• AML/CFTR Part 2.2 AML/CFTR Part 2.2 Senior management

    Note for Part 2.2

    Principle 1 (see rule 1.2.1) requires the senior management of a firm to ensure that the firm's policies, procedures, systems and controls are implemented, and that they appropriately and adequately address the requirements of the AML/CFT Law and these rules.

    Derived by QFCRA RM/2019-8 (as from 1st February 2020)

    • AML/CFTR 2.2.1 Overall senior management responsibility

      The senior management of a firm is responsible for the effectiveness of the firm's policies, procedures, systems and controls in preventing money laundering and terrorism financing.

      Derived by QFCRA RM/2019-8 (as from 1st February 2020)

    • AML/CFTR 2.2.2 Particular responsibilities of senior management

      (1) The senior management of a firm must ensure:
      (a) that the firm develops, establishes and maintains effective AML/CFT policies, procedures, systems and controls in accordance with these rules;
      (b) that the firm has adequate screening procedures to ensure high standards when appointing or employing officers or employees;
      (c) that the firm identifies, designs, delivers and maintains an appropriate ongoing AML/CFT training programme for its officers and employees;

      Note See Part 6.2 (AML/CFT training programme) for details of the firm's training requirements.
      (d) that independent review and testing of the firm's compliance with its AML/CFT policies, procedures, systems and controls are conducted in accordance with rule 2.1.1 (4);
      (e) that regular and timely information is made available to senior management about the management of the firm's money laundering and terrorism financing risks;
      (f) that the firm's money laundering and terrorism financing risk management policies and methodology are appropriately documented, including the firm's application of them;
      (g) that there is at all times an MLRO for the firm who:
      (i) has sufficient seniority, knowledge, experience and authority;
      (ii) has an appropriate knowledge and understanding of the legal and regulatory responsibilities of the role, the AML/CFT Law and these rules;
      (iii) has sufficient resources, including appropriate staff and technology, to carry out the role in an effective, objective and independent way;
      (iv) has timely, unrestricted access to all information of the firm relevant to AML and CFT, including, for example:
      (A) all customer identification documents and all source documents, data and information;
      (B) all other documents, data and information obtained from, or used for, CDD and ongoing monitoring; and
      (C) all transaction records; and
      (v) has appropriate back-up arrangements to cover absences, including a Deputy MLRO to act as MLRO;
      (h) that a firm-wide AML/CFT compliance culture is promoted within the firm;

      Guidance

      The Regulatory Authority expects a firm's senior management to ensure that there is an AML/CFT culture within the firm where:
      •   senior management consistently enforces a top-down approach to its AML/CFT responsibilities;
      •   there is a demonstrable and sustained firm-wide commitment to the AML/CFT principles and compliance with the AML/CFT Law, these rules and the firm's AML/CFT policies, procedures, systems and controls;
      •   AML/CFT risk management and regulatory requirements are embedded at all levels of the firm and in all elements of its business or activities.
      (i) that appropriate measures are taken to ensure that money laundering and terrorism financing risks are taken into account in the day-to-day operation of the firm, including in relation to:
      (i) the development of new products;
      (ii) the taking on of new customers; and
      (iii) changes in the firm's business profile; and
      (j) that all reasonable steps have been taken so that a report required to be given to the Regulator for AML or CFT purposes is accurate, complete and given promptly.
      (2) This rule does not limit the particular responsibilities of the senior management of the firm.

      Note See, for example, Division 2.3.C (Reporting by MLRO to senior management).
      Derived by QFCRA RM/2019-8 (as from 1st February 2020)