Chapter 5: The On-Site Supervisory Process
BOX 5.3
Example of Useful External Information
In France, Regulation 97-02 of 21 February 1997 regarding internal control institutions and investment firms (as amended by Ministerial Orders of 31 March 2005, 17 June 2005, 20 February 2007, and 2 July 2007) requires banks to prepare and transmit two types of reports to the supervisor (the General Secretariat of the Commission bancaire). At least once a year, as set forth in article 42, reporting institutions, irrespective of the nature of risks the bank is facing, are required to draw up a report on the conditions in which internal control is conducted. For each type of risk (defined in regulation 97-07), the report shall include, among others, (1) a description of the main actions carried out in relation to internal control and the lessons drawn from these actions; (2) an inventory of investigations carried out, identifying the main lessons to be drawn, especially the main shortcomings observed and the follow-up to the corrective actions taken; and (3) a description of significant changes made in relation to internal control during the period under review. In addition to that, article 43 of regulation 97-02 stipulates that at least once a year, the reporting institutions shall draw up a report on the measurement and monitoring of their risk exposure, and their report may be included in the report required by article 42. As laid down in article 44 of regulation 97-02, reporting institutions must submit the reports stipulated in articles 42 and 43 annually, not only to the decision-making body but also to the Commission bancaire, as required in a letter of 19 September 2007 from the Secretary General of the banking Commission to the AFECEI (Investment Firms and Credit Institutions Association). These reports are extremely useful not only from the perspective of off-site examinations but also in anticipation of on-site inspections. This is because they provide examiners, before the visit, with a good overview of potential weaknesses in the bank’s internal controls, including AML/CFT, and they allow the mission chief to plan the mission accordingly.
5
As a result of these preliminary discussions, inspection teams get a better understanding of issues requiring special attention. Before the visit, the on-site inspection team also should meet with the FIU to discuss possible concerns about the target bank—lack of STRs, for example—that might indicate a weak reporting process.17
3.6 Request Letters Before the AML/CFT examination, the mission chief should deliver a request letter to bank management asking for important information intended to enable the examination to be completed with minimal disruption and in good time.18 Examiners can also request specific materials for an AML/CFT examination, either 91