Financial technology (Fintech) firms are subject to Anti-Money Laundering (AML) regulations or oversight via their relationship and dependency on banks. The unassuming, but crucial expectation, of this oversight is an AML policy which describes how the Fintech will administer their AML program. This policy shows banks or regulators that the organization consistently performs their due diligence in screening clients for eligibility as well as transactions for suspicious activity.
Most startups find hiring a professional to create an AML program too costly, so they end up creating their AML policy themselves. This is a risky proposition as they usually lack the expertise to identify potential pitfalls. Banks are wary of DIY attempts, and costly delays or false starts haunt those Fintechs that pursue the DIY method.
What is an AML Policy?
An AML policy details the steps your organization takes to combat financial crimes such as money laundering and terrorist financing. Regulations have slight variations depending on your jurisdiction, but largely follow the Financial Action Task Force (FATF) recommendations to help align global efforts in combating financial crimes. Since most jurisdictions largely apply the FATF recommendations, it is possible for you to create an AML policy through a template. But using templates can have its disadvantages which we will talk about later.
Why You Need an AML Policy for Your Fintech Startup?
While some Fintechs are regulated directly, and must comply with the law by having an AML policy, many more must comply because their financial partners require it. Failure to comply with AML regulations can result in fines, cease and desist notices, and permanent industry bans. For startups, even small fines can cause a business venture to fail, and delays while you negotiate your policy with the banks take time and resources away from the business venture. Enacting an appropriate AML policy to ensure you follow all AML regulations keeps risks to a minimum.
How To Create an AML Policy
Creating an AML policy must, therefore, be a priority for regulated organizations, and those Fintechs that partner with banks to provide financial services. For those interested in the DIY method, there are free resources online such as FINRA’s AML template. This template guides you through each piece of information you need to include in your AML policy complete with examples of how you should fill it in. You can use this template to create your policy and then have an expert review or complete the policy. This provides you with a cost-effective method of ensuring your policy follows all AML regulations without the need to hire a professional for the entire process.
Firm Policy
The first section of an AML policy outlines your firm’s policy on your intentions to combat money laundering and other financial crimes. Within this section you define the kinds of financial crimes that your Fintech startup could be exposed to and confirm your intentions to fully comply with all AML regulations, by detecting and deterring such attempts.
AML Compliance Personnel Designations
In the next section, you designate who is responsible for AML compliance within your organization. The key role you must fill to ensure AML compliance is the Chief AML Compliance Officer, or CAMLO. This individual oversees your entire AML compliance operation ensuring your overall compliance as well as determining how to improve the way you achieve compliance.
Sharing AML Information with Law Enforcement
This section provides an overview of your organization’s policies for sharing all AML information with the applicable authorities. As part of your AML compliance, you must share all of your findings related to AML with the authorities applicable to your jurisdiction. Within this section you should highlight which authorities your organization can share information with and how your organization will share that information. Generally, you must comply with all requests from FinCEN, National Security Letters, Grand Jury Subpoenas, and most law enforcement requests subject to a subpoena; however, some jurisdictions have additional discovery methods.
Sharing AML Information with Other Financial Institutions
While you are not required to share information with other financial institutions, it can help you fulfill your AML compliance obligations. Within this section, you must detail whether you intend to share certain types of otherwise confidential information with other financial institutions. If you intend to share information with other financial institutions, you should include how you intend to share that information and under what circumstances you intend to share information.
Procedure for Checking Sanctions Lists
The Office of Foreign Asset Control maintains a list of sanctioned entities and individuals. Though this section is not directly related to AML, the requirements to identify individuals are so closely tied to the AML expectations, that they are often lumped together. This section demonstrates your organization’s compliance with these sanctions. Within this section you detail your organization’s exact steps for checking all sanctions lists when opening a new account for a client, altering an existing account, or partnering with a client. For an inventory of global watchlists and a list of sanction screening solution vendors visit Mr. Watchlist. For help with what sanction lists you should be screening for your compliance program, check out this free Watchlist Builder Tool from KYC2020.
Know Your Customer (KYC) Compliance
Your Fintech’s method for verifying the identities of your customers is required in writing within your organization’s AML policy. These regulations are commonly referred to as Know Your Customer, or KYC, regulations. These regulations are so close to the OFAC identification requirements that they are usually lumped together. In this section you must define reasonable procedures your company follows to confirm the identity of your customers. These procedures must include:
- Required customer information
- Customers that refuse to provide information
- Verifying information
- Record keeping
- Comparison of customers to terrorist lists
- Notice to customers
- Any organizations your organization relies on for identity verification
Customer Due Diligence
This section declares that your organization establishes a customer’s risk rating. It must outline how you will identify beneficial owners, politically exposed persons, and senior management of organizations. You must also define when your organization follows an enhanced due diligence procedure based on the individual’s risk rating.
Filing Suspicious Activity Reports and Currency Transaction Reports
Finally, your AML policy must declare your organization’s procedures for filing suspicious activity reports (SAR) and currency transaction reports (CTR). You must include that your organization will file CTRs for any currency transaction exceeding $10,000 and how you file your CTRs. Filing a SAR is determined by certain requirements and the result of your organization’s monitoring. In some cases you can move this responsibility to the partnering bank, while in other cases, you must file these reports with FinCEN directly.
Simplify the Process with KYC2020’s AML Policy Builder
Taking a template and filling it out for your specific business can become a difficult and time-consuming task. Figuring out how to write each section and what information must go in each section only becomes more complicated the more you learn. So, to make the process easier, KYC2020 created a special AML Policy Builder tool. This tool helps you create your AML policy without the hassle of typing out legalese. All you need to do is answer questions specific to your business, and the policy builder creates a full document for you to use. It also provides a review function, tracking and version control capabilities, and the ability to engage an AML specialist to securely and confidentially review your policy or AML compliance regime.
Reviewing Your AML Policy
Once you write your AML policy, whether you use a template or KYC2020’s AML Policy Builder tool, you will want to have an expert review it to ensure your program is complete and effective. The AML Policy Builder tool is supported by KYC2020’s network of qualified independent AML specialists. You can use the hire function from within the tool to engage an expert to review or help complete your policy. This allows you to benefit from the expertise of an AML professional without the high cost of having one create your entire AML policy.
Your AML policy defines exactly how you intend to achieve AML compliance and can be subject to review by various AML compliance agencies. So, getting your AML policy right the first time is of the utmost importance. If you are confused by any aspect of your AML policy, reach out to KYC2020 to have an AML professional review and guide you on the best practices used to achieve compliance.