FC-4 FC-4 Money Laundering Reporting Officer (MLRO)
FC-4.1 FC-4.1 Appointment of MLRO
FC-4.1.1
Licensees must appoint a Money Laundering reporting officer ("MLRO"). The MLRO must be approved by the CBB prior to his appointment. The position of MLRO is acontrolled function and the MLRO is anapproved person .October 2010FC-4.1.2
For details of CBB's requirements regarding
controlled functions andapproved persons , see Section AU-1.2. Amongst other things,approved persons require CBB approval before being appointed, which is granted only if they are assessed as 'fit and proper' for the function in question. A completed Form 3 must accompany any request for CBB approval.October 2010FC-4.1.3
The position of MLRO must not be combined with functions that create potential conflicts of interest, such as an internal auditor or business line head. The position of MLRO may not be outsourced.
October 2010FC-4.1.4
Subject to Paragraph FC-4.1.2, however, the position of MLRO may otherwise be combined with other functions in the
licensee , such as that of Compliance Officer, in cases where the volume and geographical spread of the business is limited and, therefore, the demands of the function are not likely to require a full time resource.October 2010FC-4.1.4A
For purposes of Paragraphs FC-4.1.3 and FC-4.1.4 above,
licensees must clearly state in the Application for Approved Person Status — Form 3 — when combining the MLRO or DMLRO position with any other position within thelicensee .Added: October 2017FC-4.1.5
Licensees must appoint a deputy MLRO to act for the MLRO in his absence. The deputy MLRO must be resident in Bahrain unless otherwise agreed with the CBB.October 2010FC-4.1.6
Licensees should note that although the MLRO may delegate some of his functions, either within the licensee or even possibly (in the case of larger groups) to individuals performing similar functions for other group entities, the responsibility for compliance with the requirements of this Module remains with thelicensee and the designated MLRO. The deputy MLRO should be able to support the MLRO discharge his responsibilities and to deputise for him in his absence.October 2010FC-4.1.7
So that he can carry out his functions effectively,
licensees must ensure that their MLRO:(a) Is a member of senior management of thelicensee ;(b) Has a sufficient level of seniority within thelicensee , has the authority to act without interference from business line management and has direct access to the board and senior management (where necessary);(c) Has sufficient resources, including sufficient time and (if necessary) support staff, and has designated a replacement to carry out the function should the MLRO be unable to perform his duties;(d) Has unrestricted access to all transactional information relating to any financial services provided by thelicensee to a customer, or any transactions conducted by thelicensee on behalf of that customer;(e) Is provided with timely information needed to identify, analyse and effectively monitor customer accounts;(f) Has access to all customer due diligence information obtained by thelicensee ; and(g) Is resident in Bahrain.Amended: April 2012
October 2010FC-4.1.8
In addition,
licensees must ensure that their MLRO is able to:(a) Monitor the day-to-day operation of its policies and procedures relevant to this Module; and(b) Respond promptly to any reasonable request for information made by the Financial Intelligence Directorate or the CBB.Amended: October 2019
October 2010FC-4.1.9
If the position of MLRO falls vacant, the
licensee must appoint a permanent replacement (after obtaining CBB approval), within 120 calendar days of the vacancy occurring. Pending the appointment of a permanent replacement, thelicensee must make immediate interim arrangements (including the appointment of an acting MLRO) to ensure continuity in the MLRO function's performance. These interim arrangements must be approved by the CBB.October 2010FC-4.2 FC-4.2 Responsibilities of the MLRO
FC-4.2.1
The MLRO is responsible for:
(a) Establishing and maintaining thelicensee's AML/CFT policies and procedures;(b) Ensuring that thelicensee complies with the AML Law and any other applicable AML/CFT legislation and this Module;(c) Ensuring day-to-day compliance with thelicensee's own internal AML/CFT policies and procedures;(d) Acting as thelicensee's main point of contact in respect of handling internal suspicious transactions reports from thelicensee's staff (refer to Section FC-5.1) and as the main contact for the Financial Intelligence Directorate, the CBB and other concerned bodies regarding AML/CFT;(e) Making external suspicious transactions reports to the Financial Intelligence Directorate and the Compliance Directorate (refer to Section FC-5.2);(f) Taking reasonable steps to establish and maintain adequate arrangements for staff awareness and training on AML/CFT matters (whether internal or external), as per Chapter FC-6;(g) Producing annual reports on the effectiveness of thelicensee's AML / CFT controls, for consideration by senior management, as per Paragraph FC-4.3.3;(h) On-going monitoring of what may, in his opinion, constitute high-risk customer accounts; and(i) Maintaining all necessary CDD, transactions, STR and staff training records for the required periods (refer to Section FC-7.1).Amended: October 2019
