Financial Crime World

BCBS Guidelines on Compliance and Risk Management: A Critical Component for Financial Institutions

Introduction

The Basel Committee on Banking Supervision (BCBS) has issued guidelines on compliance and risk management for financial institutions, emphasizing the importance of a robust three lines of defense approach in managing risks related to money laundering and terrorist financing.

The Three Lines of Defense

According to the BCBS guidelines, the three lines of defense approach is widely accepted as the global standard for risk management. This approach consists of:

First Line of Defense

  • Business units or business lines within financial institutions are responsible for identifying, assessing, and controlling risks associated with their operations.
  • They should conduct regular control risk self-assessments (CRSAs) and ensure that they have sufficient resources to implement effective controls.

Second Line of Defense

  • This line provides independent oversight and quality assurance for the overall operations of the institution.
  • The Chief Compliance Officer (CCO) and Money Laundering Reporting Officer (MLRO) functions typically comprise this line, which is responsible for:
    • Monitoring FC risks
    • Conducting sample testing
    • Reviewing exception reports

Third Line of Defense

  • This line, often referred to as the audit function, provides independent evaluation of risk management and controls.
  • The audit committee or a similar oversight body receives periodic evaluations from the third line on the effectiveness of compliance with policies and procedures related to FC.

Board Oversight

The BCBS guidelines emphasize the importance of board oversight in ensuring that financial institutions have an effective FC risk management regime. Boards should regularly review and monitor key areas, including:

  • Legislative and regulatory changes
  • Relationship and customer acceptance
  • Ongoing transaction monitoring
  • Exception reporting

Business Acceptance

Part II of the Financial Transactions Reporting Act (FTRA) and other relevant guidelines require licensees to verify client identities using independent source documents and customer attestations. The BCBS guidelines on Sound Management of Risks Related to Money Laundering and Financing of Terrorism provide additional guidance on this requirement.

Ongoing Monitoring

Financial institutions should:

  • Engage customers on the assumption that they are not criminal, while still considering the possibility of financial crime.
  • Use risk-based approaches to determine the level of compliance requirements, with simplified measures applied for lower-risk relationships and enhanced measures taken for higher-risk clients.

Conclusion

The BCBS guidelines on compliance and risk management provide a critical framework for financial institutions to ensure effective management of FC risks and compliance with regulatory requirements.