1. No category

anti-money laundering policies

ANTI-MONEY LAUNDERING POLICIES
Approved by the Board of Directors on 28.4.2015
(first update)
TABLE OF CONTENTS
1 INTRODUCTION AND PURPOSE OF THE DOCUMENT
3
2 INTRODUCTION AND GENERAL PRINCIPLES
4
2.1 The risk of money laundering and terrorism financing
4
2.2 The main obligations provided by the regulations to combat money laundering and the financing of terrorism
5
2.3 The general principles of the money laundering and terrorism financing risk management model
6
3 ORGANISATIONAL SAFEGUARD MEASURES AGAINST THE RISK OF MONEY LAUNDERING AND
TERRORISM FINANCING
10
4 RISK-BASED APPROACH
16
4.1 Handling of the money laundering risk
16
4.2 Customer profiling
16
2
1
Introduction and purpose of the document
The aim of this document (hereinafter also referred to as the “Policy”) is to establish the policies of Banco di Desio e
della Brianza (hereinafter also referred to as the “Bank”) to manage the risks of money laundering and terrorism
1
financing, in compliance with the provisions of Italian law and with the provisions of the Measure issued by the Bank
2
of Italy in March 2011 relating to the organisation, procedures and internal controls (hereinafter also referred to as
the “Measure”) that banking and financial intermediaries, including this Bank, must comply with.
In line with this national regulatory requirement, this Policy establishes:
a)
general principles of the risk and strategic policy management model;
b)
responsibilities and duties of the company bodies and the corporate departments;
c)
operating procedures in managing the risk of money laundering and terrorism financing.
This Policy establishes the minimum standards that managers, executives and employees (together the “employees”)
must comply with when doing their jobs.
More specifically, it aims to:
•
hold the employees and external staff to account;
•
clearly define the roles, duties and responsibilities at the various levels;
•
give the duty of supervising the commitment to preventing and managing the risks in question to a specific
company department;
•
establish a control function structure with coordinated components, including through suitable flows of
information (established in the Group Information Flow Regulation), and that is also consistent with the
organisation of the system, the complexity, the company size, the type of services and products available and the
extent of the risk that could be associated with the types of customers;
•
establish a control system that aims to ensure compliance with internal procedures and all regulatory obligations
by staff and external staff, with special regard to the “active collaboration” and continued analysis of customer
dealings.
In accordance with the above-mentioned Measure issued by the Bank of Italy, the Policy must be approved by the
Board of Directors and will be constantly updated by the applicable departments and made available to the
employees through publication on the company Intranet.
The Policy is one of the controls provided in accordance with the Company Organisational model adopted by the Bank
in accordance with Legislative Decree 231/2001
1
2
The main legislative references in relation to combating money laundering and terrorism financing are Legislative Decree no. 231 of 2007
and Legislative Decree no. 109 of 2007.
See “Measure containing implementing provisions regarding the organisation, procedures and internal controls aimed at preventing the
use of intermediaries and other parties who carry out financial activities for money laundering and terrorism financing purposes” (Bank
of Italy, 10 March 2011).
3
2
Introduction and general principles
2.1 The risk of money laundering and terrorism financing
The laundering of money derived from unlawful actions is one of the most serious crimes on the financial market. The
reinvestment of unlawful proceeds into legitimate assets profoundly changes market mechanisms, invalidates the
efficiency and fairness of the financial assets and weakens the economic system. The risk of money laundering or
financing terrorism in financial institutions is expressed in the form of involvement in these situations, including
involuntary; in that context, the crime of money laundering introduced into the law with Law 186 of 15 December
2014 is particularly significant.
The law defines money laundering as any activity aimed at using the proceeds of criminal activity with the intention of
3
concealing or disguising the origin .
Implementation of the EU directive meant a move away from the provisions of the Criminal Code with respect to
money laundering: Legislative Decree 231 of 2007 (hereinafter also referred to as “Legislative Decree 231/2007”)
provides that all intermediaries (including the Bank) have to report any suspicious transactions involving money
laundering even though it is the customer who is suspected of having committed the assumed crime (so-called “self
4
laundering”). This regulation recently introduced the crime of Self-laundering into the Criminal Code (Art. 648-ter.1) .
The Bank has also adopted an approach in line with the GAFI recommendations, which include “tax crimes” (related to
5
direct and indirect taxes) among the predicate offences .
6
On the other hand, terrorism financing is defined as “any activity aimed, by any means, at gathering, supplying,
brokering, depositing, safekeeping or providing funds or financial resources, in any manner, aimed at being, in whole
or in part, used to carry out one or more crimes for terrorism purposes, or in any case aimed at aiding the performance
3
In accordance with article 2, paragraph I, Legislative Decree 231/2007, the following actions constitute money laundering if committed
intentionally:
a) the conversion or transfer of goods, carried out with the awareness that they originated from criminal activity or participation in
criminal activity, in order to conceal or disguise the unlawful origin of the goods or to help anyone who may be involved in those
activities to evade the legal consequences of their actions;
b) the concealment or disguising of the real nature, origin, location, provision, movement, ownership of the goods or the rights to
them, made with the awareness that said goods originated from a criminal activity or from participation in this type of activity;
c) the acquisition, holding or use of goods with the awareness, at the time of receipt, that said goods come from a criminal activity or
participation in this type of activity;
d) participation in one of the offences set out under the previous letters, conspiracy to commit this type of offence, the attempt to
commit it, aiding, abetting, facilitating or counselling anyone to commit it.