October 2010FC-4.3 FC-4.3 Compliance Monitoring
Annual Compliance Review
FC-4.3.1
A
licensee must review the effectiveness of its AML/CFT procedures, systems and controls at least once each calendar year. The review must cover thelicensee and its branches and subsidiaries both inside and outside the Kingdom of Bahrain. Alicensee must monitor the implementation of those controls and enhance them if necessary. The scope of the review must include:(a) A report, containing the number of internal reports made in accordance with Section FC-5.1, a breakdown of all the results of those internal reports and their outcomes for each segment of thelicensee's business, and an analysis of whether controls or training need to be enhanced;(b) A report, indicating the number of external reports made in accordance with Section FC-5.2 and, where alicensee has made an internal report but not made an external report, noting why no external report was made;(c) A sample test of compliance with this Module's customer due diligence requirements; and(d) A report as to the quality of thelicensee's anti-money laundering procedures, systems and controls, and compliance with the AML Law and this Module.Amended: January 2022
October 2010FC-4.3.2
The reports listed under Subparagraphs FC-4.3.1 (a) and (b) must be made by the MLRO. The sample testing and report required under Subparagraphs FC-4.3.1 (c) and (d) must be made by the
licensee's external auditor or a consultancy firm approved by the CBB.Amended: January 2022
Amended: April 2012
October 2010FC-4.3.2A
In order for a consultancy firm to be approved by the CBB for the purposes of Paragraph FC-4.3.2, such firm should provide the CBB's Compliance Directorate with:
(a) A sample AML/CFT report prepared for a financial institution;(b) A list of other AML/CFT related work undertaken by the firm;(c) A list of other audit/review assignments undertaken, specifying the nature of the work done, date and name of the licensee; and(d) An outline of any assignment conducted for or in cooperation with an international audit firm.Added: April 2012FC-4.3.2B
The firm should indicate which personnel (by name) will work on the report (including, where appropriate, which individual will be the team leader) and demonstrate that all such persons have appropriate qualifications in one of the following areas:
(a) Audit;(b) Accounting;(c) Law; or(d) Banking/Finance.Added: April 2012FC-4.3.2C
At least two persons working on the report (one of whom would normally expected to be the team leader) should have:
(a) A minimum of 5 years professional experience dealing with AML/CFT issues; and(b) Formal AML/CFT training.Added: April 2012FC-4.3.2D
Submission of a curriculum vitae for all personnel to be engaged on the report is encouraged for the purposes of evidencing the above requirements.
Added: April 2012FC-4.3.2E
Upon receipt of the above required information, the CBB Compliance Directorate will assess the firm and communicate to it whether it meets the criteria required to be approved by the CBB for this purpose. The CBB may also request any other information it considers necessary in order to conduct the assessment.
Added: April 2012FC-4.3.3
The reports listed under Paragraph FC-4.3.1 must be submitted to the
licensee's Board, for it to review and commission any required remedial measures, and copied to thelicensee's senior management.October 2010FC-4.3.4
The purpose of the annual compliance review is to assist a
licensee's Board and senior management to assess, amongst other things, whether internal and external reports are being made (as required under Chapter FC-5), and whether the overall number of such reports (which may otherwise appear satisfactory) does not conceal inadequate reporting in a particular segment of thelicensee's business (or, where relevant, in particular branches or subsidiaries).Licensees should use their judgement as to how the reports listed under Subparagraphs FC-4.3.1 (a) and (b) should be broken down in order to achieve this aim (e.g. by branches, departments, product lines, etc).October 2010FC-4.3.5
Licensees must instruct their appointed firm to produce the report referred to in Subparagraphs FC-4.3.1 (c) and (d). The report must be submitted to the CBB by the 30th of June of the following year. The findings of this review must be received and acted upon by thelicensee .Amended: January 2022
Amended: January 2020
Amended: April 2012
Added: October 2010FC-4.3.6
[This Paragraph has been deleted in January 2022].
Deleted: January 2022
Amended: April 2012
October 2010FC-4.3.7
[This Paragraph has been deleted in January 2022].
Deleted: January 2022
Amended: January 2020
Added: October 2010