Fight against money laundering: SECP asks FIs to put in place three lines of defence

The Secur-ities and Exchange Commission of Pakistan (SECP) has directed financial institutions regulated by the SECP, namely securities brokers, insurance companies, Non-Banking Finance Com-panies and Modarabas, to establish three lines of defense to combat Money Laundering (ML) and Terrorist Financing (TF). In this connection, the SECP has issued guidelines on Anti-Money Laundering and Countering Financing of Terrorism Regulations-2018 for the corporate sector.
According to the SECP guidelines, regulated persons should establish the following three lines of defense to combat ML/TF: First, the business units (eg front office, customer-facing activity) should know and carry out due diligence of the AML/CFT related policies and procedures and be allotted sufficient resources to do this effectively. Second includes the compliance officer (CO), the compliance function and human resources or technology. The third is the internal audit function.
As part of first line of defense, policies and procedures should be clearly specified in writing, and communicated to all employees. They should contain a clear description for employees of their obligations and instructions as well as guidance on how to keep the activity of the reporting entity in compliance with the regulations. There should be internal procedures for detecting, monitoring and reporting suspicious transactions.
As part of second line of defense, the compliance officer must have the authority and ability to oversee the effectiveness of RPs' AML/CFT systems, compliance with applicable AML/CFT legislation and provide guidance in day-to-day operations of the AML/CFT policies and procedures.
The compliance officer must be a person who is fit and proper to assume the role and who has sufficient skills and experience to develop and maintain systems and controls (including documented policies and procedures); sufficient resources, including time and support staff; has access to all information necessary to perform the AML/CFT compliance function; ensures regular audits of the AML/CFT program; maintains various logs, as necessary, which should include logs with respect to declined business, politically exposed person ("PEPs"), and requests from Commission, FMU and law enforcement agencies (LEAs) particularly in relation to investigations; and responds promptly to requests for information by the SECP/law enforcement agency. The SECP said that the internal audit, the third line of defense, should periodically conduct AML/CFT audits on an institution-wide basis and be proactive in following up their findings and recommendations.
As a general rule, the processes used in auditing should be consistent with internal audit's broader audit mandate, subject to any prescribed auditing requirements applicable to the AML/CFT measures.