AAnti Money Laundering

AML Package (2): Risk Management under the AML Regulation

AML Package Pt. 3: Risk Management under the AML Regulation | Sebastian Glaab & Till Christopher Otto
0
Shares
0
0
0
0
0
0

The AML package encompasses a multitude of changes compared to the previous legal framework. The third part of our series addresses the alterations in risk management for obligated entities.

Expansion of Internal Safeguard Measures

The components of internal risk management, as currently regulated in § 4 GwG, will henceforth be governed by the directly applicable AML Regulation (“AML-R”). The central norm here is Article 7 – Scope of internal policies, procedures, and controls of the AML-R.

Already in the first paragraph, a paradigm shift becomes apparent: the guidelines, processes, and controls to be introduced by obligated entities are intended not only to serve the risks of money laundering and terrorism financing but also specifically the risks arising from a lack of implementation of measures to enforce sanctions or circumvent them.

While the fundamental systematics are largely continued, there are some innovations under the AML-R compared to the previous legal framework:

Outsourcing and Reliance on Third-Party Identification Records

The internal policies and procedures should explicitly encompass regulations regarding outsourcing and reliance on third parties.

Assessment of Risk Management and Dealing with Deficiencies

The internal policies and procedures must include procedures for assessing the implemented policies and procedures, the implementation of processes for identifying and dealing with deficiencies, as well as remedial measures.

Communication of Policies and Procedures to Employees, Distribution Channels, and Agents

The policies and procedures should furthermore stipulate how the developed measures are communicated internally within the obligated entity. When utilizing external distribution companies or agents, the policies and procedures should also encompass communication with them.

Independent Audit of Policies and Procedures

A certain explosive potential lies in the obligation for the independent audit of the developed policies and procedures (Article 7 (2) lit. b) AML-R). According to this, the developed policies and procedures should be controlled and reviewed by an independent internal audit. In the absence of such an internal audit, the audit should be conducted by “external experts.”

For obligated entities in the financial sector that have a compliance organization following the three lines of defense model, as is standard for credit or securities institutions, the obligation does not pose a significant novelty. The regulation regarding independent audit is likely to be challenging for obligated entities outside the financial sector, such as lawyers or tax advisors, who typically do not have such an internal organization with independent audit capabilities. The obligation for external audit is likely to entail a significant additional workload here.

 

0
0

Till Christopher Otto is a lawyer at Annerton law firm in Frankfurt am Main. He advises credit, financial services and payment institutions on all aspects relating to the German Banking Act (KWG), Securities Trading Act (WpHG), Payment Services Supervision Act (ZAG) and Anti-Money Laundering Act (GwG).

Sebastian Glaab is a lawyer and partner at Annerton in Frankfurt am Main. He has extensive knowledge, particularly in the areas of money laundering prevention (editor of the AMLA commentary "Zentes/Glaab"), securities compliance, MaRisk compliance and sanctions, and is very familiar with the practice due to his 12 years of work as a compliance officer and money laundering officer in an internationally active credit institution. Sebastian Glaab is a regular speaker at specialist lectures and events in the financial environment.

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like