AML/CFT Training
Training is often referred to as the third pillar of your anti-money laundering and counter financing of terrorism (AML/CFT) compliance – with the other pillars being: first, Compliance Programme, second, AML/CFT Compliance Officer, and fourth independent audit. This is because, an effective AML/CFT training programme ensures that money laundering and financing of terrorism (ML/FT) risks and red flags are understood, and that the Compliance Programme is implemented properly and effectively across your reporting entity.
This blog post highlights your training requirements and provides useful tips for you and your business.
Requirements
As set out in Section 57(1)(b) of the AML/CFT Act, your Compliance Programme must set out your policies, procedures, and controls on AML/CFT training for Senior Managers, AML/CFT Compliance Officer and any other employees with roles involving AML/CFT duties.
The main purpose of providing AML/CFT training is to ensure that relevant employees are aware of the risks of ML/FT faced by your business, and how they should respond when they encounter those risks. The AML/CFT Supervisors have found that reporting entities do not fully comply with their obligations when the training delivered is entirely generic and lacks relevance or alignment to the reporting entity’s own ML/FT risks and other business processes (see for example page 26 of the Regulatory Findings Report 2020 issued by the Department of Internal Affairs).
To avoid generic training, you can consider the suggestions provided by the Compliance Programme Guidance (see paragraph 44), which states that the scope and nature of AML/CFT training should include the following:
training on relevant AML/CFT legislation
your AML/CFT procedures, policies, and controls
your ML/FT risks
trends and techniques of ML/FT
how to identify unusual transactions/activities
Moreover, the Compliance Programme Guidance states that your Compliance Programme should document the following:
which tasks or duties may only be carried out by staff who have had appropriate AML/CFT training
how you will apply the AML/CFT training including:
frequency
delivery methods
completion dates
completion rates
how training is tailored for different employees depending on the tasks carried out and the level of AML/CFT risks your business faces from people in their position
whether and how employees are assessed for knowledge, application, and retention of the AML/CFT training
Let’s see them one by one.
Tasks and Duties
Only staff members who had AML/CFT training can undertake AML/CFT duties. Therefore, it is crucial that staff members with AML/CFT duties receive AML/CFT training as soon as they start their role.
If you have a big team, your Compliance Programme should state what tasks and duties are assigned in relation to the training provided. For example, the Compliance Programme may say that only staff that have received customer due diligence (CDD) training can collect customers’ identity documents.
When
The Compliance Programme should state how frequently AML/CFT training will be provided. The best practice is that initial AML/CFT training is done during induction, and that AML/CFT refresher training is done at least annually, or more often if required.
How
Your Compliance Programme should state how the training will be delivered. There are no prescriptive ways to do AML/CFT training and several options are available to you. Some examples are:
Self-learning, i.e., reading of AML/CFT resources online and issued by the AML/CFT Supervisors and the Financial Intelligence Unit of the Police;
Attending training provided by AML/CFT specialists;
Completion of continuing professional development credits;
Attending AML/CFT Supervisors’ roadshows; and
Attending AML/CFT seminars and conferences.
The AML/CFT Compliance Officer should have a higher standard of training as they have a key role in upholding your business’ AML/CFT regime. To cut costs, the AML/CFT Compliance Officer could attend specialised AML/CFT seminars and conferences and then relay the content back to the rest of the team via internal training.
Controls
Your Compliance Programme needs to explain how completion dates and rates will be monitored. A way to do so is via the implementation of a training register, which should include:
Attendee;
Date of training;
Training topics; and
Training provider (if applicable).
A training register serves the double function of (i) allowing you to monitor who received training and how often, and (ii) showing your external reviewers (e.g. your AML/CFT Supervisor or your auditor) that training has occurred.
Ad Hoc Training
The training provided to your staff must be tailored to the position and duty that the staff member occupies within your organisation. In other words, not every employee needs to be an AML/CFT expert, but their training must be appropriate to their duties and level of involvement in delivering the Compliance Programme. For example, your Managing Director might not need to know the technical requirements of the customer due diligence process, but they need to have an overall understanding of your reporting entity’s AML/CFT regime and ML/FT risks. On the other hand, your front-line staff might not need to know exactly all the technical aspects of your trust account management, but they would still need to have an understanding of account monitoring to be able to escalate red flags to the appropriate staff member.
Testing Knowledge
There is no prescriptive way to test your staff’s AML/CFT knowledge. If you have a big team and an automatised training system, your training provider may be able to offer you a multiple-choice test. If your training is more informal, you can test your team’s knowledge via informal conversation and on-the-job assessments.
Three Final Points
Record keeping, record keeping, record keeping.
The mantra of an AML/CFT audit is ‘don’t tell me, show me’. Both your AML/CFT auditor and your AML/CFT Supervisor would want to see the evidence of the training undertaken by your staff, Senior Managers and AML/CFT Compliance Officer. When training is formally delivered by an external provider, a certificate is usually issued to you, and you can use that as evidence.
When training is done informally, focus on recording the training in your training register. For example, as you have read this post today, you can add to your training register that you have spent ten minutes learning about AML/CFT training in your training register.