AML-CFT Assessment Methodology
Starting in 2002 and as agreed, AML-CFT assessments can be conducted using one of two approaches: either (a) Fund-Bank assessments or (b) FATF or FATF-style regional body (FSRB) mutual evaluations. Under both approaches, assessors will need to use the revised common methodology endorsed by the Fund-Bank Boards and by the FATF in February-March 2004.5
The 2004 methodology (revised slightly in February 2005) was developed to reflect (a) the revised FATF 40 recommendations that were adopted by the FATF in 2003 and revised in 2004, (b) the originally eight (now nine) special recommendations to combat terrorist financing adopted in 2001 and revised in 2004, and (c) a number of FATF interpretative notes. The following are key features of the 2004 methodology:
• Although the 2002 methodology was structured both topically and sectorally, the 2004 methodology follows the structure of the revised FATF 40 recommendations. This revision will help in the determination of whether the FATF recommendations have been fully and properly implemented and whether the AML-CFT system is effective.6 Consistent with the FATF recommendations, all financial institutions are now assessed against the same criteria, thus eliminating the overlap and duplication in criteria in the 2002 methodology, which included specific criteria for different financial sectors.
• The criteria relating to the eight special recommendations on terrorist financing are kept separate from the AML criteria, though, where applicable, they cross-reference the relevant AML criteria.
• The 2004 methodology distinguishes between the mandatory elements (i. e., the essential criteria) and the nonmandatory elements (i. e., the additional elements). The latter are formulated as questions and are based on best practice or guidance issued by the FATF or other international standard setters. The additional elements are not to be taken into account when determining a compliance rating for a recommendation but may be referenced when describing the overall robustness of the system.
• The 2004 methodology further distinguishes between basic requirements that need to be implemented through laws and regulations and through more detailed requirements that may alternatively be implemented through other enforceable means, such as enforceable guidelines issued by competent authorities.
• There is a four-level compliance rating: compliant, largely compliant, partially compliant, and noncompliant. The overall structure and rating system are comparable to assessment methodologies for other standards and codes.
• The 2004 methodology contains more than 200 essential criteria, 20 subcriteria, and 35 additional criteria. In addition, the methodology contains examples and note boxes to help provide guidance to the assessors in their work.
• The 2004 methodology contains a fairly detailed and comprehensive set of assessment criteria, particularly with respect to criminal justice and regulatory systems, preventive measures for financial sector, powers of competent authorities, and international cooperation. The following selected examples illustrate the level of detail in the methodology. The methodology contains, for example, detailed criteria concerning the conduct of customer due diligence (CDD) with respect to the circumstances under which CDD is to be conducted, timing of verification,
measures to be taken with respect to existing customers, conditions under which simplified CDD may be allowed, conditions under which a financial institution can rely on third parties and introduced business, and additional CDD measures in certain circumstances such as correspondent banking. The methodology specifies preventive measures that should apply to a designated set of nonfinancial businesses and professions where they prepare for, or carry out, certain types of transactions.7 Countries are also required to review the effectiveness of their AML-CFT systems on a regular basis and to maintain comprehensive statistics for this purpose.