In the near future, the Bank of Lithuania (LB) is planning to approve the significantly supplemented and detailed guidelines for financial market participants, which are aimed at preventing money laundering and terrorist financing (“Guidelines”).
The draft guidelines submitted for harmonisation contain detailed information on the way the financial market participants (“Financial institutions”) should organise the system of internal control, which would also cover continuous and efficient identification, assessment and management of the risk of money laundering and terrorist financing (MLTF).
When adopted, these Guidelines will partially illustrate the current requirements of the Bank of Lithuania for financial institutions, which the latter are well aware of, and are likely to implement properly. In addition, the Guidelines should further clarify and submit instructions about the way companies should manage their internal procedures in order to efficiently implement prevention of money laundering and terrorist financing and to protect their clients from these perils.
The draft guidelines highlight the importance and advantage of the system of proper information technologies. Key aspects:
- Solutions aimed at monitoring business relations and transactions (operations) must include at least such factors as the type of the customer (natural person or legal entity), the customer’s risk profile, the type of the transaction or product, the parties to the operation or the transaction, the ways (channels) of the service provision and the value of the performed operations;
- The monitoring solutions must be regularly revised and assessed in order to assure their further relevance and efficiency.
The Draft Guidelines highlight the following key policy elements of the MLTFP:
- Identification and verification of the customer and the beneficiary;
- Collection and assessment of Know Your Customer information;
- Monitoring of the customer’s business relations and operations (transactions);
- Internal investigation of suspicious monetary operations or transactions;
- Submission of notifications to Financial Crime Investigation Service;
- Data storage;
- Organisation of trainings for employees.
The Guidelines remind that the documents regulating the MLTFP must be updated at least annually.
The Draft Guidelines of the Bank of Lithuania pay a great deal of attention to the system of submission of notifications to supervisory and management bodies. The chief executive officer, the board and the supervisory council must be provided with the following information:
- The existing risk of money laundering and terrorist financing and the changes in its level;
- The introduced measures aimed at managing the risk of money laundering and terrorist financing;
- Proposals regarding the substitution of measures aimed at efficient management (reduction) of the risk of money laundering and terrorist financing;
- Violations established during the implementation of the internal control procedures in the field of the MLTFP.
The Guidelines pay a great deal of attention to the risk assessment. They provide a detailed description of the way the MLTF risk assessment of all activities of financial institutions should be performed and what data should be analysed while performing this risk assessment. This data would allow to properly identify the level of the existing MLTF risk, for example:
- The number of customers of a financial institution or another financial market participant;
- Customer distribution according to different groups of risk;
- Number of customers, who use high-risk products;
- Number or value of payment operations to or from high-risk countries;
- Number of customers operating in high-risk countries.
After assessing this data, the report on all activity risk assessment is submitted to the chief executive officer and the board. In case it is established that the existing risk management measures are not enough, financial institutions must draft a risk management plan, which must be approved by the Board.
MLTF risk assessment of an individual customer must be performed with regard to 4 activity types:
- Customer risk;
- Risk related to the country and (or) geographical region;
- Risk related to the services and products used by the customer or operations performed by the customer;
- Risk related to the channels of provision of a product, service and transactions
It is also mandatory to pay regard to other risks, which were established in the risk assessment of all activities of a financial institution, the Republic of Lithuania National Assessment of the Risk of Money Laundering and Terrorist Financing and the European Union Assessment of the Risk of Money Laundering and Terrorist Financing. Individual customer risk assessment must be regularly revised and updated if circumstances change.
The draft of Guidelines is available here.