4
Art 648-ter.1 – (Self-laundering)
“A sentence of imprisonment from two to eight years and a fine of Euro 5,000 to Euro 25,000 will be imposed on anyone who, having
committed or helped perpetrate a crime committed with criminal intent, uses, replaces, or transfers the money, assets or other benefits
derived from the commission of said crime into economic, financial, entrepreneurial or speculative assets in order to actually prevent
identification of the criminal origin”.
A sentence of imprisonment from one to four years and the penalty of Euro 2,500 to Euro 12,500 will be imposed if the money, assets or
other benefits originate from a crime committed with criminal intent, punishable with imprisonment of less than the maximum of five
years.
In any case, the sanctions provided under the first paragraph will be imposed if the money, assets or other benefits originate from a crime
committed with the conditions or purposes set out under article 7 of law decree 152 of 13 May 1991, converted, with amendments, by
law 203 of 12 July 1991 as amended.
Apart from the cases set out in the previous paragraphs, actions where the money, assets or other benefits are to be merely utilised or for
personal enjoyment are not subject to sanction.
The penalty will be increased if the actions are committed during exercise of a banking or financial activity or any other professional
activity. The sanction will be reduced by up to a half if anyone has effectively acted to prevent the conduct from leading to further
consequences or to guarantee evidence of the offense or identification of the assets, money or other benefits resulting from the crime.”
5
6
See GAFI recommendations of February 2012 (International Standards on Combating Money Laundering and the Financing of Terrorism
& Proliferation – The FAFT Recommendations).
Art. 1 paragraph I, letter a) Legislative Decree 109/2007.
4
of one or more crimes for terrorism purposes as provided under the criminal code, and regardless of the actual use of
7
the funds or financial resources to commit the aforementioned crimes” .
Both the money laundering and the financing of terrorism involve the handling di cash flows. However, both activities
have different ends: essentially, money laundering is an activity aimed at transferring or transforming proceeds which
originated from unlawful activities into lawful resources with the consequent loss of the criminal origin of the money
flow (the aim pursued is to disguise or conceal the origin of the money that was transferred); on the other hand, the
financing of terrorism aims to allocate the money towards a specific unlawful activity.
In this area, the role that the financial intermediaries carry out - and they may even be unaware that they are doing it
- is highly sensitive due to the type of services offered. Criminal proceeds could be made pass through the legitimate
channels of the services offered by financial institutions, who would be offering “money laundering services” in that
situation. In order to limit the actual use of the financial intermediaries in relation to these activities, the law has
imposed specific obligations on banks to manage the risk of money laundering and terrorism financing.
8
In the classification of risks defined by the prudential regulations , money laundering and terrorism financing risks
mainly fall under legal and reputational type risks. The Banco Desio Group adopted a specific “company risk
management policy” to monitor said risk; more specifically the “Policy for managing operational risks” and the “Policy
for managing reputational risks”.
There are a number of different aspects to the risk of money laundering:
•
risk of recurrence of the crime of money laundering by third parties who use the intermediary and the
financial system for criminal purposes;
•
risk of recurrence of the crime of money laundering and self-laundering by third parties and collaborating,
disloyal employees (wilful nonfeasance in the failure to report the transaction that proved to be suspicious);
•
risk of inadequacy of the organisational model, internal procedures and the control system;
•
risk of malfunction of the computer procedures, or inadequacy of the technological infrastructure.
The risk of money laundering and financing terrorism exposes the intermediary to significant harm to reputation.
2.2 The main obligations provided by the regulations to combat money laundering and the
financing of terrorism
In accordance with the provisions of titles II and III of Legislative Decree 231/2007, the Bank must comply with specific
requirements relating to:
•
customer due diligence in order to correctly identify the “money laundering risk” and therefore evaluate
whether to go ahead with the transaction or not and/or opening/maintain the customer accounts. The
financial intermediaries will comply with these obligations in the following cases:
a)
b)
7
8
when an account is being opened;
when it is carrying out occasional transactions, ordered by customers which involve the sending or
movement of payment means for amounts equal to or higher than Euro 5,000, regardless of whether
In accordance with article 1, paragraph I, letter c), Legislative Decree 109/2007, funds mean financial assets and benefits of any nature,
including but not limited to:
a) cash, cheques, monetary claims, bills of exchange, payment orders and other payment instruments;
b) deposits at financial entities or other parties, account balances, receivables and obligations of any nature;
c) transferable securities at public or private level and financial instruments as defined by the Consolidated Finance Act;
d) the interest, dividends or other income and value increases generated by the assets;
e) the credit, right of set off, guarantees of any types, deposits and other financial commitments;
f) letters of credit, bills of lading and other certificates representing goods;
g) documents proving an equity interest in funds or financial resources;
h) all other export finance instruments.
