ECSH33220 - Anti money laundering training

Introduction

´¡´Ú³Ù±ð°ùÌýchecking the risk assessmentÌý,establishing the policies, controls and proceduresÌý(PCPs) and theÌýcommunication of the PCPs, you should establish what anti-money laundering, counter terrorist and proliferation financing (AML/CTF/CPF) training is provided to staff.

Ìýof The Money Laundering, Terrorist Financing and Transfer of Funds (information on the Payer) Regulations 2017 (MLRÌý2017) requires a business to take appropriate measures to ensure relevant employees, and any agents it uses for the purpose of its business, are:

  • Made aware of the law relating to money laundering, terrorist financing and proliferation financing (ML/TF/PF), and to the requirements of data protection relating to MLR 2017.
  • Regularly given training in how to recognise and deal with transactions and other activities or situations which may be related to ML/TF/PF.

For the purposes of this regulation, relevant employees and agents, are those who work is:

  • Relevant to the business바카라 사이트™s compliance with any requirement of MLR 2017.
  • Otherwise capable of contributing to the identification or mitigation of any risk of ML/TF/PF the business is subject to.
  • Otherwise capable of contributing to the prevention or detection of ML/TF/PF in relation to the business.

If a business has identified, and you are satisfied, that an employee does not fall within the definition of a 바카라 사이트˜relevant employee바카라 사이트™, that employee does not need to undergo training.Ìý

A written record of the training provided must be maintained.


What the anti-money laundering training must include

You must establish what the training includes and ensure it meets the requirements of regulation 24 MLR 2017.

You should consider if the training adequately provides the following:

  • The requirements of MLR 2017,ÌýÌýand sectionsÌýÌýandÌýÌýof the Terrorism Act 2000.
  • Information on how to recognise and deal with transactions or other activity which may be related to ML/TF/PF.
  • Information on what suspicious activity could look like? See sector specific risks and red flag indicators published in the sector guidance onÌý바카라 사이트.
  • Information on what to do when customer activity raises suspicion.
  • Data protection requirements.
  • Is relevant to the business and the risks of ML/TF/PF it faces.

Different types of anti-money laundering trainingÌý

MLR 2017 is not prescriptive in the type or form of training which is to be provided to staff. You should be aware that training may include:

  • Face to face training sessions.
  • Online training sessions.
  • HMRCÌýwebinars.
  • Going to conferences.
  • Attending internal meetings to discuss the business procedures.
  • Reading relevant publications.
  • Meetings to look at the issues and risks.

Please note that this is not an exhaustive list of training. You may find that a business uses a combination ofÌýdifferent typesÌýof training depending on the size, nature, and structure of the business. Some businesses also use external providers to deliver training.

There is also e-learning available to businesses onÌý바카라 사이트. It is found in the same place as the HMRC webinars. The e-learning available is referenced as "guidance" but are training modules. They vary in length based on the sector and the subject being discussed. You should review the link and then ensure that you also provide it to and discuss it with the business.

Who needs to be trained

The business must make sure that relevant employees and agents, whose work is described above and in regulation 24(2)ÌýMLR 2017, are trained.

Before you can test whether the measures taken are appropriate, you must establish which members of staff carry out activities in relation to MLR 2017. These will vary from business to business but may include members of a compliance or internal audit team, customer facing staff, accounts staff who process payments or monitor payments into the business바카라 사이트™s bank account, as well as the nominated officer and compliance officer.

When carrying outÌýrecords testingÌý, you may also create your own list of staff and agents who are shown within transaction records, to check against training records.

When is anti-money laundering training needed

MLR 2017 is not prescriptive on when training must be provided or how frequently. You should establish when training is given to new starters and how learning is reviewed and updated. This may include any updates to the legislation, staff changing roles, new products or services, or any changes to the business바카라 사이트™s risk assessment, policies, controls or procedures.

It is for the business to determine how often staff and agents are trained and what measures are appropriate.Ìý The business, is required by regulation 24(3) MLR 2017, to take into account the following factors:

  • The nature of its business.
  • Its size.
  • The nature and extent of the risks of ML/TF/PF which it is subject to.

It may also take into account any guidance which has been issued by HMRC and approved by HM Treasury.

You should question the business on how it has determined this and what it took into account when deciding on the frequency of the training it provided. Consider whether this is appropriate. For example, this will look different in a money service business (MSB) who is a sole trader as opposed to a principal with an agent network.

For more information, refer to Part I, Chapter 7 of theÌý.

