Financial groups (e.g. a licensee with its subsidiaries) must implement groupwide programmes against money laundering and terrorist financing, including policies and procedures for sharing information within the group for AML/CFT purposes, which must also be applicable, and appropriate to, all branches and subsidiaries of the financial group. These must include:

(a) The development of internal policies, procedures and controls, including appropriate compliance management arrangements, and adequate screening procedures to ensure high standards when hiring employees;
(b) An ongoing employee training programme;
(c) An independent audit function to test the system;
(d) Policies and procedures for sharing information required for the purposes of CDD and money laundering and terrorist financing risk management;
(e) The provision at group-level compliance, audit, and/or AML/CFT functions of customer, account and transaction information from branches and subsidiaries when necessary for AML/CFT purposes; and
(f) Adequate safeguards on the confidentiality and use of information exchanged.
Added: January 2018