The “Three Lines of Defense” is a widely used phrase for describing how
organizations should manage their anti-money laundering (“AML”) risk.
As the United States Department of the Treasury’s Office of Foreign
Assets Control (“OFAC”) regulations has applicability outside U.S.
borders, all individuals and entities are required to comply when
conducting transactions in U.S. dollars. OFAC requires that institutions
must block the accounts and property of specified countries, entities, and
individuals. Furthermore, it prohibits the rejecting of unlicensed business
with sanctions countries, entities, and people.
The Five Pillars
Four pillars of an AML/Counter-Terrorist Financing (“CFT”) program
include a system of internal policies, procedures and controls (the first line
of defense), a designated compliance function with a compliance officer
(the second line of defense), an independent audit function to test the
overall effectiveness of the AML program (the third line of defense), and
an ongoing employee training program. The fifth pillar, established by the
Financial Crimes Enforcement Network in 2016, requires appropriate
risk-based procedures for conducting ongoing customer due diligence.
These procedures include understanding the nature and purpose of
customer relationships for the purpose of developing a customer risk
profile, conducting ongoing monitoring to identify and report suspicious
transactions, and maintaining and updating customer information.
The First Line of Defense
Policies and procedures should be specified in writing and communicated
to all personnel in order to keep organizations in compliance with
regulations. Guidelines should be clearly established for detecting and
reporting suspicious activity. Customer-facing staff need the deepest
practical understanding of AML/CFT efforts, and need to know how to
handle cash transactions and establish loans and accounts while
complying with regulatory requirements. Operations personnel should not
be overlooked in the training process, as they are often in position to
recognize illegal activities.
The Second Line of Defense
A designated compliance officer should oversee the coordination and
monitoring of the organizations compliance program, and hold
responsibility for reporting suspicious transactions. Advanced, ongoing
training is recommended in order to stay on top of requirements and
emerging trends. This includes attending conferences and industry
training events. The compliance officer’s duties should be kept separate
from business line responsibilities in order to avoid conflicts of interest,
and they should have a direct line of contact to senior management.
The Third Line of Defense
Independent testing staff is required in order to maintain the third line of
defense. This staff should receive its own training and act apart from the
rest of the organization in assessing the adequacy of the AML/CFT
compliance program, the effectiveness of its procedures, and compliance
oversight and training. It is senior management’s responsibility to ensure
audit functions are designated to qualified staff.
Complying with OFAC
The board of directors has responsibility for an organization’s AML/CFT
compliance program. Leadership must actively support and understand
compliance efforts, and seek to manage and mitigate any deficiencies
identified. Adequate resources must be devoted to the compliance
function, and ensuring an independent, competent party tests the program
is one way to assess effectiveness.
Partnering with a third party due diligence provider is a proven way of
ensuring comprehensive compliance with strict OFAC regulations. The
first line of defense is responsible for onboarding customers, and
assessing their source of wealth, account activity, and ownership structure.
It is vital that these customers are vetted in order to prevent exposure and
risk of processing a transaction on behalf of a sanctioned interest.
Business activities, political ties, and geographic exposure can all be
investigated as part of this process.
Vcheck Global helps you know more
about the people and companies you do