All reporting entities are obliged to take the necessary measures to manage and mitigate the ML/FT risks to which they are exposed.
Both the AML-CFT Law and the AML-CFT Decision provide that DNFBPs may utilize a risk-based approach with respect to mitigation of ML/FT risks.
The Elements of an AML/CFT Program is referred to as the three lines of defense.
First line of defense is designing and implementing a system of internal policies, procedures and controls .
Policies:
Clear and simple high-level statements that are uniform across the entire organisation (sets the tone from the top).
Procedures
Translates the AML/CFT policies into an acceptable and workable practice, tasking the stakeholders with their respective responsibilities.
Controls:
The internal technology or tools the DNFBP utilizes to ensure the AML/CFT program is functioning as intended and within predefined parameters.
