of the supervision function but also fosters credibility and trust with the public and private sectors and promotes a culture of compliance by entities subject to the AML/CFT regime. High integrity of staff and good practices in governance strengthen the credibility of the AML/CFT supervisor. In France, for example, the governor of the Banque de France (the French central bank), who is also the chair of the ACPR (the supervisory body for AML/CFT), annually reports the central bank’s activities to the public through parliament. The central bank is also subject to independent oversight by the Court of Audit and the Inspection Générale des Finances, which are responsible for the oversight of public systems. In addition, the ACPR is required to disclose an overview of its operations to the public. The overview takes the form of an annual report, which includes, among other information, the number of on-site visits, sanctions imposed on noncompliant financial institutions, and follow-up letters sent about inspections. In the United States, all bank regulatory agencies are required to file publicly available annual reports. These reports provide a detailed description of the agencies’ initiatives, financial management results, enforcement actions, and outreach to industry, community, and consumer organizations. In Canada, both the Office of the Supervisor of Financial Institutions (OSFI) and the Financial Transaction and Reports Analysis Centre of Canada (FINTRAC) are legally required to present parliament with annual reports on their activities as specified in their legislated mandates and on their plans and priorities for the coming fiscal year. Many other jurisdictions also require such disclosure.
Access to Information Conventional practice and international AML/CFT standards provide that the supervisory body should have adequate powers to monitor and ensure compliance by banks and other financial institutions. These powers include the authority to compel the production of information, both documentary and oral, relevant to its supervisory mandate. Supervisors should have unfettered access to complete and accurate information in a timely manner. Bank secrecy or other confidentiality laws must not restrict their access to such information. The AML/CFT supervisor should have access to information, including board minutes and resolutions, policies and procedures, books and records of the supervised institutions, customer files and accounts, transaction documents, business correspondence, risk management systems, risk assessment data and results, and monitoring and reporting systems. Supervisors should also have access to officials and staff (including compliance and audit staff) for verbal information, clarification, and explanations on any relevant matter. With regard to access to STR information and copies of STRs filed with the FIU, the practice varies across jurisdictions. In some jurisdictions, legislation only allows the FIU, not the supervisor, to have access to STR information. In the absence of a clear, explicit, and specific legal prohibition to access STR information, supervisors have the legal power to access any information in possession of a financial institution. Supervisors should have access to STR data to be able to examine compliance with the requirement to report suspicious transactions, including assessing the quality, sufficiency, and timeliness of STRs filed. Supervisors need to examine the strength of the internal processes of monitoring for unusual and suspicious activities (both manual and automated)—that is, the internal reporting systems and processes for deciding whether or not to file an STR. This monitoring and reporting process should generally be tested for effectiveness by reviewing a sample of the STRs. Without access to STR data, it would not be feasible to conduct a proper review of compliance with the STR requirements or to sanction institutions for their failure to comply with their STR obligations. 10
PREVENTING MONEY LAUNDERING AND TERRORIST FINANCING
