• AML/CFTR Division 2.3.C AML/CFTR Division 2.3.C Reporting by MLRO to senior management

    • AML/CFTR 2.3.7 MLRO reports

      (1) The senior management of a firm must, on a regular basis, decide what reports should be given to it by the MLRO, and when the reports should be given to it, to enable it to discharge its responsibilities under the AML/CFT Law and these rules.
      (2) However, the MLRO must give the senior management a report that complies with rule 2.3.8 (Minimum annual report by MLRO) for each calendar year. The report must be given in time to enable compliance with rule 2.3.9 (2).
      (3) To remove any doubt, subrule (2) does not limit the reports:
      (a) that the senior management may require to be given to it; or
      (b) that the MLRO may give to the senior management on the MLRO's own initiative to discharge the MLRO's responsibilities under the AML/CFT Law and these rules.
      Derived by QFCRA RM/2019-8 (as from 1st February 2020)

    • AML/CFTR 2.3.8 Minimum annual report by MLRO

      (1) This rule sets out the minimum requirements that must be complied with in relation to the report that must be given to the senior management by the MLRO for each calendar year (see rule 2.3.7 (2)).
      (2) The report must assess the adequacy and effectiveness of the firm's AML/CFT policies, procedures, systems and controls in preventing money laundering and terrorism financing.
      (3) The report must include the following for the period to which it relates:
      (a) the numbers and types of internal suspicious transaction reports made to the MLRO;
      (b) the number of these reports that have, and the number of these reports that have not, been passed on to the FIU;
      (c) the reasons why reports have or have not been passed on to the FIU;
      (d) the numbers and types of breaches by the firm of the AML/CFT Law, these rules, or the firm's AML/CFT policies, procedures, systems and controls;
      (e) areas where the firm's AML/CFT policies, procedures, systems and controls should be improved, and proposals for making appropriate improvements;
      (f) a summary of the AML/CFT training delivered to the firm's officers and employees;
      (g) areas where the firm's AML/CFT training programme should be improved, and proposals for making appropriate improvements;
      (h) the number and types of customers of the firm that are categorised as high risk;
      (i) progress in implementing any AML/CFT action plans;

      Note These provisions require action plans:
      •   rule 2.3.9 (b) (Consideration of MLRO reports)
      •   rule 4.3.4 (3) and (4) (When CDD may not be required — acquired businesses)
      •   rule 6.2.2 (3) (b) (Training must be maintained and reviewed).
      (j) the outcome of any relevant quality assurance or audit reviews in relation to the firm's AML/CFT policies, procedures, systems and controls;
      (k) the outcome of any review of the firm's risk assessment policies, procedures, systems and controls.
      Derived by QFCRA RM/2019-8 (as from 1st February 2020)

    • AML/CFTR 2.3.9 Consideration of MLRO reports

      (1) The senior management of a firm must promptly:
      (a) consider each report made to it by the MLRO; and
      (b) if the report identifies deficiencies in the firm's compliance with the AML/CFT Law or these rules — approve an action plan to remedy the deficiencies.
      (2) For the report that must be given for each calendar year under rule 2.3.7 (2), the senior management must confirm in writing that it has considered the report and, if an action plan is required, has approved such a plan. The firm's MLRO must give the Regulator a copy of the report and confirmation before 1 June of the next year.
      Derived by QFCRA RM/2019-8 (as from 1st February 2020)