The specific preventive measures discussed above should take place within, and be supported by, a comprehensive institutional AML/CFT program that is appropriate to the risks the LFI faces. Therefore, in addition to the mandatory governance and training requirements set forth in the AML-CFT Law and Decision, Payment Sector participants and LFIs providing them services should endeavor to incorporate the following considerations into the design of their governance frameworks and their training programs.
•
Clear allocation of AML/CFT responsibilities among LFIs. When a network of Payment Sector participants combine to deliver a payment service and execute transactions, risks arise when they do not have a clear understanding of each participant’s AML/CFT responsibilities. Allocating responsibilities is particularly important when some LFIs involved in a payment will not form a relationship with the ultimate customer or beneficiary. Card schemes should have a governing body, but this may not be a requirement for other Payment Sector participants depending on their role in processing payments. LFIs should understand the parties and their roles and responsibilities in the scheme and manage risks accordingly. Any LFI that provides payment services as part of a network should assume full responsibility for CDD. Furthermore, LFIs cannot rely on any other entities to implement elements of the AML/CFT program, such as the appointment of a compliance officer and the reporting suspicious transactions. Similarly, when a LFI provides services to a Payment Sector participant as part of a Correspondent Banking Relationship, they should also understand each party’s AML/CFT responsibilities and document them in the contract or other program documents. Understanding the parties’ respective AML/CFT responsibilities is a mandatory element of correspondent CDD under Article 25 of the AML-CFT Decision.
•
Agent Governance and Training. Where a payment service or product relies on the use of agents for delivery, it is critical that they are appropriately trained to recognize red flags for illicit activity, and to carry out the elements of the AML/CFT program for which they are responsible. LFIs that use agents should have appropriate programs in place to manage them through effective governance arrangements that, among other measures, set clear requirements for terminating relationships if agents do not comply with the LFI’s policy. LFIs should provide training directly to agents and test their compliance on a regular basis. Where agents participate in sensitive activities, such as cash acceptance or onboarding, they should receive increased training and be subject to additional controls and testing.
•
Employee Training. As with all risks to which the LFI is exposed, the AML/CFT training program should ensure that employees are aware of the risks of PPS, familiar with the obligations of the LFI, and equipped to apply appropriate risk-based controls. Training should be tailored and customized to the LFI’s risk and the nature of its operations. For Payment Sector participants that offer PPS as their primary business, employee training should be focused on payments-related risks. For LFIs that offer services to Payment Sector participants, employee training should cover payment risks as appropriate to the employee’s role and responsibilities as well as the LFI’s overall exposure to the sector.