2.2 Oversight by boards and senior management (continued) |
« Previous | Next » |
AUSTRAC's AML/CTF program expectations
AUSTRAC expects a reporting entity to develop and maintain logical, comprehensive and systematic methods to address each of the components of Part A and Part B of its AML/CTF program. For example, in an AUSTRAC audit a reporting entity would be expected to demonstrate that the risk-based systems and controls suit its particular business (having regard to its size, nature and complexity) and are consistent with prudent and good practices.
The AML/CTF Act and AML/CTF Rules impose some minimum requirements for the systems and controls that must be in place to address business risks. Reporting entities are best placed to assess the ML/TF risk they may reasonably face in providing a designated service. Risk assessment is discussed in detail in module 4.
Business complexity resulting from organisational change
Increasing productivity and profits is a primary goal of businesses; many entities will actively seek out new opportunities that will not only change their business, but may also change the ML/TF risks that they face. Accordingly senior management may need to reassess how these changes can increase the complexity of their business and alter the risk profiles relating to ML/TF risks.
Generally complexity will increase with:
- a growth in customer numbers or range of customer types
- when entering new markets or increasing the size of the market
- an increase in the number of products or services provided
- the rate of change in any of the above components increases.
Responses to increasing complexity in the business environment may include any or all of the following:
- increases in the size of the business
- greater specialisation and stratification in the structure of the business
- greater specialisation in the knowledge, skills and capabilities of human resources
- changes to policies, systems, processes and procedures.
In a risk-based environment changes in business complexity may lead management to reconsider whether its existing arrangements for its AML/CTF program's governance, management and control systems are adequate.
|