Examination Policy - Compliance Commission
The Commission carries out its supervisory oversight by means of a risk assessment exercise, as well as on-site and off-site examination programmes. Firms are required to complete a Risk Assessment Questionnaire issued by the Commission for an initial assessment of the inherent risks to the Firm. The purpose of the risk assessment questionnaire is to gather information on the salient features of the firm’s overall structure, clients (including geographical location and beneficial owners), products and services, transactions, delivery channels, and oversight and governance. The outcome of the risk assessment along with the latest on-site examination evaluation, will determine the frequency and intensity of the Commission’s examination program of the firm. The risk assessment will be followed by an on-site or off-site examination of the firm.
In the absence of the firm’s documented risk-based policies and procedure manual, the firm will be given 30 days to document its risk-based policies and procedures manual. Penalties apply for non-compliance.
Risks, once assessed, are not static – risks may increase or decrease. Therefore, events which may cause changes to the risk profile of the firm, must, without delay, be communicated to the Commission by the firm. This allows the Commission to know the signficant activity that is driving the change and to understand the risks of the entity so that the Commission may properly align its resources for monitoring and examination purposes.
The Commission administers four (4) types of examinations, as outlined below:
- routine (on-site only);
- follow-up (on-site or off-site examination);
- random (on-site only); and
- special (on-site only).
The examination focuses on procedures and systems to examine the firm’s obligation to comply with AML laws and guidelines. The Bahamian AML laws and applicable guidelines require DNFBPs to, at a minimum:
- Conduct and document a risk assessment of the firm’s inherent risks to determine the level of exposure to the risks of money laundering, terrorist financing, proliferation financing;
- Establish written risk-based policies and procedures that comply with the provisions of AML laws and guidelines;
- Identify and verify customers and their source of funds;
- Appoint a CO and a MLRO;
- Keep transaction, identification and verification records;
- Conduct on-going monitoring of customer transactions;
- Report suspicious transactions to the FIU;
- Ensure the management and appropriate staff receive AML training annually;
- Conduct internal compliance effectiveness reviews, minimum every two years; and
- Submit to AML examination by the Commission and its appointed agents.