12 best practices for setting up an AML compliance department
12 best practices for setting up an AML compliance department
Who forms the heart of AML compliance in a regulated entity? The AML compliance department. It is a department dedicated to ensuring compliance with the applicable AML laws. The compliance department and its people manage all the AML requirements per the UAE AML laws. It consists of an AML Compliance Officer and other team members. This article provides insights into the 12 best practices that FIs, DNFBPs, and VASPs must follow for setting up an AML compliance department.
Why set up an AML Compliance Department?
The AML Compliance Department takes care of the following compliance activities:
- Risk assessments
- Transaction monitoring
- KYC, KYB, and KYT
- Due diligence of customers
- Development of AML frameworks
- Implementation of AML policies, procedures, and controls
- AML training for employees
- Regulatory reporting
- Engagement with industry bodies and regulatory authorities
Thus, the AML compliance department spearheads all the necessary tasks for achieving AML compliance. It helps you navigate AML’s legal maze in the country and globally.
With such a critical role and responsibilities, you, as an entity, cannot go wrong while setting it up. Exercise caution while building such an in-house AML compliance department. A small error can mar all your attempts to set up a proper team that can manage all tasks. So, note the possible blunders, avoid them, and incorporate the best practices for effective results.
Foster consistency in your AML efforts by establishing
An in-house AML compliance department.
Best practices to adopt while setting up an AML compliance department
The AML compliance department is a principle of corporate conduct. It makes your operations possible within ethical and legal boundaries.
It enables the handling and management of critical compliance tasks in the entity. Only with the successful performance of these tasks can you move ahead in your AML journey. For this purpose, you must adopt the following best practices while setting up and operating an in-house AML compliance department:
1. Analyze your compliance needs
Before creating a new department in your entity, you must know that department’s objectives. You must know how it will help you reach your strategic goals.
So, before forming the AML compliance department, assess your compliance needs. List the fundamental laws, regulations, guidelines, and industry standards applicable to your business. Identify the potential ML/TF risks your business faces.
This research helps you better understand the objectives of the AML compliance department. You’ll be able to determine what the compliance function will do at a strategic and operational level. You will know the market expectations from you on ethical conduct and governance.
2. Onboard skilful professionals for the AML department
The first thing that a new department needs is the correct set of people to run it. After creating a department to handle AML, you must consider its human resources. Human assets are essential to do all the tasks for that department.
You can recruit new people externally for this team. Alternatively, you can internally hire from other departments to the AML team. However, ensure that these people have the necessary skills to perform AML tasks.
While onboarding people, check the following:
- Skills
- Educational background
- Any experience in regulatory compliance activities
- Relevant knowledge of AML requirements
- Commitment to the entity’s AML goals
- Criminal history/Adverse media
Human resources are essential to perform the various tasks under the AML regime. You need them to monitor transactions, conduct KYC and KYB, and build risk profiles. You can use technology to do these activities. But you need human skills to run systems, analyze results, and make decisions. So, pay attention to having the right team members for the AML compliance department.
3. Allow the use of technological systems for compliance processes
In the current times, technology is what can give you an edge over others. It is an excellent tool to ease your AML compliance requirements. Technological systems can make compliance easier, smoother, more accurate, and faster.
While setting up an AML compliance department, ensure it has relevant technological systems. You will need technology solutions for the following activities:
- Conducting risk assessments and building risk profiles
- Thorough due diligence of customers
- Effective transaction monitoring to detect suspicious transactions
Technology is essential for the effective operations of these processes. You can achieve quick results with a higher probability of accuracy. You can set rules and generate alerts when a suspicious transaction is in process. So, having access to the best technological systems is necessary while building an AML compliance department.
4. Allocate adequate budget for the compliance department
An AML compliance department takes care of all your AML requirements. It needs to perform several activities to help you follow the AML rules. For this, it needs to have a sufficient budget.
You will need to spend on recruiting and hiring new people. Spending on salaries, incentives, and benefits is a significant cost. Also, you will be spending on buying technology solutions to expedite processes. The daily expenses of running the department are another cost element. So, having enough financial resources is vital to operate the AML compliance department without hiccups.
5. Make it independent from other business units but still integrated
Independent but still integrated?
Now, this sounds confusing!
You must create a dedicated AML compliance department. It must be separate from other business units and departments to keep the focus intact. By having a devoted department, you can stay committed to the AML goal.
The issue is if you keep it in silo form, it will just be a tick-box exercise. For compliance purposes, you will complete all the deliverables and submit reports. But you will forget aligning it with your strategic goals and objectives. So, it is necessary to integrate it well with other processes.
Integrating it with other processes can build a stronger AML culture in the entity. This, in the end, leads to higher commitment from all stakeholders. Thus, you can make AML compliance meaningful for the entity’s objectives by integrating it with other processes but still keeping it independent from other departments.
6. Define smooth lines of communication and collaboration
The previous point said you need a siloed AML department that is well-integrated with other functions. One way of integrating it well is through a smooth flow of communication. Communication lets you collaborate with other teams and departments. So, while building such a department, define the communication structure.
Smooth communication facilitates collaboration between teams. You can coordinate with other functions on a few processes for more efficiency. Also, communication with external stakeholders is necessary to enhance AML compliance efforts.
