specific client was onboarded and what steps they went through. The length of time firms must retain this information depends on local laws and regulations.
The following types of records should be maintained:
Firms must also keep records about the formal risk-based assessment, anti-money laundering, counter-terrorist financing, and sanctions compliance policies. Any changes to these policies must be recorded.
The first stage of the suspicious activity reporting process is the responsibility of the onboarding or transaction team. A subjective conclusion must be reached that there are grounds for suspicion of money laundering, terrorist financing, or sanctions breaches concerning a particular client or matter.
From there, firms must follow their internal escalation protocols – the details of which are listed below:
The escalation process should then lead to the money laundering officers, who can determine whether the report should be escalated externally. This decision should be communicated to the onboarding and compliance teams before it’s escalated to the external authorities.
The money laundering officer can delegate the preparation of the external report to the deputy money laundering officer, the internal legal function, or some other relevant person in the onboarding or broader compliance functions. But that officer should have a role in overseeing and agreeing to the actual suspicious activity report before it’s sent to the relevant external authorities.
A suspicious activity report (SAR) must include the following:
When a SAR has been filed, each institution should have a specific policy and process to follow. Staff responsible for contacting customers should receive training and fully understand the responsibility of not “tipping off” the customer about a possible SAR filing. Additionally, firms must observe local data protection and legislative requirements. Financial institutions cannot mention a SAR, whether they are considering filing one or having filed one. In some jurisdictions, the unauthorized disclosure of a SAR is a criminal offense.
Uncover more risk management best practices throughout each section of The Compliance Team’s Guide to Customer Onboarding, including:
Learn more about why comprehensive record-keeping and robust reporting methods matter in Part 4 of the Compliance Team’s Guide to Onboarding.
Read Part 4
Originally published 05 December 2022, updated 05 December 2022
Disclaimer: This is for general information only. The information presented does not constitute legal advice. ComplyAdvantage accepts no responsibility for any information contained herein and disclaims and excludes any liability in respect of the contents or for action taken based on this information.
Copyright © 2023 IVXS UK Limited (trading as ComplyAdvantage).