See Circular by the Bank of Italy no. 263/2006.
5
c)
d)
they are carried out as a single transaction or as more than one transaction with the transactions
appearing to be related to carry out a transaction that is split into parts;
when there is a suspicion of money laundering or terrorism;
when there are doubts regarding the truthfulness or adequacy of the data obtained previously to
identify the customer.
Effectively, it involves a more extended duty of customer due diligence, to be carried out by acquiring
information on the customer, the beneficial owner of the account and the nature and scope of the business
relations that involve continuous monitoring of the customer’s transactions. The ability to assess the risk level
to make the behaviour and organisational solutions requested on each occasion more flexible, implying
greater independence and responsibility and means that appropriate procedures, instruments and controls
have to be employed, with the validity and effectiveness subject to control by the Supervisory authorities;
•
the establishment and registration in the Central Computer Archive of the information that the
intermediaries acquire to comply with the obligations to trace the transactions and the accounts, and any
further information required to ensure that the due diligence has been performed for the customer. The
Bank will promptly record this information, and in any case, no later than the thirtieth day following
completion of the transaction;
•
sending reports on any suspicious transactions to the Financial Information Unit when the intermediaries
“suspect or have reasonable grounds for suspecting that there are money laundering or terrorism financing
9
activities being carried out, or that were carried out or that are being attempted” ;
•
sending the aggregate information flows to the Financial Information Unit every month so that targeted
analyses can be made if any money laundering or terrorism financing activity emerges in specific geographical
regions;
•
adoption of measures aimed at ensuring the confidentiality of the identity of the parties that make the
report;
•
prohibition on transferring money and bearer securities between private parties for amounts that exceed
the limits established by Italian law and the obligation to report any breaches to the Ministry for Economy
and Finance;
•
training obligations, that the Bank will guarantee to all company levels, through adequate education aimed
at teaching the obligations and the significance of the Anti-Money Laundering procedures.
2.3 The general principles of the money laundering and terrorism financing risk management
model
In order to ensure correct compliance with the requirements to combat money laundering and the financing of
terrorism, the Bank:
•
has adopted processes, instruments and controls to ensure full compliance with the principles contained in
this Policy;
•
ensures adequate, complete and timely information flows to and from the company bodies, upper
management and the control and operating structures;
•
ensures training and instruction programs to keep employees fully up-to-date;
•
has adopted a 231 Organisational model, implementing the provisions of Legislative Decree no. 231 of 2001,
to identify possible areas where the commission of the presumed offences could be imagined in relation to
9
Art. 41, paragraph 1, Legislative Decree 231/2007.
6
the activity carried out, including terrorism-related offences or subversion of democracy (pursuant to article
25-quater Legislative Decree 231/2001) or the offences of receiving stolen goods, money laundering, use of
money, goods or benefits of unlawful origin or self-laundering (pursuant to article 25-octies Legislative
Decree 231/2001). To this end, we refer in full to the prohibitions and warnings provided under the Code of
Ethics regarding relations with parties with whom there is a reasonable suspicion that they could be involved
in unlawful activities.
In the exercise of its activities, the Bank has reconfirmed its business focus on retail customers and the small and
medium enterprises in the territory.
Considering that policy and the current Italian and EU regulations, the Bank:
10
•
will refuse to open accounts with parties for whom a due diligence has not been completed . Therefore, the
Bank will have to acquire updated information on its customers, at intervals that will be established on the
11
basis of the various risk profiles .
•
fully implements all regulatory requirements in relation to identification of the beneficial owner; more
specifically, in relation to companies, the beneficial owner is considered to be the natural person or natural
persons who ultimately hold or control the legal entity. This requirement will be satisfied if it is possible to
identify a party who holds a percentage stake in the share capital of 25 per cent plus one. In the identification
of the Beneficial Owner, the Bank will also apply the other criteria contained in the technical attachment to
Legislative Decree 231/07 and the Bank of Italy Measure regarding due diligence;
•
will adopt all the measures necessary to determine and check the real identity of the customer and any
Beneficial Owners. More specifically, if it was not possible to identify the beneficial owner with certainty (for
example a company with a complex, opaque chain of control or a company that cannot be justified due to its
corporate purpose), the Bank will not allow any accounts to be opened/carry out any transactions;
•
if there are customers with company structures held through trust companies, will get a specific statement
from the trustee regarding the identity of the Beneficial Owner. So-called “omnibus” accounts may not be
opened either, held in the name of trust companies and/or financial intermediaries. Any exceptions must be
submitted to the General Manager for authorisation.
