On January 17, the Bank of Lithuania announced the 2023 inspection plan for financial market participants. In most scheduled inspections, the supervisory authority will aim to assess the compliance of financial market participants with the requirements for the prevention of money laundering and terrorist financing (ML/TF). This year’s inspection plan includes two banks, two credit unions, eight electronic money and payment institutions, two management companies and up to two issuers (to be decided in July). On January 3, the Financial Crimes Investigation Service (FCIS) announced its scheduled inspections plan, according to which it will check 24 market participants for compliance with ML/TF prevention requirements.
Risk Assessment of Financial Market Participants
Inspections of ML/TF prevention by supervisory authorities always consist of two parts – evaluation of the audited company’s documentation and its comparison with the processes actually carried out in the company. In order to identify possible shortcomings in the company’s activities, it is recommended (and mandatory on annual basis) to carry out a company-wide risk assessment. Company-wide risk assessment is carried out by assessing at least the following risks:
1. Customer risk. Assessment of the company’s customers portfolio by determining what portion of the customers consist of legal and natural persons, politically exposed persons, business sectors of customers’ activities, age of customers, percentage distribution of customers into low, medium and high-risk categories, prohibited customer groups, etc.
2. Product, service and delivery channel risk. Assessment of ML/TF risks related to the products provided by the company and the methods in which they are provided. For example, cash-related services create favourable conditions for anonymity, while international payment services create risks related to transit accounts, sending funds to clients in high-risk countries, etc.
3. Country and (or) geographical risk. Assessment of countries from which the customers are onboarded. According to the Republic of Lithuania Law on the Prevention of Money Laundering and Terrorist Financing (hereinafter – the AML/CTF Law), enhanced due diligence must be applied to customers residing in high-risk countries declared by the Financial Action Task Force (FATF) and (or) the European Commission.
How To Prepare For ML/TF Prevention Compliance Inspection?
After assessing who, from where, how and what kind of services are provided, companies must evaluate their control measures, which aim to reduce the risk and meet the ML/TF prevention requirements. Deficiencies identified in control measures must be documented in the company-wide risk assessment report, and the company must prepare a risk mitigation action plan.
The action plan should include the person(s) responsible for its implementation, identified ML/TF risk factors, the expected measures to reduce the identified ML/TF risk, how and when these measures will be implemented, how and when the implementation and effectiveness of the action plan will be checked. For example, a company finds that employee training is not documented. In this case, the company should prepare a registration log of employee training, appoint a responsible person for its completion and ensure that the registration log is filled in practice.
After completing the above steps, companies can more easily predict what questions will be asked by the supervisory authority and prepare appropriate answers. Companies should refrain from lying, ging documents or signatures, destroying data or undertaking other activities to hide the actual situation after identifying shortcomings in their activities. Supervisory authorities always consider the company’s efforts to self-correct and provide softer restrictive measures where there is a reason. In addition, if the company does not agree with the supervisory authority’s decision, it can be appealed.
A cooperation strategy is also essential for the preparation of the inspection. Companies should appoint responsible persons for communication with the supervisory authority and ensure that these persons will be able to provide the requested information in writing on time, refrain from providing unnecessary information or unfulfillable promises, and will not argue with representatives of the supervisory authority. In addition, companies should decide and mark the preliminary documents which will be provided for the inspection and review whether they have been properly approved.
Finally, conducting an internal audit is one of the most effective means of self-assessing the preparation for an inspection. The ML/TF prevention audit is not only a good tool to assess whether the ML/TF prevention control measures are working properly and whether the relevant documentation is in order, but also it is a way to comply with the legal obligation to establish appropriate compliance and/or audit procedures for internal policies and internal control procedures to ensure compliance with the provisions of the AML/CTF Law.
ECOVIS ProventusLaw law firm offers internal audit services for companies seeking to prepare for ML/TF prevention inspections by supervisory authorities. ECOVIS ProventusLaw has accumulated extensive experience in ML/TF prevention internal audits, and Chambers and Partners have rated its lawyers as one of the leaders in the field of Fintech since 2013.
Prepared by Vilius Neverdauskas, an associate of ECOVIS ProventusLaw
Newsletter Subscription
Get in touch