Record keeping is often found to be a problematic area during an AML CFT audit. The lack of record keeping is more common in small and medium sized businesses where communications between staff are informal.
To meet the criteria of record keeping it is recommended you consider the following –
Should a meeting between staff be held where AML CFT compliance is discussed, ensure there is some type of written record of these discussions. Record the date, the staff who were in attendance and at least bullet points on the topics of discussion.
The AML Compliance Officer and AML Senior Manager(s) should document their reporting.
A training register should be maintained.
The rules that a business applies to detect suspicious activity should be recorded in the programme.
When undertaking account monitoring, record results and determinations made on any red flags.
Subject to section 49, transaction records must be maintained.
Identity records must be securely maintained.
Where documents are obtained in a foreign language, the ability to revert those documents to English must be readily available.
Records are required to be maintained for a period of 5 years, unless there is a legislative reason to maintain those records for a longer period. Your record retention period should be outlined in the programme, including the process of how your business will undertake destruction of records. The processes used should ensure confidentiality and adhere to the principles of the Privacy Act. Account opening records, such as identity verification, should only be destroyed after the record retention period has been exceeded and it commences from the date of the last transaction / activity / instruction on the account.About the author: Kerry Grass is an executive consultant for AML360. AML360 provides regulatory technology and outsourcing services for small and medium sized businesses. Further information: aml360.co.nz