AML/CFTR 2.3.8 Minimum annual report by MLRO

(1) This rule sets out the minimum requirements that must be complied with in relation to the report that must be given to the senior management by the MLRO for each calendar year (see rule 2.3.7 (2)).
(2) The report must assess the adequacy and effectiveness of the firm's AML/CFT policies, procedures, systems and controls in preventing money laundering and terrorism financing.
(3) The report must include the following for the period to which it relates:
(a) the numbers and types of internal suspicious transaction reports made to the MLRO;
(b) the number of these reports that have, and the number of these reports that have not, been passed on to the FIU;
(c) the reasons why reports have or have not been passed on to the FIU;
(d) the numbers and types of breaches by the firm of the AML/CFT Law, these rules, or the firm's AML/CFT policies, procedures, systems and controls;
(e) areas where the firm's AML/CFT policies, procedures, systems and controls should be improved, and proposals for making appropriate improvements;
(f) a summary of the AML/CFT training delivered to the firm's officers and employees;
(g) areas where the firm's AML/CFT training programme should be improved, and proposals for making appropriate improvements;
(h) the number and types of customers of the firm that are categorised as high risk;
(i) progress in implementing any AML/CFT action plans;

Note These provisions require action plans:
•   rule 2.3.9 (b) (Consideration of MLRO reports)
•   rule 4.3.4 (3) and (4) (When CDD may not be required — acquired businesses)
•   rule 6.2.2 (3) (b) (Training must be maintained and reviewed).
(j) the outcome of any relevant quality assurance or audit reviews in relation to the firm's AML/CFT policies, procedures, systems and controls;
(k) the outcome of any review of the firm's risk assessment policies, procedures, systems and controls.
Derived by QFCRA RM/2019-8 (as from 1st February 2020)