•
no accounts will be opened with natural persons if the customer claims that the beneficial owner is a third
party;
•
will provide for specific internal authorisation processes in accordance with the customer risk profile: the
authorisation by the Branch Manager will be required in relation to opening accounts with parties having
12
“medium” risk profiles ; if the customer has a “high” risk profile, the Bank authorisation procedure will
require authorisation from the Anti-Money Laundering Office;
•
will apply enhanced due diligence measures regardless of the risk profile given by the computer procedures
in the cases provided under Legislative Decree 231/2007 and the Bank of Italy Measure regarding customer
due diligence, i.e.
a)
customers that are not present for tax purposes (operating remotely);
10 Legislative Decree 169/2012 introduced the new paragraph 1-Bis to article 23, Legislative Decree 231/2007 which establishes that “If it is
not possible to comply with the due diligence obligations relating to accounts which have already been opened, or ongoing transactions or
professional services, the entities or persons subject to this decree will return the funds, instruments or other financial resources owed to
the customer, paying the relative amount by bank transfer to a bank current account indicated by the customer. The transfer of funds will
be accompanied by a message that indicates to the bank counterparty that the amounts have been repaid to the customer since it was
impossible to comply with the customer due diligence obligations established by article 18, paragraph 1”. With circular DT 57889 of
30/7/2013, the Ministry for Economy and Finance provided further clarification on the area of application of the provision and on how it
could be implemented.
11 See Table 1.
12 Please refer to the following paragraph for a more detailed analysis of the risk classes: § 4.2.
7
b)
people who have or had important political positions (known as politically exposed persons - PEP),
including at a national level. With regard to politically exposed persons, the Bank has adopted a broad
interpretation and includes politicians who have held positions in Regional Administrative Bodies in its
definition of PEP (members of Regional Administrations and Councils). The check on whether customers
belong to the aforementioned categories is guaranteed using procedures that use specific lists made
available and updated by external info providers;
c)
correspondent accounts with corresponding entities in non-EU countries;
d)
where there are cash or security deposits made from other countries;
e)
if a report on a suspicious transaction is sent to the Financial Information Unit;
f)
in relation to using products, transactions or technology that could increase the risk of money
laundering and/or the financing of terrorism (for example favouring anonymity);
g)
when dealing with high value banknotes;
these enhanced measures are also applied in the following cases:
h)
accounts that relate to political parties;
i)
accounts open to non-residents with specific regard to those relating to parties resident in “tax haven”
13
14
countries and parties who are citizens of countries considered to be “non cooperative” ;
j)
transactions carried out by customers with counterparties who are in “non whitelist” countries (known
as tax havens or included on the GAFI black lists);
k)
parties involved in criminal investigations or proceedings on the basis of records processed by the
database used to manage investigations by the public prosecution service reported to the Bank;
l)
customers that belong to the “High” risk bracket pursuant to the profiling carried out through the
applications in use;
m)
activities and operations considered to be at greater risk of money laundering or any other situation
where the type of customer/transaction represents a higher risk compared to the ordinary risk
regardless of the risk rating given by the procedures;
•
will not enter into any relations, open any accounts or carry out transactions with shell banks who do not
have a tax presence in the country where they are incorporated and authorised to exercise their businesses;
•
will not open accounts/carry out transactions with:
15
a)
parties on the Italian or international black lists (UN, OFAC, EU) ;
b)
names that act in their capacity as electoral agents to gather funds to be used to finance electoral
16
campaigns ;
c)
parties that produce arms, ammunition or weapons of mass destruction as mentioned in the specific list
17
uploaded on the computer application ;
13 See Ministerial Decree of 4.5.1999.
14 As identified on an international basis by GAFI – see http://www.fatf-gafi.org/topics/high-riskandnon-cooperativejurisdictions/
15 These lists are constantly updated by World Check.
16 See Law 515 of 10 December 1993
17 This list will be updated on a regular basis.
8
18
d)
casinos and gambling houses ;
e)
money transfer entities ;
f)
credit recovery agencies ;
g)
“cash for gold” ;
h)
parties who operate in the virtual currency sector .
19
20
21
22
Adequate governance of money laundering and terrorism financing risk management is also guaranteed by the
following controls:
23
•
the identification and appointment of the Company Anti-Money Laundering Manager ;
•
distribution of this Policy to all the Bank departments so they can become fully informed about the antimoney laundering and terrorism financing risk management model established in accordance with applicable
Italian and international laws and best practice in the sector;
•
adoption of a similar policy by all the subsidiaries.
18
19
20
21
22
See Legislative Decree 231/2007, article 14, paragraph 1 letter d).
See Legislative Decree 231/2007, article 14, paragraph 1 letter a).
See article 115 TULPS (Consolidated Act on Public Security).
See Law 7/2000.
See February 2015 - Financial Information Unit Communication «Anomalous use of Virtual Currency» and the Bank of Italy « Virtual
Currency - Communications to the system».
23 See § 3 “Organisational safeguard measures against the risk of money laundering and terrorism financing”.
9
3
Organisational safeguard measures against the risk of money laundering and
terrorism financing
24
In accordance with the provisions of prevailing law , the Bank established a department - called the Anti-Money
Laundering Office - which will supervise its commitment to prevent and manage the risk of involvement in anti-money
laundering events.
