Preventing Money Laundering and Terrorist Financing
3.3 Prior Examinations and Correspondence with the Bank Findings from past examinations and work papers and from ongoing correspondence between the bank and its supervisor are important sources of pre-planning information. Previous violations or an absence of appropriate policies and procedures, among other AML/CFT compliance deficiencies, should be flagged and followed up at the examination. Public items such as news articles are also useful sources of information about the target bank.16
3.4 Internal and External Audits or Other Independent Reviews Internal and external audit reports covering AML/CFT issues and deficiencies can also yield important information in examination planning (see box 5.3). In their reviews, examiners should determine the quality and scope of the audits and how well they address the AML/CFT compliance programs. It is also important to review any correspondence between bank management and the auditors, and to identify any remedial action taken to correct possible deficiencies. In Hong Kong’s supervisory practice, for example, HKMA collaborates with the bank’s external auditors. HKMA may require the bank to commission an external auditor approved by HKMA to undertake a review of a specific area of operation of the bank. The scope of the review is determined by HKMA and the results of the review are used by HKMA in its supervision of the bank. In Malaysia, the Labuan Offshore Financial Service Authority (LOFSA) confirms that external auditors play an important role both in monitoring a bank’s internal controls and procedures and in ascertaining its compliance with national AML regulations. LOFSA has issued guidelines to internal auditors that require AML/CFT measures and controls as a minimum standard.
5
3.5 Off-Site Monitoring Information Data elements collected through available off-site monitoring systems are also an important part of the on-site process, because they might include information from outside regulatory and law enforcement agencies. Such information may include filing errors for suspicious activity reports (STRs), or large cash reporting, or the volume of STRs and large cash activity in relation to the bank’s size, growth, and geographic location. These might be followed by civil money penalties or other sanctions imposed by the competent authorities, such as law enforcement subpoenas or seizures. Before the visit, in those jurisdictions where on-site and off-site supervision responsibilities are split into two departments, the on-site inspection team usually meets with off-site supervision department staff responsible for the ongoing surveillance of banks. The purpose of the meeting is to discuss issues of common concern, such as areas of higher risks, sectors or types of activities requiring deeper investigations, and failures previously detected but not yet addressed. 90