Home Chapter 1 Chapter 2 Chapter 3 Chapter 4 Chapter 5 Chapter 6
Chapter 7 Chapter 8 Chapter 9 Chapter 10 Chapter 11 Chapter 12 Downloads

 

Chapter V                                  

SP1                 The senior management of a firm is responsible for ensuring that the systems of control operated in the firm appropriately address the requirements of both the legislation and these guidance Notes.  

             5          Senior Management’s Responsibilities and the role of the MLRO

Section 10Q of the CJA imposes a requirement on every relevant financial business under legislation to maintain policies and procedures to prevent money laundering.  Section 20B then supplements this requirement by apportioning the responsibility amongst directors, managers, company secretary or other officers, members or partners if such failings can be attributable to the neglect of such persons.   For the purposes of these Notes such persons are known collectively as “senior management”

These Notes carry these requirements forward throughout and the FSC will be ensuring that firm’s senior management are held accountable for any failings in the systems of control required to be implemented by the legislation or these Notes.   

      5.1          Accountability for systems of control to prevent and report money laundering or the financing of terrorism

            R2          Senior management of firms must ensure that the following processes have been adopted;

a.       The allocation to a director or senior manager overall responsibility for the establishment and maintenance of effective AML and CFT systems of control and the appointment of a person with adequate seniority and experience as Money Laundering Reporting Officer (MLRO);

b.      That appropriate training on money laundering is identified, designed, delivered and maintained to ensure that employees are aware of, and understand;

1.       their legal and regulatory responsibilities and obligations;

2.       their role in handling criminal property and terrorist financing;

3.       the management of the money laundering and terrorist financing risk;

4.       how to recognise money laundering and terrorist financing transactions or activities; and

5.       the firm’s processes for making internal suspicious transaction reports.

c.       That regular and timely information is made available to senior management relevant to the management of the firm’s money laundering and terrorist financing risks;

d.      That the firm’s risk management policies and methodology are appropriately documented including the firm’s application of those policies and methodologies; and

e.       That appropriate measures to ensure that money laundering risk is taken into account in the day-to-day operation of the firm, including in relation to:

1.       the development of new products;

2.       the taking-on of new customers; and

3.       changes in the firm’s business profile.

f.        Senior management of the firm must ensure that the MLRO has sufficient resources available to him, including appropriate staff and technology[6]. This should include arrangements to apply in his temporary absence.

Many firms outsource some of their systems and controls and/or processing outside of Gibraltar.  It is important that outsourcing does not result in reduced standards or requirements being applied.

Firms cannot contract out of their regulatory responsibilities, and therefore remain responsible for systems of control in relation to the activities outsourced.

In all instances of outsourcing it is the delegating firm that bears the ultimate responsibility for the duties undertaken in its name. This will include the requirement to ensure that the provider of the outsourced services has in place satisfactory AML/CFT systems, controls and procedures, and that those policies and procedures are kept up to date to reflect changes in requirements of Gibraltar legislation and these Notes.

      5.2          Appointment and role of the Money Laundering Reporting Officer

The overall responsibility for money laundering prevention lies with senior management and controllers of a firm.

            R3          The MLRO is responsible for the oversight of the firm’s anti-money laundering activities and is the key person in the implementation of the anti-money laundering strategy of the firm.

            R4          The MLRO needs to be senior, to be free to act on his own authority and to be informed of any relevant knowledge or suspicion in the firm. 

!        The type of person appointed as Money Laundering Reporting Officer will vary according to the size of the firm and the nature of its business, but he should be sufficiently senior to command the necessary authority but not, generally, be a member of senior management themselves.  Larger firms may choose to appoint a senior member of their compliance, internal audit or fraud departments.  In smaller firms it may be appropriate to designate the Operations Manager. 

When several subsidiaries operate closely together within a group, there is much to be said for designating a single Money Laundering Reporting Officer at group level.  The MLRO shall be an employee of the firm whether as part of its governing body, management or staff and be primarily based in Gibraltar

            R5          The MLRO will act as the “appropriate person” required to be appointed under Section 18 to receive and process internal and external suspicious transaction reports. 

            R6          The MLRO will act as a central point of contact with the law enforcement agencies in order to handle the reported suspicions of their staff regarding money laundering.

            R7          It is not appropriate, in the case of multinational firms or branches operating in Gibraltar (and for the purposes of the Crime (Money Laundering and Proceeds) Act) for the MLRO to be located outside Gibraltar.

!        Where a firm has branches or offices in other jurisdictions, the functions of the MLRO may be delegated to other persons within those branches or offices. Where such functions are delegated, the FSC will expect the MLRO to take ultimate responsibility for ensuring that the requirements of the Notes are applied to those operations.     See 5.4 below for more information.

 5.2.1          Roles of the MLRO

Section 18 imposes on the Reporting Officer a significant degree of responsibility.  He is required "to determine" whether the information or other matters contained in the transaction report he has received gives rise to knowledge or suspicion that a customer is engaged in money laundering. 