The entire company structure will also have to be involved to effectively monitor the risks in question: to this end,
priority is given to the role carried out by the company bodies and their assigned duties which will have to be properly
fulfilled in order to lower the risk.
In accordance with those principles, the organisational structure attributes the clearly defined roles and
responsibilities for the following parties:
•
Board of Directors
•
Control and Risk Committee
•
Chief Executive Officer
•
General Manager
•
Board of Statutory Auditors, also in its capacity as Supervisory Board in accordance with Legislative Decree
231/2001
•
Anti-Money Laundering Office
•
Suspicious transaction reporting manager
•
Compliance Office
•
Internal Audit Committee
•
Human Resources Department
•
“Operating” offices
•
Anti-Money Laundering contact person in the Organisation and Systems Area
Strategic supervision body
The Board of Directors will monitor the risk management process and by approving this Policy, defines the risk
governance policies related to money laundering and terrorism financing to apply at Group level. In line with the
provisions of the “Management of information flows” and the document “Information flows relating to the company
bodies and internal control departments. Parent Bank Rules and guidelines for interaction with the Subsidiaries”, the
Board of Directors receives the infra-group information flows from the subsidiaries, and aimed to provide information
to the Parent Bank for strategic supervision purposes.
To that end, the anti-money laundering policy establishes a united, coordinated internal control system, aimed at
promptly identifying and managing money laundering risk, and defines a complete and timely information flow system
towards the company bodies, also in order to ensure that the strategic supervisory body is kept informed about any
shortcomings/anomalies encountered.
More specifically, the Board of Directors will be in charge of the following:
•
appointments and terminations, in accordance with the Board of Statutory Auditors and the Anti-Money
Laundering Department Manager (hereinafter the “Anti-Money Laundering Manager”);
24 See “Measure containing implementing provisions regarding the organisation, procedures and internal controls aimed at preventing the
use of intermediaries and other parties who carry out financial activities for money laundering and terrorism financing purposes” (Bank
of Italy, 10 March 2011).
10
•
defining and periodically re-examining, including when there are significant changes made to the business
model, the strategic positions and risk governance policies related to money laundering and terrorism
financing, ensuring the adequacy of the risk management and control system, including through assigning the
applicable bodies or committees the authorisation system and duties;
•
continuously ensuring that the duties and responsibilities relating to anti-money laundering and combating
terrorism financing are allocated clearly and appropriately, ensuring that the operating departments are
separate from the control departments and that the departments have been provided with qualitatively and
quantitatively adequate resources;
•
examining, on an annual basis at least, the reports relating to the activities carried out by the Anti-Money
Laundering Manager;
•
examining, at least on an annual basis, the reports prepared by the applicable departments (i.e. Internal
Audit Committee and Compliance Office).
Bodies with management duties
In his/her capacity as “Director in charge of the risk control and management system”, the Chief Executive Officer:
•
will implement the Bank strategic policies to combat money laundering and terrorism financing, identifying
the company departments to be involved and give them specific responsibilities in accordance with the law
and the applicable authority;
•
will define the information flows that will make all the company departments involved and the bodies in
charge of control functions aware of the risk factors;
•
will be responsible for adopting adequate operating procedures that allow the customers to be correctly
identified, the acquisition and update of information that can help define the risk profile, the identification of
the financial reasons underlying the accounts opened and the transactions carried out, the timely fulfilment
of communication obligations to the authorities provided by law with respect to combating money
laundering and terrorism financing.
The General Manager:
•
will ensure that the procedures needed to fulfil obligations relating to filing the documents and recording the
information in the Central Computer Archive are arranged, including with respect to the computer aspects;
•
will ensure that instruments are adopted, including computer instruments, to identify anomalous
transactions and a suspicious transaction reporting procedure that can guarantee certainty of the references,
standardisation of behaviour, maximum confidentiality and the general application to the entire structure;
•
will adopt protective and/or disciplinary measures with respect to staff, in relation to the failure to comply
with the provisions regarding combating money laundering and terrorism financing;
•
will approve the training and instruction programs for employees and external staff regarding the obligations
resulting from anti-money laundering and international terrorism financing regulations;
•
will authorise the opening/maintenance of named accounts or accounts that can be traced to politically
exposed persons (PEP) and confirm any subsequent loss of PEP status.
Body with control duties
The Board of Statutory Auditors will monitor compliance with the regulations and the completeness, functional
capacity and adequacy of the anti-money laundering controls. In the exercise of its duties, the body with control
duties will enlist the assistance of the Anti-Money Laundering Office and the Internal Audit Committee to carry out the
11
checks and controls necessary and use the information flows from the other company bodies, the Anti-Money
Laundering Manager and the control bodies.
