AML/CFTR 2.1.1 Firms to develop AML/CFT programme

(1) A firm must develop a programme against money laundering and terrorism financing.
(2) The type and extent of the measures adopted by the firm as part of its programme must be appropriate having regard to the risk of money laundering and terrorism financing and the size, complexity and nature of its business.
(3) However, the programme must, as a minimum, include:
(a) developing, establishing and maintaining internal policies, procedures, systems and controls to prevent money laundering and terrorism financing;
(b) adequate screening procedures to ensure high standards when appointing or employing officers or employees;

Note See also Part 6.1 (Screening procedures).
(c) an appropriate ongoing training programme for its officers and employees;

Note See also Part 6.2 (AML/CFT training programme).
(d) an independent review and testing of the firm's compliance with its AML/CFT policies, procedures, systems and controls in accordance with subrule (4);
(e) appropriate compliance management arrangements; and

Note See also:
•   rule 2.1.5 (Compliance by officers, employees, agents etc)
•   rule 2.1.6 (Application of AML/CFT Law requirements, policies etc to branches and associates)
•   rule 2.1.7 (Application of AML/CFT Law requirements, policies etc to outsourced functions and activities).
(f) the appropriate ongoing assessment and review of the policies, procedures, systems and controls.

Note See also rule 2.1.4 (Assessment and review of policies etc).
(4) The review and testing of the firm's compliance with its AML/CFT policies, procedures, systems and controls must be adequately resourced and must be conducted at least once every 2 years. The person making the review must be professionally competent, qualified and skilled, and must be independent of:
(a) the function being reviewed; and
(b) the division, department, unit or other part of the firm where that function is performed.
Note The review and testing may be conducted by the firm's internal auditor, external auditor, risk specialist, consultant or an MLRO from another branch of the firm. Testing would include, for example, sample testing the firm's AML/CFT programme, screening of employees, record making and retention and ongoing monitoring for customers.
(5) The firm must make and keep a record of the results of its review and testing under subrule (4) and must give the Regulator a copy of the record by 31 July 2021 and every 2 years thereafter.
Derived by QFCRA RM/2019-8 (as from 1st February 2020)