911 RISK MANAGEMENT
a. Compliance office. Management of the implementation of the covered person’s Money Laundering and Terrorist Financing Prevention Program (MTPP) shall be a primary task of the compliance office. To ensure the independence of the office, it shall have a direct reporting line to the board of directors or any board-level or approved committee on all matters related to AML and TF compliance and their risk management. It shall be principally responsible for the following functions among other functions that may be delegated by senior management and the board, to wit:
(1) Ensure compliance by all responsible officers and employees with this Part, the AMLA, as amended, the RIRR and its own MTPP. It shall conduct periodic compliance checking which covers, among others, evaluation of existing processes, policies and procedures including on-going monitoring of performance by staff and officers involved in ML and TF prevention, reporting channels, effectiveness of the electronic money laundering transaction monitoring system and record retention system through sample testing and review of audit or examination reports. It shall also report compliance findings to the board or any board-level committee;
(2) Ensure that infractions, discovered either by internally initiated audits, or by special or regular examiation conducted by the Bangko Sentral, or other applicable regulators, are immediately corrected;
(3) Inform all responsible officers and employees of all resolutions, circulars and other issuances by the Bangko Sentral and the AMLC in relation to matters aimed at preventing ML and TF;
(4) Alert senior management, the board of directors, or the board-level or approved committee if it believes that the covered person is failing to appropriately address AML/CFT issues; and
(5) Organize the timing and content of AML training of officers and employees including regular refresher trainings as stated in Sec. 932.
b. Group-wide Money Laundering and Terrorist Financing Prevention Program (MTPP). Financial groups shall implement group-wide MTPP, which shall be applied to their branches and majority-owned subsidiaries as provided in Sec. 903. The group-wide MTPP shall include the measures set out in this Section.
The group-wide compliance officer or in its absence, the compliance officer of the parent entity, shall oversee the AML/CFT compliance of the entire group with reasonable authority over the compliance officers of said branches, subsidiaries or offices.
a. Detailed procedures of the covered person’s compliance and implementation of the following major requirements of the AMLA, as amended, its RIRR, and this Part, to wit:
(1) Customer identification process including acceptance policies and on-going monitoring processes;
(2) Record keeping and retention;
(3) Covered transaction reporting; and
(4) ST reporting including the adoption of a system, electronic or manual, of flagging, monitoring and reporting of transactions that qualify as suspicious transactions, regardless of amount or that will raise a “red flag” for purposes of conducting further verification or investigation, or transactions involving amounts below the threshold to facilitate the process of aggregating them for purposes of future reporting of such transactions to the AMLC when their aggregated amounts breach the threshold. The ST reporting shall include a reporting chain under which a ST will be processed and the designation of a board-level or approved committee who will ultimately decide whether or not the covered person should file a report to the AMLC. If the resources of the covered person do not permit the designation of a committee, it may designate the compliance officer to perform this function instead: Provided, That the board of directors is informed of his decision.
b. An effective and continuous AML/CFT training program for all directors, and responsible officers and employees, to enable them to fully comply with their obligations and responsibilities under this Part, the AMLA, as amended, its RIRR and their internal policies and procedures as embodied in the MTPP. The training program shall also include refresher trainings to remind these individuals of their obligations and responsibilities as well as update them of any changes in AML laws, rules and internal policies and procedures.
c. An adequate screening and recruitment process to ensure that only qualified personnel who have no criminal record/s are employed to assume sensitive banking functions;
d. An internal audit system in accordance with this Section;
e. An independent audit program with written scope of audit that will ensure the completeness and accuracy of the information and identification documents obtained from clients, the covered and suspicious transactions reports submitted to the AMLC, and the records retained in compliance with this Part as well as adequacy and effectiveness of the training program on the prevention of money laundering and terrorism financing;
f. A mechanism that ensures all deficiencies noted during the audit and/or Bangko Sentral regular or special examination or other applicable regulator’s examination are immediately corrected and acted upon;
g. Cooperation with AMLC and Bangko Sentral;
h. Designation of an AML compliance officer, who shall at least be at senior officer level, as the lead implementor of the program within an adequately staffed compliance office. The AML compliance officer may also be the liaison between the covered person, the Bangko Sentral and the AMLC in matters relating to the covered person’s AML/CFT compliance. Where resources of the covered person do not permit the hiring of an AML compliance officer, the compliance officer shall also assume the responsibility of the former; and
i. Policies and procedures for sharing information required for the purposes of customer due diligence (CDD) and risk management;
j. A provision that the group-level compliance, audit, and/or AML/CFT functions should be provided with customer, account, and transaction information from branches and subsidiaries when necessary for AML/CFT purposes. This should include information on analysis of transactions or activities which appear unusual, if such analysis was done. Similarly, branches and subsidiaries should receive such information from these group-level functions when relevant and appropriate to risk management. The MTPP may require a potential and/or existing customer to sign a waiver on the disclosure of information within the group;
k. Adequate safeguards on the confidentiality and use of information exchanged, including safeguards to prevent tipping-off;
l. A mechanism to comply with freeze, bank inquiry and asset preservation orders, and all directives of the AMLC; and
m. A mechanism to comply with the prohibitions from conducting transactions with designated persons and entities, as set out in the relevant United Nations Security Council Resolutions (UNSCRs) relating to the prevention and suppression of terrorism and terrorist financing and financing of proliferation of weapons of mass destruction.
a. Electronic monitoring and reporting systems for AML/CFT. UBs and KBs and such covered persons that are considered complex pursuant to Sec. 131 (Definition of terms) shall adopt an electronic AML system capable of monitoring risks associated with ML/TF as well as generating timely reports for the guidance and information of its board of directors and senior management, in addition to the functionalities mentioned in Sec. 923 (Electronic monitoring systems for AML/CFT).
b. Manual monitoring. Covered persons not required to adopt an AML/CFT electronic system must ensure that they have the means of complying with this Section