More specifically, the Board of Statutory Auditors, including with the support of the other control departments:
•
will carefully assess the suitability of the procedures in place to carry out the customer due diligence checks,
register and file the information and report suspicious transactions;
•
will encourage, including on the basis of the information flows received, actions to find out more about the
reasons for the shortcomings, anomalies, and irregularities found, and promote the adoption of suitable
corrective measures;
•
will promptly inform the Supervisory Authorities of all the facts and actions that it becomes aware of and that
could constitute a breach of the implementing provisions of Legislative Decree 231/2007;
•
will promptly notify the owner of the business or legal representative or authorised person of any breaches
of the provisions relating to reporting suspicious transactions (article 41 of Legislative Decree 231/2007);
•
will promptly notify the owner of the business or legal representative or authorised person of any breaches
of the provisions relating to the use of cash and bearer securities (articles 49 and 50 of Legislative Decree
231/2007);
•
will notify the Supervisory Authorities of the breaches to the provisions contained in article 36 of Legislative
Decree 231/2007 that it learns of, within 30 days;
•
it will be consulted regarding decisions concerning the appointment of the Anti-Money Laundering Manager
for the company and the definition of the overall organisational elements of the management and control
system against the risk of money laundering and financing terrorism.
In its capacity as the Supervisory Board pursuant to Legislative Decree 231/2001, the Board of Statutory Auditors will
supervise the upkeep of the 231 Organisational model in relation to lending offences and offences relating to the
subversion of democracy (pursuant to article 25-quater Legislative Decree 231/2001) and the crimes of receiving
stolen goods, money laundering, the use of money, goods or benefits from illegal sources and self-laundering
(pursuant to article 25-octies, Legislative Decree 231/2001). In the execution of its duties, the Body receives
information from the company departments and can access all the relevant information without limits, in order to
carry out its duties.
The Control and Risk Committee will act as consultants, make proposals and assist the Board of Directors as it ensures
that the internal control system is functioning properly. To that end, the Committee will report to the Board of
Directors on its activities and the adequacy of the internal control system on a regular basis. Within the scope of
combating money laundering and terrorism financing, the Committee will work in association with the Anti-Money
Laundering Office, and has the right to ask for more specific in-depth investigations to be carried out.
The Compliance Office
With reference to monitoring the risk of money laundering and terrorism financing, the Compliance Office will
constantly assure the Top Management Bodies that the non-compliance risk that the Bank is exposed to is being
managed properly, on the basis of the methods set out under the “Policy to manage Compliance Risk”.
The Anti-Money Laundering Office
The Anti-Money Laundering Office will continuously check that company procedures reflect the aim of preventing and
combating breaches of both external and internal regulations against money laundering and terrorism financing. It
carries out II level controls in order to monitor said risks.
In carrying out its functions, the Anti-Money Laundering Office will pay particular attention to the adequacy of the
systems and internal procedures relating to customer due diligence obligations and registration, in addition to the
12
systems for the identification, assessment and reporting of suspicious transactions. It will also take care of filing the
documentation and records requested by anti-money laundering regulations.
In its assessment of the adequacy of these procedures, the Office will carry out controls, including on a sample basis,
to check their effectiveness and functionality and identify any critical areas.
More specifically, the Anti-Money Laundering Office:
•
will identify the external regulations relating to anti-money laundering and combating terrorism financing;
•
will analyse the impact of prevailing law on Bank operations;
•
will check the suitability of the internal control system and the procedures adopted, and propose any
organisational or procedural changes that may be necessary or advisable to ensure adequate control against
the risks of money laundering and terrorism financing;
•
will check the reliability of the computer system providing information to the Central Computer Archive and
supervise transmission of the aggregate data relating to the monthly registrations to the Financial
Information Unit, meeting any requests by the aforementioned Financial Information Unit;
•
will provide consultation and assistance to the company Bodies, carrying out - when new products and
services are being rolled out - any preventive assessment that it is responsible for;
•
will make proposals to the applicable Organisational Units regarding the solutions to adopt within the scope
of the Policy, from the Consolidated Acts and the procedures to prevent the risk of money laundering and
terrorism financing;
•
will provide the HR department with the guidelines to prepare an adequate training plan, aimed at keeping
employees and external staff continuously up-to-date;
•
will provide the anti-money laundering contact person with the Organisation and Systems Area and the antimoney laundering contact persons outsourced to the Group companies with the operating instructions and
guidelines to carry out their duties properly;
•
will guarantee the functional coordination with the Anti-Money Laundering Departments of the Group
companies that have not outsourced these activities to the Parent Bank.
Finally, in its capacity as the specialised company Anti-Money Laundering supervisor, the Office will interact with the
Authorities set up to combat money laundering and terrorism financing.
The Anti-Money Laundering Office Manager will fall within the category of managers of company control
departments; he/she will report to the Board of Directors.
