When it comes to ongoing monitoring, compliance professionals recognize two AML obligations. The first is to obtain due diligence on clients. And the second is to perform risk assessments when onboarding new clients.
But what is ongoing monitoring?
The answer will depend on the industry you’re in, the clients you help, and the products you provide.
An insurance company will have a different monitoring process than an accounting or law firm. Non-banks may focus their monitoring processes on communications and CDD updates, while a bank’s ongoing monitoring process may review customer transactions.
4 Purposes for Ongoing Monitoring
If you’re struggling to comply with AML regulations though, remind yourself of these 4 purposes for ongoing monitoring:
- Ensure all CDD is up to date;
- Update beneficial ownership information;
- Review all transactions or communications with the client and assess if anything is suspicious; and
- Re-assess the risk of the client.
We suggest starting with your compliance manual. Is your ongoing monitoring process well documented?
In your manual, go further than stating how often to do ongoing monitoring. Write down who will perform the ongoing monitoring, and the exact steps that should be taken. Make escalation procedures, too.
Risk Assessment
Keep in mind that a low or standard-risk client should have a different ongoing monitoring process than a high-risk client. For example, if part of your monitoring process includes checking to see whether payments from a client are received from a named account, prioritize doing this for higher-risk clients.
Your compliance policy should address both the frequency and process of ongoing monitoring. Also, if a client’s original risk assessment goes up during the monitoring process, you’ll know it’s time to enhance due diligence on the client.
Don’t Forget to Document
You will need to document your review. This can be done by drafting memos for each file, or by creating forms. The method is up to you. As long as you document your steps and findings, you’ll be able to have management sign off on your monitoring process review.
The Review
Each industry reviews their monitoring process in a different way.
Corporate service providers, for instance, may want to review corporate governance; a client’s good standing could reflect well on corporate shareholders. Law firms may want to find associates and partners that have dealt with the client to confirm that they have seen no suspicious activity from the client. Investment firms might want client facing account managers to confirm compliance with all client communication rules. An example of this might be confirming that clients have not communicated through WhatsApp or text messaging on personal devices.
You will also want to review the business relationship’s original purpose, along with changes since onboarding or the last review. Also, check to see if any big contact changes, address changes, or changes to authorized signatories have been made.
This is also an excellent time to ensure the client (and key contacts) has undergone sanctions screening and PEP list screening. If this is not an automated process for your business, ensure that it gets done during the ongoing monitoring process.
Check For Exemptions
Some jurisdictions might have exemptions for certain types of clients or industries. Canada’s FINTRAC provides exemptions for certain group plan accounts and the re-insurance industry. You’ll need to check your regulations and regulatory guidance for these types of exemptions.