by InScope-AML
November 23, 2023
As we draw closer to the end of the year, most of us will no doubt be looking forward to taking a well-deserved break to enjoy the Christmas period with family and friends.
But whether we like it or not, the holidays will pass, and we will all be back to the office come January. For people working in the financial sector, accountancy, audit, legal and corporate services, a new year brings about the obligation to submit a new Risk Evaluation Questionnaire (REQ) to the Financial Intelligence Analysis Unit (FIAU).
In its role as regulator, the FIAU has various tools at its disposal to assess the operations being adopted by the relevant entities falling under its surveillance. The yearly statutory Risk Evaluation Questionnaire (REQ) is undoubtedly one of the leading and more effective off-site control methodologies. The nature of questions that are set up will assist the regulator to evaluate the level of checks and balances adopted by the Subject Person and what level of compliance is being achieved.
The FIAU REQ season is typically a stressful time for Subject Persons. But with proper planning in advance, the process of completing and filling in the REQ can be accomplished without having to spend late nights at the desk.
So before starting to wind down for the holidays, take some time to get ready for REQ 2024.
We’ve put together ten ways which lead to a stress-free REQ submission. Here we are presenting a summary, but a much fuller version can be found by downloading our eBook.
Here they are:
The BRA is given huge importance by the regulator. It should define the organisation’s methodolgy in assessing its inherent and residual risks. It needs to be revised regularly and especially whenever there is a change in the services offered, updated findings at NRA or SNRA level, or when the company’s risk appetite changes.
The REQ delves into how frequently these are updated and whether they cater for the most important elements for the prevention of money laundering and terrorism financing. Policies and Procedures should reflect latest AML-CFT updates.
While the REQ does not make any reference to internal registers being kept, it is greatly advisable that Subject Persons maintain a number of registers such as: (i) Training (ii) Number of Internal Reports (iii) Number of External reports filed. This information would simplify the gathering of data for the first part of the REQ questions.
Ongoing monitoring against EU and UN sanctions is a statutory obligation. The REQ also asks whether regular monitoring against PEP databases and adverse media is implemented. This can only be achieved through automation as manual monitoring is surely not possible in view of the huge and laborious time-consuming element.
Over the past years the FIAU has adopted a policy to include in the REQ a number of high-risk jurisdictions, normally based on FATF lists, EU lists and the top 20 countries on the Basel Index. It is therefore important to ensure that the latest versions of these lists have been obtained.
All customer data should be available and organised in a way that makes it easy to report against as part of the REQ. The absence of such data renders answering these questions time-consuming.
A crucial element of risk management is having regular and updated information of the risk tiers of customers. The REQ asks for statistics related to the number of customers within each risk classification and having completed CRAs for each customer will make it easier to gather the information for the REQ.
The REQ asks whether policies and procedures around record keeping are in place. Proper document management should be in place and set up to be able to provide the regulator with timely information when requested. This includes having updated and complete documentation such as Customer Due Diligence documentation, training records, and assessments on internal reports received that were not translated into an external report.
Businesses should consider commissioning an audit of their internal measures, policies, control and procedures, whether these are carried out internally or externally. This requirement is more onerous on larger organisations.
As with all aspects of business (and life!), automation always makes day-to-day and one-off tasks easier. The right technology can directly assist in answering REQ questions, can generate statistics to feed the BRA, automatically generate Risk Scores, track whether all the necessary details have been collected, screen against sanctions lists, PEPs and adverse media and ensure that defined processes and procedures are adhered to.
Leveraging the right technology ensures that one gets the maximum efficiency and effectiveness from the AML function. Having in place a robust automated system, one can generate the required quantitative data easily during the REQ season. Moreover, technology assists in lowering the organisation’s overall exposure to AML risk and this will clearly be reflected in the answers within the qualitative parts of the REQ.
For the full version of this guide, please download our eBook here.
by Mariana Costa
October 31, 2024
Algeria, Angola, Côte d’Ivoire and Lebanon added to FATF Grey List
by InScope-AML
July 10, 2024
The AML Compliance Balancing Act: Regulatory Pressures vs Customer Experience