For the assessment of effectiveness, the Reviewer focuses on a hierarchy of defined outcomes. In order to give the right balance between an overall understanding of the effectiveness of your AML/CTF system, and a detailed appreciation of how well its component parts are operating, the Reviewer assesses effectiveness primarily on the basis of the following outcomes:
- Good governance and reporting lines are established;
- Money laundering and terrorist financing (ML/TF) risks are understood and, where appropriate, controls are implemented to prevent ML/TF;
- Preventive measures that commensurate with their risks are adequately applied, and suspicious matters are reported where applicable;
- There is a clear understanding of how funds or assets flow through the organisation;
- Legal persons and arrangements are prevented from misuse for money laundering or terrorism financing, and information on their beneficial ownership is available without impediments;
- There are controls in place to freeze or block the proceeds and instrumentalities of crime;
- All controls, their execution and findings are recorded and kept for seven years.
Each of these represents one of the key goals which an effective internal AML/CTF system should achieve. For each of the listed outcomes, there are two overarching questions which the Reviewer tries to answer:
- To what extent is the outcome being achieved? The Reviewer assesses whether you are effective in relation to that outcome (i.e. whether you are achieving the results expected of a well-performing AML/CTF system). The Reviewer bases their conclusions primarily on the key aspects, supported by the examples of information and the examples of specific factors; and taking into account the level of technical compliance, and contextual factors.
- What can be done to improve effectiveness? The Reviewer makes and effort to understand the reasons why you may not have reached a high level of effectiveness and, where possible, make recommendations to improve its ability to achieve a specific outcome. The Reviewer bases the analysis and recommendations on their consideration of the core aspects and on the examples of specific factors that could support the conclusions on the core aspect, including activities, processes, resources and infrastructure. The Reviewer also considers the effect of technical deficiencies on effectiveness, and the relevance of contextual factors. If the Reviewer is satisfied that the outcome is being achieved to a high degree, they would not need to consider in detail what can be done to improve effectiveness (though there may still be value in identifying good practises or potential further improvements, or ongoing efforts needed to sustain a high level of effectiveness).
Your level of technical compliance and level of execution contributes to the assessment of effectiveness. The Reviewer considers the level of technical compliance as part of the scoping. The assessment in the technical compliance reviews outlines whether the policies, procedures and controls that constitute an efficient AML/CTF system are present. It is unlikely that an organisation that is assessed to have a low level of technical compliance will have an effective AML/CTF system (though it cannot be taken for granted that a technically compliant organisation will also be effective). In many cases, the main reason for poor effectiveness will be significant deficiencies in implementing the technical elements of the requirements.
Assessment of effectiveness is not a statistical exercise. The Reviewer uses data and statistics, as well as other qualitative information when reaching an informed judgement about how well the outcome is being achieved, and also interprets the available data critically, in the context of your circumstances. The focus is not on the raw data (which can be interpreted in a wide variety of ways and even with contradictory conclusions), but on information and analysis which indicates, in the context of your circumstances, whether the objective is achieved. The Reviewer is particularly cautious about using data relating to the rest of the industry or other reporting entities as a comparison point in judging effectiveness, given the significant differences in circumstances between organisations, AML/CTF systems, and data collection practices. It should be noted that a high level of outputs does not always contribute positively towards achieving the desired outcome.
The Reviewer’s conclusions on the level of effectiveness are primarily descriptive. The Reviewer sets out the extent to which is considered the outcome to be achieved, noting any variation, such as particular areas where effectiveness is higher or lower. The basis for this judgement is also explained in the comments, e.g., problems or weaknesses which the Reviewer believes are responsible for lack of effectiveness; the core issues and the information which the Reviewer considered to be most significant; how the Reviewer understood the data and other indicators; and the weight they gave to different aspects of the assessment. The Reviewer also identifies any areas of particular strength or examples of good practice. To ensure clear and comparable decisions, the Reviewer summarises the conclusion in the form of a rating. For each section, there are four possible ratings for effectiveness, based on the extent to which the outcomes and characteristics are addressed: high level of effectiveness; substantial level of effectiveness; moderate level of effectiveness; and low level of effectiveness as presented in the table below: