2.5. Policies and Procedures

يسري تنفيذه من تاريخ 4/7/2021

LFIs should develop and maintain clear and comprehensive written policies and procedures to enable them to manage and mitigate the sanctions risks they have identified, commensurate with the nature and size of their business.

•	LFIs should ensure that policies and procedures are approved by senior management and that they:
	o	Enable the LFI to clearly and effectively identify, prevent, escalate, and report suspicious transactions and activities;
	o	Are tailored to the organization and capture the organization’s day-to-day operations and processes;
	o	Are easy to follow and designed to prevent employees from engaging in misconduct;
	o	Prohibit employees from, directly or indirectly, informing the customer or any third party that freezing or any Other Measures shall be implemented;
	o	Require enhanced due diligence to be conducted on all customers and transactions that are assessed to be high-risk for TF and PF; and
	o	Contain sufficient detail of their record keeping obligations.
•	LFIs should ensure the effective and consistent implementation of the policies and procedures related to the SCP across their organizations, including branches, Subsidiaries, and other entities in which LFIs hold a majority interest.
•	LFIs should clearly communicate the SCP’s policies and procedures, including for record keeping, to all relevant employees and external or outsourced service providers.
•	LFIs should review and update policies and procedures in a timely manner in response to events or emerging risks and ensure that such updates are communicated to employees on a timely basis.
•	LFIs should implement a formal review process at least annually of the policies and procedures at appropriate levels subject to approval where changes are material.
•	LFIs should identify and document any exceptions or deviations from the policies and procedures related to the SCP; these should be approved by senior management.