In order to guarantee adequate information flows with respect to all the company bodies, the Anti-Money Laundering
Office Manager will draw up, on a half-yearly basis, a report on the activities carried out and the critical issues which
emerged, which will be submitted to the Control and Risk Committee, the CEO, the General Manager, the Risk
Management Manager, the Internal Audit Committee Manager, the Compliance Office Manager, the Board of
Directors, the Board of Statutory Auditors, including in its capacity as Supervisory Board pursuant to Legislative Decree
231/01. This document shows the initiatives taken, the malfunctions found, and the relative corrective actions to be
implemented, in addition to the staff training given.
The Anti-Money Laundering Office Manager will also act in the capacity of person authorised to report suspicious
transactions: in this context, he/she will have to assess suspicious transaction reports that come from the operating
units and the Group Companies that authorised those activities, and send the ones considered to be justified to the
Financial Information Unit. He/she will also have the power to report suspicious transactions on his/her own initiative.
When carrying out that function, the Anti-Money Laundering Office Manager will have full access to all the
information necessary to assess the reports. In addition, he/she will deal with the Financial Information Unit,
providing prompt feedback to any requests for further investigation it makes.
13
Finally, considering the particular relevance that said information could have when opening new accounts or assessing
transactions carried out by previously existing customers, the Anti-Money Laundering Office Manager may allow the
names of the customers involved in the suspicious transaction reports to be consulted - even though the use of
suitable databases - by the managers of the various company operating divisions. The protection of confidentiality of
the identity of the first level parties who make the reports must in any case be guaranteed.
With the intention of supporting the Anti-Money Laundering Office in preventing and combating the money
laundering and terrorism financing risks, the Board of Directors gave specific responsibilities to certain figures (Bank
employees) in the other Offices, or seconded to subsidiaries that outsourced the anti-money laundering activities to
the Parent Bank on the basis of a suitable “Service Agreement”.
Specifically:
•
•
the Anti-Money Laundering contact person in the Organisation and Systems Area:
a)
will monitor - with the assistance of the managers of each sector/sub-system giving information to the
Central Computer Archive - the correct function, parameterization and update of the information
systems underlying the requirements regarding the combating of money laundering and terrorist
financing, monitoring the organisational - procedural actions requested/planned for the individual
aspects (functional analyses, testing and production releases, SAL, timeframes, developments in course,
etc.) and ensuring they are entered onto the Organisational Master Plan;
b)
will interact with the computer outsourcers, monitoring - with the support of the managers from each
sector/sub-system giving information to the Central Computer Archive - the procedural releases made
that impact on the anti-money laundering aspects (identifying the sub-systems involved, table
implementations, logical safety, etc.) and informing the Head of the Anti-Money Laundering Office of
any anomalies encountered;
c)
will support - along with the managers of each sector/sub-system providing information to the Central
Computer Archive - the departments in charge of preparing/updating the applicable internal
regulations, in particular with respect to the Anti-Money Laundering operating procedures and related
applications (for example GIANOS, Central Computer Archive, New Branch, General Data Register, etc.).
the outsourced Anti-Money Laundering Contact persons, i.e. people who work with the subsidiaries and
carry out the Anti-Money Laundering office activities and activities described above with respect to the AntiMoney Laundering contact person:
a)
will report any suspicious transactions found to the Anti-Money Laundering Office Manager, subjecting
them to analyses;
b)
will monitor the correct execution of the activities related to the customer due diligence;
c)
will make assessments regarding relationships with customers whose risk profile has risen higher;
d)
will prepare periodic reports on the activities carried out to submit to the Anti-Money Laundering Office.
Internal Audit Committee
The Internal Audit Committee continuously checks the level of adequacy of the company organisational set-up and its
compliance with the matter in question. It monitors the functioning of the entire internal control system to prevent
money laundering and terrorism financing risks.
In accordance with the provisions of the measure - on the basis of its audit plan - it will assess the following through
systemic controls, including inspection type controls:
14
•
constant compliance with due diligence obligations, both when opening accounts and as relationships
develop over time;
•
the actual acquisition and orderly filing of the data and documents provided under the law;
•
the correct operation of the Central Computer Archive;
•
the actual level of involvement of the employees and external staff, in addition to the managers of the
central and external departments in fulfilling their “active collaboration” obligations;
•
periodically, align the various management accounting procedures and those for the providing information to
and managing the Central Computer Archive.
25
The inspections, including both remote and on-site, will be planned to ensure that all Bank areas will be inspected
over an appropriate time period, and the initiatives will be more frequent for the areas with greater exposure to the
risks of money laundering and terrorism financing.
More specifically, the Anti-Money Laundering Office can delegate - through specific service agreements - the on-site
inspections to the Internal Audit Committee in order to avoid duplicating the work, and ensure greater efficiency in
the controls, thanks also to the inspection instruments available to the Committee. The result of this activity will be
reported on a regular basis.
The Internal Audit Committee also carries out follow-up actions in order to ensure that the corrective actions to the
shortcomings and irregularities encountered have been adopted, and ensures that they are suitable to avoid similar
situations in the future. The Committee will report any shortcomings found that could have an impact on monitoring
the actions taken to combat money laundering and terrorism financing to the company bodies and the Anti-Money
Laundering Office Manager.
