My Opinion: Reporting Money Laundering: 5 Things to Know About the Rules

Since the introduction of the Anti-Money Laundering, Terrorist Financing and Proceeds of Illegal Activities (AMLA) Act 2001, the government has taken a step-by-step approach by imposing reporting requirements on anti-money laundering to various intermediaries and entities in the country.

While the initial phase of implementation focused on financial institutions and capital market intermediaries, over the years various other entities have become reporting institutions (RIs) under the law.

The wide range of IRs now includes recognized financial institutions, stock exchange firms, fund managers and market operators such as peer-to-peer platforms and cryptocurrency exchanges. Professionals such as lawyers, accountants and company secretaries, as well as various other entities, including trust companies, dealers in precious metals or stones, lenders, casinos and real estate agents, are subject to MLA reporting requirements for several years.

The obligations imposed on these reporting entities revolve around performing “Know Your Customer” (KYC) checks when onboarding new customers, ongoing customer verification during the relationship, reporting transactions suspicious and keeping proper records.

These requirements are currently set out in Bank Negara Malaysia’s policy documents on Anti-Money Laundering, Anti-Terrorist Financing and Targeted Financial Sanctions for Financial Institutions, Designated Non-Financial Businesses and Financial Institutions non-banks, and the Malaysian Safety Commission guidelines on prevention. money laundering and terrorist financing for reporting institutions in the capital market.

IRs are required to comply with these rules not only to fight against money laundering, but also against the financing of terrorism and the financing of proliferation, that is to say the financing of weapons of mass destruction. Going through the AMLA rules can sometimes feel tedious and overwhelming. But this is not necessarily the case.

This article aims to highlight five key points for IRs to consider.

Tone at the top – the board is ultimately responsible

A common misconception among some IRs is that AMLA compliance is an operational matter and therefore is often left to management without any meaningful board oversight. While financial market intermediaries such as banks and brokerage firms have been IRs for several years, entities that have recently been listed in the Official Gazette may not appreciate the breadth of the board’s role.

Bank Negara’s policy documents clearly state that the Board of Directors shall maintain responsibility and oversight for the establishment of Anti-Money Laundering and Anti-Terrorist Financing (AML/CFT) policies.

In granular terms, this means that the board should not only approve anti-money laundering policies, but should evaluate the implementation of those policies. The board should also define the lines of authority and responsibility for the implementation of AML/CFT measures, and this should be monitored by regular reports from senior management and the audit committee to the board. ‘administration.

This feedback loop is critical as it ensures that anti-money laundering issues and concerns are regularly escalated to the board. Just as the responsibility for good corporate governance begins with a company’s board of directors, the underlying proposition is that fostering an environment where employees take compliance issues seriously must be set by the management. highest governing body of a company or business.

AMLA compliance is not just the job of the compliance officer

Just as the role of the board is clearly defined, it is essential to ensure that each of the moving parties within an IR’s operations are assigned clear roles and responsibilities. This involves the following:

• Senior management, which is responsible for implementing and managing AML/CFT compliance programs. This means that they are responsible for formulating the necessary policies, designing the mechanisms for monitoring suspicious transactions and reporting periodically to the board of directors on the AML risks incurred and the internal controls in place to manage these risks. Senior management is also responsible for ensuring that AMLA training is conducted and a compliance officer is appointed. Employee training is especially critical so employees know how to spot red flags and who to turn to if they encounter a suspicious transaction.

• The compliance officer acts as a reference point within the company on all AML/CFT issues. He or she must maintain internal criteria for the detection and reporting of suspicious transactions and for this purpose acts as the point of contact with the financial intelligence and enforcement department of Bank Negara.

• The AML internal auditor is required to carry out an independent audit to test the compliance of the RI with the law, relevant directives and internal AML/CFT policies, and submit a report to the board outlining corrective measures if necessary.

At this stage, Bank Negara has not defined the audit frequency – it is up to the IR to decide based on their organizational needs. As this is a rapidly changing sector, it is important that IRs keep abreast of developments in this area and ensure that key personnel involved in AMLA compliance are well equipped to perform its duties effectively.

A risk-based approach enables optimal use of an RI’s resources

While Bank Negara’s policy documents provide specific requirements in terms of IR obligations, they also avoid a “one size fits all” approach. In line with global standards set by the Financial Action Task Force (FATF), IRs are required to apply a risk-based approach to addressing money laundering and terrorist financing threats. This is very beneficial as it means in practice that IRs can design their AML processes around the nature of the risks they face in conducting their business.

The FATF, of which Malaysia is a member, is an independent intergovernmental body that develops and promotes policies to protect the global financial system against money laundering, terrorist financing and the financing of the proliferation of weapons of mass destruction (

How then should businesses implement a risk-based approach to dealing with anti-money laundering compliance?

A useful tool is for the IR to perform an institutional AML risk assessment within the organization. Risk assessments are often conducted within an organization to identify the business risks that a business faces in its day-to-day operations and to ensure that appropriate processes to manage those risks are in place. This tool can be used in the same way as part of AMLA compliance.

The questions one should ask when performing an effective AML risk assessment should focus on the most pressing AML risks that arise in my business and how these risks can be mitigated.

Commonly identified risks, as set out in Bank Negara policy documents, are customer risk, geographic risk and transaction risk. Examples of customer risk are non-resident customers, customers with cash-intensive businesses, customers with overly complex ownership structures, or people from locations known for high rates of crime such as production drugs or human trafficking.

Another risk is geographic risk, which refers to the location of the business or the origin of the customers. In this regard, the list of countries on the FATF website classified as requiring a “call to action” and those under increased scrutiny would require particular attention. It is important that IRs regularly update themselves on these lists given the need for enhanced due diligence when clients or transactions involve these jurisdictions.

Likewise, product and transaction risks are gaining traction in light of the breakneck pace of development of financial products such as cryptocurrency and other digital assets. In fact, data showed that the total volume of cryptocurrency transactions worldwide grew to US$15.8 trillion in 2021, up 567% since 2020. Of this amount, the increase in volume illicit transactions was 79%, translating to US$14 billion in illicit funds. .

Amid this renewed interest in cryptocurrency and other digital assets, regulators have called for increased caution in this area. The FATF has also issued a specific policy document detailing the risks and types of controls companies should consider when dealing with new asset classes such as virtual currency.

That said, having a high risk rating does not automatically mean that the IR should not do business with a particular client. This means that specific controls must be in place to manage these risks. If, after applying the controls, the residual risk is low, this means that the risk assessment exercise that has been undertaken provides a basis for continuing the business relationship.

In the next article, we’ll dive deeper into the importance of collecting customer data and conducting due diligence on an IR’s customer to take note of any money laundering red flags, as well as the importance the application of anti-money laundering in the financial ecosystem. .

Shanti Geoffrey co-leads the Christopher & Lee Ong White Collar Crime & Investigations practice group

Previous SeaSpine Holdings (NASDAQ:SPNE) Has Debt But No Revenue; Should you be worried?
Next HMS Queen Elizabeth anchors in New York as Truss plans to strengthen UK-US ties