Conduct and Practices Handbook Course (CPH) Quiz 20

A and B are Patriot Act Section 314 a and b. C is a FALSE FACT.

The Risk Governance regulations and guidance set forth by a particular region are meant to be adhered to by any financial institution that falls under its view. If not followed, significant fines or other punitive measures on the part of supervisory agencies. Likewise, the expectations set forth give a sense of what regulators are thinking and how a financial institution can strive to meet those expectations when developing and maintaining its AML/CTF program.

ACAMS’ mission is to advance the professional knowledge, skills, and experience of those dedicated to the detection and prevention of money laundering around the world, and to promote the development and implementation of sound anti-money laundering (AML) policies and procedures.

The following statements allow ACAMS to fulfill its mission by
 Promoting international standards for the detection and prevention of money laundering and terrorist financing.
 Educating professionals in private and government organizations about these standards and the strategies and practices required to meet them.
 Certifying the achievements of its members.
 Providing networking platforms through which AML/CFT professionals can collaborate with their peers throughout the world.

ACAMS sets professional standards for anti-financial crime practitioners worldwide and offers them career development and networking opportunities by helping AML professionals with career enhancement through cutting-edge education, certification, and training. It acts as a forum where professionals can exchange strategies and ideas. Assisting practitioners in developing, implementing, and upholding proven, sound AML practices and procedures. Helping financial and nonfinancial institutions identify and locate individuals with the Certified Anti-Money Laundering (CAMS) designation in the rapidly expanding AML field.

One example on how independent risk management will fulfill its responsibilities is to identify and assess, on an ongoing basis, the covered bank’s material aggregate risks and use such risk assessments as the basis for fulfilling its responsibilities for determining if actions need to be taken to strengthen risk management or reduce risk given changes in the covered bank’s risk profile or other conditions.

There should be the presence of model risk committee, policy, and procedures in model risk management.

Internal audit should have the following attributes:
 Monitoring and testing the system of internal controls and business processes with qualified staff.
 Adequate documentation of tests and findings and corrective actions.
 Verification and review of management actions to address material weaknesses.
 Review by the institution’s audit committee or board of directors of the effectiveness of the internal audit function.

The reports covered by the Sanctions Screening Committee are recent sanctions changes, voluntary self-disclosures, recent sanctions events and cases, white lists and blacklists, and sanctions screening Information technology projects.

The responsibilities are to review and approve the internal audit charter.; Review and approve the annual audit plan and any subsequent major changes.; Receive audit report summaries and ensure the appropriate management and resolution of the issues raised by the audit and the supervisory agency.; Approve all decisions regarding the appointment or removal and annual compensation and salary adjustment of the chief audit executive.; Front line unit executives cannot be involved with the management of internal audit.

It is a comprehensive, written approach with policies and procedures which enable financial institutions to implement the framework across the entire financial institution.

A strategic plan should contain a comprehensive assessment of risks that currently have an impact on the covered bank or that could have an impact on the covered bank during the period covered by the strategic plan.

It is an agent handling fund on behalf of a principal who will not live up to their full fiduciary responsibility and that there is the risk of the possibility that an agent will not act in the best interest of the client.

It is exposure to legal penalties, financial forfeiture and material loss that an organization faces when it fails to act in accordance with industry laws and regulations, internal policies or prescribed best practices.

It must be based on the risks for that business unit that are unique and/or it is required for that jurisdiction. It is necessary to create intermediate aggregated risk assessments representing complete lines of business with, for example, all its branches, as well as the legal entity level and, if applicable, for the units in each foreign jurisdiction.

An action plan implements a temporary compensating tactical control technique that minimizes the risk exposure.

“The lookback project follows these principles and condition:
 The lookback project plan should be developed which describes all roles and responsibilities and resources necessary to complete the lookback.
 The lookback project plan should be provided to the supervisory agency for regulatory nonobjection.
 Regular status reporting should be provided to all relevant management including the board of directors and supervisory agency.”

The controls are: separate discrete information technology environment must be created that is secure with appropriately limited access.; After the lookback period has been established the required data must be identified and copied into the lookback information technology environment.; Copies of all the related production applications must be copied into the lookback information technology environment.; Copies of all the relevant data tables must also be available.; and a case management application should be installed to process all the alerts that are generated.

It includes the customer on-boarding function(s) which can provide, through their metrics, very useful information about changes in customer profiles and the products they are intending to use, as well as the countries they are transacting with.; When a customer relationship has been exited and the accounts closed, the names should be entered into the “black list” and any new future account applications declined.; Customer names that are invalidly matched in the sanctions screening application.; The teams investigating the transaction monitoring alerts, who can also extrapolate from their work and knowledge, possible changes to the transaction monitoring typologies to either reduce false positives and/or false negatives.; and The compliance testing team, which can provide recommendations for improvements to internal controls.

Some of the record retentions in recordkeeping are special measures, national security letters, and exempt persons designation.

The main objectives are:
 To serve as a key control by helping to ensure compliance with regulatory expectations and internal policies and procedures by verifying the quality of the execution of business processes.
 To provide timely feedback on the quality of the business processes.
 To review work products for the quality of the documentation, decision making, and management oversight.
 To identify the root causes of control deficiencies and their timely remediation as an essential contributor to continuous process improvement.
 To assist in ensuring that the AML/CTF program evolves with changes in the business and regulatory environment.

An annual plan should be kept confidential, but dynamic, and subject to approved changes during the course of the year.

These are the factors when developing an annual plan: Changes in the regulatory environment.; Issues raised by the supervisory agency and internal audit.; Major remediation projects. Horizontal testing of the same process across multiple locations, such as sanctions screening locations.

The risk governance framework should cover all the risks relevant to the financial institution including those related to credit, interest, price, operational, liquidity, strategic, reputational and compliance.

It should include announcement memos, test planning, test execution procedures, and standard sampling methodology that should be used in order to perform detailed reviews of transactions.

The necessary data should then be collected, aggregated, and distributed at the appropriate level and frequency for each audience.

It represents the specific maximum amount of risk that a financial institution is prepared to take in pursuit of the business targets in the strategic plan.

“Market risk is an experience of loss due to factors that affect the overall performance of the financial market.
The operational risk might threats the company facing in the course of its daily business activities, procedures, and systems.
Liquidity risk is not meeting the short term financial demands.”

It should include a number of SARs filed analyzed by front line units, number of SARs filed analyzed by product, customer type, country and delivery channel, aging analysis of SAR filing backlog, and the average time for investigations.

Policy and procedures should include customer acceptance criteria including the method for defining the AML/CTF risk represented by the customer and whether that is within the risk tolerance of the financial institution.