Other Offices
All the Bank Offices are responsible - in accordance with and within the limits indicated in the internal procedures - for
the due diligence activities, filing, recording the information on the Central Computer Archive and identifying,
assessing and reporting suspicious transactions. The Managers of these units will carry out first level controls aimed at
ensuring compliance by its resources of the internal procedure provisions, including the protocols issued when the
231 Organisational Model was implemented by the Bank.
More specifically, the Resource Committee will take part in monitoring the risks of money laundering and terrorism
financing through the Human Resources Office, who will work with the Anti-Money Laundering Office to prepare and
check the training and instruction programs in order to ensure that staff are kept constantly up to date.
25 With reference to these control activities, the Internal Audit Committee will use a remote analysis systems, based on indicators which
provide summarised scoring of the risk associated with the Bank Branches.
15
4
Risk-based approach
4.1 Handling of the money laundering risk
The legislative and regulatory actions taken over the years changed the approach from rule-based to a new risk-based
approach, which makes application of the aforementioned regulations more flexible, which more closely reflect the
different operating situations. In compliance with the new provisions, the Bank fulfils its “due diligence” obligations by
ensuring that the measures adopted are proportional to the extent of the money laundering or terrorism financing
risks.
The model to assess the money laundering and terrorism financing risk is defined on the basis of the type of customer
and the activities carried out by the Bank. The due diligence obligations are therefore fulfilled by making the
associated risk proportional to the type of customer, “account”, transaction, product or transactions in question.
The customer due diligence obligations involve the following:
a) identifying the customer, any representative, and checking the identity on the basis of documents, data or
information obtained from a reliable, independent source;
b) identifying any “beneficial owner” of the account or the transaction - where so required - and checking the
identity;
c)
obtaining information on the scope and nature of the account or the professional service;
d) constant controls carried out while the account or the professional service are in place.
The customer due diligence obligations apply to all new customers and subject to assessment of the risk, to previously
acquired customers.
The Bank fulfils its customer due diligence obligations in accordance with the following:
a) the identification and checking the identity of the customer, any representative and the beneficial owner will
be carried out in the presence of the customer using a valid identification document. If the customer is a
company or an entity, the actual existence of the power of representation of the representative must be
checked, and information acquired to identify and check the identity of the representatives authorised to sign
for the transaction to be carried out;
b) the identification and checking of the identity of the beneficial owner will be carried out when the customer
is being identified. The beneficial owner can be identified even without his/her physical presence on the basis
of the identification data provided by the customer, or in another way, for example by consulting public
registers, lists or accessible public records or documents;
c)
while the account is open, it will be constantly checked by analysing the transactions concluded during the
entire duration of the relationship to ensure that said transactions are compatible with knowledge about the
customer, its business activities and risk profile, having regard, if necessary, to the origin of the funds and
keeping the documents, data or information up to date.
The customer “due diligence” obligations are organised into further and different levels of due diligence in proportion
to the risk profile of the customer, carrying out a simplified, ordinary or enhanced due diligence as described below.
4.2 Customer profiling
The information controls that the Bank has made available to its operators will allow them to give - on the basis of
processing the data and information acquired when consulting the data register, opening an account, executing
occasional transactions and monitoring the transactions in place - a “rating” that represents the level of money
laundering risk.
16
To this end, the Bank defined four levels of risk that a customer can be classified under:
Risk level
Irrelevant
Gianos rating range
1-5
Low
6 - 12
Medium
13 - 24
High
25 - 99
The Bank uses the Gianos Know Your customer system (hereinafter KYC) to give them an initial risk rating when
opening the account / carrying out an occasional transaction; the “Risk profile management” form is used to
continuously monitor the customers, allowing the above-mentioned initial rating to be raised / lowered in accordance
with the transactions carried out by the customer.
In accordance with article 20 of Legislative Decree 231/2007, the Bank fulfils its due diligence obligations by providing
for a proportional range of activities to carry out both when the account is being opened, and during the subsequent
continuous monitoring, making it proportional to the risk rating given to each customer.
More specifically, upon opening an account / carrying out occasional transactions, for “medium” or “high” risk ratings,
the Bank defined:
•
•
a set of further documentation / information to acquire to complete the due diligence;
a specific authorisation workflow.
If there are no further risk elements, the Bank defined the following time drivers to update the information acquired,
submitting the due diligence questionnaire once again to the customers:
Risk level
Timeframe period to update the Know
Your customer questionnaire
Irrelevant
24 months
Low
24 months
Medium
12 months
High
12 months
Please refer to the GIANOS procedure governance tables for a description of the criteria adopted by the Bank to
determine the rating; this forms an integral part of this Policy:
•
Items to calculate the risk profile rating (update of the Bank of Italy Measure of 3 April 2013)
•
Items to calculate the risk profile rating from the Due Diligence Questionnaire (update of the Bank of Italy
Measure of 3 April 2013)
•
Links to calculate the risk profile rating from the COMMA/GIANOS procedure
17

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz