Financial Crime World

Here’s the rewritten article in markdown format:

Bermuda Monetary Authority (BMA) Guidance on Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT)

The Bermuda Monetary Authority (BMA) has issued guidance notes regarding Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) regulations. This article summarizes key points related to AML/CFT compliance, including the independent audit requirement.

Independent Audit Requirement

By 2016, companies were expected to have developed a plan for dealing with the independent audit requirement and conduct or finalize the report no later than June of that year.

Scope of AML Audit

An independent audit has a broad scope, testing whether the AML/CFT program is implemented and working effectively. This includes assessing:

  • Effectiveness of policies, procedures, and controls
  • Risk ratings assigned to customers, products, services, transactions, delivery channels, outsourcing arrangements, and geographic connections
  • Adequacy of risk assessment, customer due diligence, risk mitigation measures, on-going monitoring, suspicious activity detection and reporting, record-keeping, reliance relationships, and employee knowledge and training

Independent Auditor Qualifications

The independent auditor should be an appropriately qualified member of management who is not part of the daily compliance functions or operations and has adequate knowledge of Bermuda AML/CFT regulations and guidance notes.

Independent Audit Conducted by a Non-Executive Director (NED)

If a NED conducts the audit, there must be other NEDs on the board to provide independence, constructive challenge, and actively participate in decision-making processes. The NED conducting the audit would need to recuse themselves from related AML compliance and audit discussions.

Registration with GoAML

Even if an entity has never filed a Suspicious Activity Report (SAR), they must be registered with the Financial Intelligence Agency’s (FIA) GoAML system for reporting SARs.

Staff Awareness

Employees should be aware of red flags for suspicious activity and avoid tipping off clients about ongoing investigations.