The Banking Supervision Department updates the Directive regarding management of AML and CTF risks
The revision brings the new Directive in line with the most up to date international standards on the issue of the Prohibition on Money Laundering and Terrorism Financing, and is expected to assist in the State of Israel being accepted as a full member of FATF.
The existing directive, “Prevention of Money Laundering and Terrorism Financing, and Customer Identification” was expanded and reorganized as a risk management directive (hence the name was changed as well), and it includes operative risk-management tools. Following are the main changes in the directive:
a. Corporate Governance—The detailed list of roles of corporate governance functions was expanded, and they were aligned with compliance risk management covered in Proper Conduct of Banking Business Directive #308, “Compliance and the Compliance Function in a Banking Corporation”. Likewise, the issues covered in Prohibition on Money Laundering and Terrorism Financing policy were expanded, such as decisions by the Sanctions Committee of the United Nations Security Council.
b. Risk assessment—The factors on which a banking corporation must base the execution of a risk assessment were detailed, and the information base that a banking corporation must collect from internal and external entities in order to formulate the risk assessment was also detailed.
c. Risk mitigation—When establishing Know Your Customer policies and procedures, the banking corporation must take into account the risk factors detailed in the Directive. Risk factors are segmented by customers, countries and territories, and products, services and distribution channels. Within this framework, a banking corporation is required to assess, via a structured and automated questionnaire, the level of Prohibition on Money Laundering and Terrorism Financing risk it is exposed to by activities vis-à-vis customers, based on, among other things, the risk variables detailed in the Directive, while weighting the risk factors. When a customer is identified as being high risk, the banking corporation is required to take one or more of the actions listed in the Directive, such as requiring additional information, receiving references or approval from senior management.
d. Risk activities—The new Directive consolidates in one chapter all the risky activities that were in the previous directive and that appeared in Supervisor Letters in the past. Emphasis was placed on the issue of managing an account for domestic politically exposed persons and senior officials in international organizations, in addition to the issue of managing an account for foreign politically exposed persons, which appeared in the existing Directive. Likewise, it was prohibited to open new numbered accounts, and banking corporations are to work to switch numbered accounts to regular accounts by December 31, 2017.
e. Scope of activity (group risk management)—Requirements were detailed for formulating group policies for banking corporations that conduct international activities through subsidiaries or branches in jurisdictions outside of Israel. Among other things, it was established that in a case in which a banking corporation is required to implement the more stringent directives (between the local requirements and those of this Directive), and they contradict the legal directives of the host country, additional controls are to be set, and the continued activity in that country should be considered.
The revisions to the Directive will go into effect on January 1, 2018.