A lack of such collaborative efforts can lead to gaps in AML compliance activities. Like you will have the AML-side view, but no perspective on the business side. Or, you are unaware of the ground-level application of an AML procedure. So, do not let the lack of collaboration become a roadblock to your AML efforts. Invest enough thought into it and decide accordingly.
7. Provide access to data on customers, transactions, and other relevant information
Every process and procedure in your entity’s operations needs data. If you do not provide accurate data on time, processing them is next to impossible.
In the same way, AML compliance activities need appropriate data for processing. You need to have information on the following:
- Customers and their identities
- Transactions
- Geographies of operation
- Delivery and distribution channels
- Other relevant data for AML
The AML department will need access to customer data to process it for further analysis. You must give ready access to this data to process it further and generate outcomes. Lack of such access will obstruct the AML compliance processes. Your AML compliance will suffer from delays, inaccuracies, or incompleteness.
8. Give direct reporting access to the senior management
The AML compliance department must have a dedicated AML compliance officer. This officer handles many critical tasks in AML. The officer will submit reports or ask for approvals for all these tasks. You must direct all this to the senior management.
So, while creating an AML compliance department, allocate an AML compliance officer. And give that officer direct access to the senior management.
Direct reporting access is essential because AML is critical for any entity. If you keep many hierarchy levels, you will lose time in several approvals and miss deadlines. The processing at several levels will harm the procedures or results and also affect the independence of the compliance officer.
Another vital point is that the officer must be able to execute AML measures without approvals. Thus, you must give the department enough leeway to make decisions and implement them. Also, they must be in direct contact with senior management for approvals and discussions.
9. Conduct training and awareness programs for the department
Remember, you are creating a department from scratch. You will be having some internal and some new employees join this department. And they will work on one of the most critical compliance requirements – AML.
So, AML training them enough for their responsibilities in the team is vital.
You must conduct awareness programs on AML compliance. They must know the significance of complying with AML laws in the UAE. They must be aware of the various regulations and requirements to comply with. You must train them on relevant processes that are specific to their job profile in the team.
In the absence of such training programs, your AML efforts will not be in the right direction. You might fail to follow some requirements, leading to penalties or reputational harm. It spoils the effectiveness of your AML framework. So, appropriate training and awareness programs are vital for successful AML compliance.
10. Provide security of leadership buy-in for AML policies
What will happen if you do not implement the AML compliance department-recommended policies? What if you do not take any action on the suspicious transaction reports submitted by the team? What if the management does not allocate enough budget for AML compliance?
Many “what-if” questions. But it can have only one answer, and that is leadership buy-in.
You need support from the senior management and board of directors to move ahead in the compliance journey. Their support is essential to put proper AML measures in place. Their approval is vital for taking action against suspicious transactions or customers.
The leadership must commit to supporting AML compliance efforts and creating an AML culture in the entity. So, while creating the department, get the necessary leadership buy-in. This will enable you to make it a priority strategy.
11. Keep up with the regulatory authorities and their guidelines
The regulatory authorities have specific laws and regulations for industry verticals. They create guidelines for businesses to follow for the AML compliance journey. You must know about all these laws and guidelines.
Also, there are specific labour or employment laws. You must also be aware of them while building your AML compliance department and hiring team members.
These rules pertain to:
- Payment rules
- Privacy
- Record keeping
- Data sharing
- Workplace safety and health
Also, you must ensure that the department follows these rules. Every member of the department must be aware of their rights and duties. They must know the hierarchy structure, company rules, and employment benefits. All these aspects ensure the smooth running of the department.
12. Prepare a code of conduct for the AML compliance department
When the department is ready for your entity, you must also define the code of conduct. It helps you align your team members’ behaviour with the expectations. The code of conduct must cover the following aspects:
- How to comply with laws
- Definition of ethical behavior
- Rules of communication
- Behavioral rules towards seniors, AML compliance officer, and other colleagues
- Environmental, health, and safety rules
- Protection of property and entity reputation
- Job duties and authority rules
Conclusion
Remember these 12 best practices while establishing an in-house AML compliance department. Since it is a critical task, you cannot ignore these best practices. Adopting them allows you to achieve AML compliance and prevent ML/TF threats.
If you need help creating such a department in your entity, AML UAE is here. Alternatively, you are at the right destination if you want to outsource compliance tasks.
We are a leading provider of AML compliance services in the UAE. We can help you with transaction monitoring, risk assessments, and customer due diligence. We also support you in the selection of the right software and framing of the AML framework. Besides these services, we also aid in the setup of the AML compliance department. And if you want us to be your AML compliance function, we can also expertly play that role.
So, get on a call with our team and discuss your requirements.
Get a new, external perspective on your AML initiatives from an independent AML auditor.
Schedule a consultation with our AML experts.
Our recent blogs
side bar form
Share via :
About the Author
Pathik Shah
FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)
Pathik is a Chartered Accountant with more than 25 years of experience in compliance management, Anti-Money Laundering, tax consultancy, risk management, accounting, system audits, IT consultancy, and digital marketing.
He has extensive knowledge of local and international Anti-Money Laundering rules and regulations. He helps companies with end-to-end AML compliance services, from understanding the AML business-specific risk to implementing the robust AML Compliance framework.