Testing the anti-money laundering training

To test whether the training provided is sufficient to meet the requirement of regulation 24 MLR 2017, you should consider the following:

  • Consider whether there have been breaches of other regulations e.g. failure to identify the risk or to undertake customer due diligence when required.Ìý
  • Ask the business to explain how breaches occurred if training has been provided.
  • View training material used - maybe online Is the training "one size fits all" or tailored to specific roles?
  • Establish how often training given/refreshed. Is there a training log showing who has completed training and when?
  • Do staff sign anything to confirm their understanding of their obligations?
  • Is there a planned training schedule?
  • How are new members of staff treated?
  • Is there a minimum level of training before they are operational?
  • If training given by external body/third party obtain information of how and when.
  • View certificates and/or online record. Talk to relevant staff or agents who actually deal with customers e.g. sales staff or members of compliance team and ask them what they know about ML/TF/PF.
  • View training logs and personnel files as appropriate.

As part of your planning and preparation for your compliance intervention, when undertaking yourÌýinitial review, you should review the description of the training undertaken by the beneficial owners, officers and managers (BOOMs) of the business in the application form onÌýETMP.

You may ask to see training records during a compliance intervention or to help you determine a business바카라 사이트™s application to register for anti-money laundering supervision 바카라 사이트“ seeÌýECSH45815 The fit and proper test 바카라 사이트“ RA and PCP inspection. This is to ensure the business can demonstrate it will comply underÌýÌýMLR 2017.

The records you may ask to see may include but are not limited to:

  • Training certificates.
  • Human Resources (HR) records.
  • A training record/log.
  • Diary or calendar entries.
  • Emails sent to members of staff providing updates or changes to the law.

Remember, it is a requirement ofÌýÌýMLR 2017 that the business must maintain a record in writing of the training it has provided and its contents. MLR 2017 are not prescriptive about the type of record in writing that is kept, and different businesses may record the training inÌýdifferent ways.

If you are requesting training records to be sent to you, you should consider the ways in which information and documents can be sent to you securely - seeÌýECSH33725 Electronic documents and records.

When reviewing the training records you should consider the following:

  • Have all relevant employees completed training? If not, why not? You can check individual names recorded in a training record/log against the list of relevant employees who need to be trained (see above).
  • What date was the initial training completed 바카라 사이트“ was it before accepting relevant activity or being provided with relevant system logins?
  • What training has an individual been provided with since the initial date recorded?
  • Has training been completed following an update to MLR 2017? (you should check the dates of any updates to MLR 2017 against the dates training has been provided).
  • Has training recently been completed, and if so, is this the first-time training has been done or is it part of ongoing training? (consider the duration of the staff member바카라 사이트™s employment in a role which requires AML/CTF/CPF training).

If the training records you are reviewing are incomplete or if you have any further questions following your review, you should discuss this with the business to check your understanding. For example, you may have concerns around the timing of training (such as a new starter undertaking relevant activity before completing their training) or that a relevant member of staff isn바카라 사이트™t shown with the records.

You will also need to review the training material to ensure it is correct, and ask the business questions surrounding this, such as:

  • How does the business check that staff members have understood the training and know how to apply what they have learned?
  • Do staff and agents take any tests as part of the training to check their knowledge? If so, is there a pass mark? What happens if they do not achieve the required pass mark?
  • Is the training proportionate and reasonable in relation to the risks of ML/TF/PF the business is exposed to?

You may want to speak to members of staff to make sure that training has been effective and that they:

  • Understand the law.
  • Can explain what suspicious activity they look out for when carrying out their role.
  • How and when they would report it, and
  • What they would tell the customer if a transaction is delayed or refused.

It is also important to establish which members of staff were concerned in any MLR 2017 breaches you find. For example, you may establish customer due diligence breaches have only occurred in a particular branch, at a particular agent바카라 사이트™s premises, or in transactions accepted by an individual sales representative. Having a full understanding of the training provided and records to confirm this, will help you evidence that a breach occurred due to a lack of training.

Where a member of staff hasn바카라 사이트™t been trained, but also hasn바카라 사이트™t carried out any relevant activity or been concerned in any breaches, you will need to consider how this may impact theÌýoutcomeÌýof your compliance check.

Ìý

Scenario:

A cheque casher holds regular training sessions with its staff, but it hasn바카라 사이트™t kept a record of the dates and topics discussed. You interview a member of staff and they explain how they would recognise a suspicious transaction and how they would handle it. Whilst the measures appear to be effective, the business hasn바카라 사이트™t kept a record of training given to staff.Ìý This is a breach of regulation 24(1)(b) MLR 2017.