!        The MLRO must take steps to validate the suspicion in order to judge whether or not a report should be submitted to GFIU.  In making this judgement, he must consider all other relevant information available to him concerning the transaction or applicant to whom the report relates.  This may require a review of other transaction patterns or business in the same name, the length of the business relationship and referral to identification records held.  If after the review, he decides that there are no facts that would negate the suspicion, then he must disclose the information to GFIU.  The MLRO also needs to pass onto GFIU issues which he/she thinks appropriate and can be expected to liaise with GFIU on any questions of whether to proceed with a transaction in the circumstances.

            R8          Section 18(c) requires that the Money Laundering Reporting Officer has reasonable access to information that will enable him to undertake his responsibility.  In addition, the reference in Section 18(b) to "determination" implies a process with some formality.  It is important therefore that the Money Laundering Reporting Officer keep a written record of every matter reported to him, of whether or not the suggestion was negated or reported, and of his reasons for his decision.

The Reporting Officer will be expected to act honestly and reasonably and to make his determinations in good faith.  Provided the Reporting Officer or an authorised deputy acts in good faith in deciding not to pass on any suspicions report, there will be no liability for non-reporting if the judgement is later found to be wrong.

!        Care should be taken to guard against a report being submitted as a matter of routine to GFIU without undertaking reasonable internal enquiries to determine that all available information has been taken into account

      5.3          Reporting by the MLRO to Senior Management

!        An MLRO will support and co-ordinate senior management focus on managing the money laundering/terrorist financing risk in individual business areas. He will also help ensure that the firm’s wider responsibility for forestalling and preventing money laundering/terrorist financing is addressed centrally, allowing a firm-wide view to be taken of the need for monitoring and accountability.

            R9          A firm is required to carry out regular assessments of the adequacy of its systems and controls to ensure that they manage the money laundering/terrorist financing risk effectively. Oversight of the implementation of the firm’s AML/CFT policies and procedures, including the operation of the risk-based approach, is the responsibility of the MLRO, under delegation from senior management. He must therefore ensure that appropriate monitoring processes and procedures across the firm are established and maintained.

        R10          At least annually the senior management of a firm, with five or more full-time employees, must commission a report from its MLRO which assesses the operation and effectiveness of the firm’s systems of control in relation to managing money laundering/terrorist financing risk.  The report must include;

a.       The numbers and types of internal suspicious transaction reports that have been made internally and the number of, and reasons why,  these that have or have not been passed onto GFIU;

b.      bringing to the attention of senior management areas where the operation of AML/CFT controls should be improved, and proposals for making appropriate improvements;

c.       the progress of any significant remediation programmes; and

d.      the outcome of any relevant quality assurance or internal audit reviews of the firm’s AML/CFT processes, as well as the outcome of any review of the firm’s risk assessment procedures

!        Appendix X contains the format and style of the MLRO’s Annual Report.

In practice, senior management should determine the depth and frequency of information they feel necessary to discharge their responsibilities. The MLRO may also wish to report to senior management more frequently than annually, as circumstances dictate.

        R11          The firm’s senior management must consider the MLRO’s annual report, and take any necessary action to remedy deficiencies identified in it, in a timely manner.

      5.4          Applicability of systems of control to overseas branches, subsidiaries or outsourcing of functions

Gibraltar is concerned with money laundering which takes place in Gibraltar and does not seek to apply its money laundering legislation extra-territorially (i.e. within other countries). 

        R12          Where a Gibraltar firm has overseas branches, subsidiaries or, associates where control can be exercised, it is required that a group policy be established to the effect that all overseas branches and subsidiaries must ensure that its anti-money laundering strategies, internal controls, procedures and processes are undertaken at least to the standards required under Gibraltar law and Notes  or, if the standards in the host country are more rigorous, to those higher standards. 

        R13          Reporting procedures and the offences to which the money laundering legislation in the host country relates must nevertheless be adhered to in accordance with local laws and procedures.  Where local laws prohibit the application of Gibraltar equivalent practices, or higher standards, the firm must inform the FSC of this.  Where meeting local requirements would result in a lower standard than in Gibraltar, this should be resolved in favour of Gibraltar.

Where suspicions of money laundering in overseas operations of a firm arise, these must be reported within the jurisdiction where this arose and the records of the related transactions are held, there may also be a requirement for a report to be made to GFIU.

        R14          Where operational activities are undertaken by staff in other jurisdictions (for example, overseas call centres), those staff must be subject to the AML/CFT policies and procedures that are applicable to Gibraltar-based staff, and internal reporting procedures implemented to ensure that all suspicions relating to Gibraltar-related accounts, transactions or activities are reported to the nominated officer in Gibraltar. Service level agreements will need to cover the reporting of management information on money laundering prevention, and information on training, to the MLRO in Gibraltar.

In some circumstances, the outsourcing of functions can actually lead to increased risk - for example, outsourcing to businesses in jurisdictions with less stringent AML/CFT requirements than in Gibraltar.

        R15          All firms that outsource functions and activities should therefore assess any possible AML/CFT risk associated with the outsourced functions, record the assessment and monitor the risk on an ongoing basis.



[6] Section 18(c) of the CJA