FC-4 FC-4 Money Laundering Reporting Officer (MLRO)
FC-4.1 FC-4.1 Appointment of MLRO
FC-4.1.1
Conventional bank licensees must appoint a Money Laundering reporting officer ("MLRO"). The MLRO must be approved by the BMA prior to his appointment. The conventional bank licensee must notify the Agency of the appointment of the MLRO, using the MLRO form (Appendix FC-4).FC-4.1.2
The position of MLRO must not be combined with functions that create potential conflicts of interest, such as an internal auditor or business line head. The position of MLRO may not be outsourced.
FC-4.1.3
Subject to Paragraph FC-4.1.2, however, the position of MLRO may otherwise be combined with other functions in the
conventional bank licensee , such as that of Compliance Officer, in cases where the volume and geographical spread of the business is limited and, therefore, the demands of the function are not likely to require a full time resource. Paragraph FC-4.1.6 requires that the MLRO is a Director or employee of the licensee, so the function may not be outsourced to a third party employee.FC-4.1.4
Conventional bank licensees must appoint a deputy MLRO to act for the MLRO in his absence. The deputy MLRO must be resident in Bahrain unless otherwise agreed with the BMA.FC-4.1.5
Conventional bank licensees should note that although the MLRO may delegate some of his functions, either within the licensee or even possibly (in the case of larger groups) to individuals performing similar functions for other group entities, that the responsibility for compliance with the requirements of this Module remains with the licensee and the designated MLRO.FC-4.1.6
So that he can carry out his functions effectively,
conventional bank licensees must ensure that their MLRO:(a) is a Director or a member of senior management of the licensee;(b) has a sufficient level of seniority within theconventional bank licensee , has the authority to act without interference from business line management and has direct access to the Board and senior management (where necessary);(c) has sufficient resources, including sufficient time and (if necessary) support staff, and has designated a replacement to carry out the function should the MLRO be unable to perform his duties;(d) has unrestricted access to all transactional information relating to any financial services provided by theconventional bank licensee to that customer, or any transactions conducted by theconventional bank licensee on behalf of a customer;(e) is provided with timely information needed to identify, analyse and effectively monitor customer accounts;(f) has access to all customer due diligence information obtained by theconventional bank licensee ; and(g) is resident in Bahrain.FC-4.1.7
In addition,
conventional bank licensees must ensure that their MLRO is able to:(a) monitor the day-to-day operation of its policies and procedures relevant to this Module; and(b) respond promptly to any reasonable request for information made by the Anti-Money Laundering Unit or the BMA.FC-4.1.8
If the position of MLRO falls vacant, the
conventional bank licensee must appoint a permanent replacement (after obtaining BMA approval), within 120 calendar days of the vacancy occurring. Pending the appointment of a permanent replacement, the licensee must make immediate interim arrangements (including the appointment of an acting MLRO) to ensure continuity in the MLRO function's performance. These interim arrangements must be approved by the BMA.FC-4.2 FC-4.2 Responsibilities of the MLRO
FC-4.2.1
The MLRO is responsible for:
(a) establishing and maintaining theconventional bank licensee's AML/CFT policies and procedures;(b) ensuring that the licensee complies with the AML Law and any other applicable AML/CFT legislation and regulations;(c) ensuring day-to-day compliance with the licensee's own internal AML/CFT policies and procedures;(d) acting as theconventional bank licensee's main point of contact in respect of handling internal suspicious transaction reports from the licensee's staff (refer to Section FC-5.1) and as the main contact for the Financial Intelligence Unit, the BMA and other concerned bodies regarding AML/CFT;(e) making external suspicious transaction reports to the Financial Intelligence Unit and Compliance Unit (refer to Section FC-5.2);(f) taking reasonable steps to establish and maintain adequate arrangements for staff awareness and training on AML/CFT matters (whether internal or external), as per Chapter FC-5;(g) producing annual reports on the effectiveness of the licensee's AML / CFT controls, for consideration by senior management, as per Paragraph FC-4.3.3;(h) on-going monitoring of what may, in his opinion, constitute high-risk customer accounts; and(i) maintaining all necessary CDD, transactions, STR and staff training records for the required periods (refer to Section FC-7.1).FC-4.3 FC-4.3 Compliance monitoring
Annual Compliance Review
FC-4.3.1
A
conventional bank licensee must review the effectiveness of its AML/CFT procedures, systems and controls at least once each calendar year. The review must cover theconventional bank licensee and its branches and subsidiaries both inside and outside the Kingdom of Bahrain. The scope of the review must include:(a) a report, containing the number of internal reports made in accordance with Section FC-5.1, a breakdown of all the results of those internal reports and their outcomes for each segment of the licensee's business, and an analysis of whether controls or training need to be enhanced;(b) a report, indicating the number of external reports made in accordance with Section FC-5.2 and, where aconventional bank licensee has made an internal report but not made an external report, noting why no external report was made;(c) a sample test of compliance with this Module's customer due diligence requirements; and(d) a report as to the quality of theconventional bank licensee's anti-money laundering procedures, systems and controls, and compliance with the AML Law and this Module.FC-4.3.2
The reports listed under Paragraph FC-4.3.1(a) and (b) must be made by the MLRO. The sample testing required under Paragraph FC-4.3.1(c) must be undertaken either by the licensee's internal audit function or its external auditors. The report required under Paragraph FC-4.3.1(d) must be made by the licensee's external auditors.
FC-4.3.3
The reports listed under Paragraph FC-4.3.1 must be submitted to the licensee's Board, for it to review and commission any required remedial measures, and copied to the licensee's senior management.
FC-4.3.4
The purpose of the annual compliance review is to assist a licensee's Board and senior management to assess, amongst other things, whether internal and external reports are being made (as required under Chapter FC-5), and whether the overall number of such reports (which may otherwise appear satisfactory) does not conceal inadequate reporting in a particular segment of the licensee's business (or, where relevant, in particular branches or subsidiaries).
Conventional bank licensees should use their judgement as to how the reports listed under Paragraph FC-4.3.1(a) and (b) should be broken down in order to achieve this aim (e.g. by branches, departments, product lines, etc).FC-4.3.5
Conventional bank licensees must instruct their external auditors to produce the report referred to in Paragraph FC-4.3.1(d). The report must be submitted to the BMA by the 30th of April of the following year. The findings of this review must be received and acted upon by the licensee.FC-4.3.6
The external auditors may rely upon work performed by the licensee's internal audit function, as part of their procedures for producing the statement referred to in Paragraph FC-4.3.5.
