Malta: Business Decisions That Undermine The Compliance Culture – Part 4

When leading a financial services entity, in particular within the company service provision, one needs to be aware of the consequences of business decisions that could undermine the entity's business policies, systems and the overall compliance culture. In this 5-part series of articles, I will analyse 5 business decisions, through the legislative references such decisions could fall foul of, the impact on the organisation these decisions could have, and attempt to suggest a course of action. 

Revision of entity and role-specific AML training

Due to rising costs, business leaders could be tempted to abandon role-specific training by reducing access to external short-courses or terminating the sponsoring of academic qualifications in AML/Compliance, to be replaced by short or generic on-going company-wide courses, possibly on-line for further cost cutting.

Legislative/Competent Authorities' references

'Every subject person is required to take appropriate and proportionate measures from time to time to:

• ensure employees are aware of AML/CFT legislation and the firm's policies and procedures;
• provide training in relation to the recognition and handling of operations and transactions.'¹

'It should also be noted that awareness and training should be provided to employees and other company officials, whose duties include the handling of relevant activity irrespective of their level of seniority. This includes:

• directors;
• senior management;
• MLRO;
• compliance staff;
• all other staff involved in the activities of the firm.'²

Main Impact

By replacing in-depth and role-specific training with undifferentiated training for all staff, including the AML team, an entity could risk being in breach of the PMLFTR, if such training is deemed to be neither appropriate nor proportionate to the specific needs of the 3 lines of defence. This will be uncovered during the authorities' frequent inspections when going through the training logs. Such a breach may potentially constitute a fine that both the firm and officers alike, including the MLRO, may be liable to.

Aside from breaches and possible fines, a short one-size-fits-all online training course may also send a negative signal that AML is not a priority and may actually increase the firm's exposure to ML/FT risk, as a result of insufficiently emphasising the risks identified within a well laid-out business risk assessment. Consequently, senior management and more crucially the 1^st line of defence staff will not be sufficiently aware or equipped to recognise a variety of suspicious transactions, which may be related to proceeds of criminal activity, ML/FT.³

A short course will definitely not address all of a firm's voluminous policies and procedures, nor the correct way to escalate STRs nor the repercussions of failing to recognize suspicious transactions nor onboard unsuited clients.

Should a Board opt for short courses delivered via remote means, the MLRO will miss on the valuable opportunity to meet and introduce himself to all the members of staff making up the 1^st line of defence and senior management in person. On the other hand, such an opportunity for a face-to-face meeting would allow them to identify the firm's MLRO, allowing them to gain confidence in case they may need to seek direct access and escalate suspicious transactions to him.

Delivering the same generic online course to the members of the 2^nd line defence would be counter effective, as they would certainly be familiar with its contents. The firm therefore, risks alienating this team, stunting their professional growth and may eventually push them to seek alternative employment.

Course of action

One would highly recommend that any Board abandons this short course training process. Instead, the board should work together with the MLRO to:

1. Re-introduce in depth, role-specific training courses for the 1^st line of defence and senior management and ensure that:
   • It is updated to foster a stronger compliance culture;
   • It is tailored to the firm's AML policies and procedures and all relevant legislation;
   • The AML team coordinates the content and delivery of this course, with the involvement of the MLRO, for him to be given the required exposure to staff as mentioned earlier;
   • The successful attendance/completion of this course forms part of staffs' KPIs;
   • Senior management participate in the course, 'to be seen' by all staff, amplifying its importance;
   • Other forms of training such as use of newsletters are also introduced to share AML updates as they develop.

2. Provide relevant initiatives for the 2^nd line of defence staff, such as:
   • Encouraging them to subscribe to the numerous courses offered by the competent authorities;
   • Allocate an annual budget for AML staff to continue their professional education;
   • Encourage AML staff to write news items, articles on AML topics to raise their profile and subsequently the firm's.

3. Move towards a strong firm-wide Compliance culture by
   • Ensuring Board members are present during AML training;
   • Considering the introduction of competence training, although this is not referred to in Maltese legislation. This could be an opportunity for the Board to demonstrate it is serious about putting in place a compliance culture and introduce this over and above the current obligations. This will also give the MLRO visibility on weaknesses within the firm.

Footnotes

1. PMLFTR 5(5)(b)

2. FIAU, Implementing Procedures, Page 237-238 & PMLFTR 5(7).

3. PMLFTR 5(e)

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.