Alan Paterson
Joby Carpenter
Plenitude Insights
Advisory and Transformation
AML/CTF/CPFIn line with the Fourth EU AML Directive, the European Banking Authority (EBA) has issued its 3rd Joint Opinion on the risks of ML/TF affecting the European Union’s financial sector on 3 March 2021. Our thought leadership paper summarises the main findings and the proposed actions related to Life Insurance Undertakings (LIUs) and provides key considerations and practical steps LIUs should take to proactively address the findings of the EBA.
Conclusion
Our view is that the joint opinion clearly signals that CA’s should apply a greater focus on the quality of controls in LIUs as part of their supervisory approach, including the review of AML/CFT returns and inspections. Separately the breach findings provide thematic considerations with respect to internal controls, AML/CFT policies and procedures, customer and business-wide risk assessments.
To mitigate supervisory concerns and demonstrate robust systems and controls, Plenitude recommend the following actions should be proactively undertaken by LIU’s:
◼ Ensure that AML/CFT policies and procedures fully reflect applicable laws, regulations and guidance.
◼ Conduct a formal review and gap analysis of the current AML/CFT risk assessment and Customer Risk Rating
Methodology to ensure they fully meet regulatory requirements.
◼ Conduct and evidence a review of the existing monitoring and controls testing plan to ensure testing is
appropriate, meets regulatory expectations and provides appropriate coverage across all intermediaries, agents,
outsourced arrangements and AML/CFT controls.
◼ Ensure that the controls related to ongoing monitoring of transactions are effective and calibrate and test any
transaction monitoring systems on an ongoing basis so that they remain aligned to AML/CFT risk assessments
and regulatory requirements.
◼ To mitigate the risk of the increased use of FinTech and RegTech solutions, LIUs must seamlessly align and
integrate all associated business processes, data systems, and technical architectures; and evidence they
understand the configuration and operation of the solutions.
◼ Consider broader training and awareness initiatives to improve the quality of controls, reinforce roles and
responsibilities across the Three Lines of Defence model and drive the required ‘culture of compliance’.
◼ Review and enhance the current Management Information reporting suite in terms of existing Key Performance
Indicators (KPI’s) and Key Risk Indicators (KRIs) related to quality of controls.
