Version 1.0
Prepared by: @Lorraine Sebata
Approved by: @Name
Reviewed date: 2024-07-24
Next review date: 2025-07-24
This Compliance (AML/CFT) Risk Management and Framework Policy outlines Easyterms Ltd.'s approach to identifying, assessing, managing, and mitigating Money Laundering (ML), Terrorist Financing (TF), and Proliferation Financing (PF) risks. Its purpose is to establish a robust framework that ensures compliance with all applicable laws and regulations, aligns with the Board's risk appetite, and protects the Company from being used for illicit financial activities.
This policy applies to all employees, agents, contractors, and third parties acting on behalf of Easyterms Ltd. across all business lines, products, and services. It covers all financial transactions, client relationships, and operational activities, with a particular focus on the loan application processing cycle.
Easyterms Ltd. is committed to full compliance with all applicable national and international AML/CTF/PF laws, regulations, and guidelines, including relevant legislation, regulatory rules, guidelines, and policies, and observations from National Risk Assessments.
The Company shall adopt a comprehensive risk-based approach to AML/CTF/PF. This involves identifying and assessing inherent risks specific to its business, clients, products, services, and geographic locations, and then managing these risks to align with the Board's determined risk appetite.
Inherent risks of ML/TF/PF will be identified by referencing:
Relevant legislation.
Any Rules, Guidelines, and Policies put in place by the regulator.
Observations in National Risk Assessments.
Any other factors included in the Company's Policies and procedures.
Additional material such as FATF recommendations and CFATF Mutual Evaluations may also be used.
Each identified risk factor will be assessed for both the likelihood/possibility of occurrence and its potential impact on the business. The Company will rely on standards and reports such as CFATF Mutual Evaluation, FATF reports, NRA, and output from regulators for these assessments.
Identified inherent risks will be managed to bring them in line with the Board's determined risk appetite. Risk treatment options include:
Accepted: Risk is in line with the Board's risk appetite.
Rejected: Risk exceeds the Board's risk appetite.
Transferred: Via insurance.
Mitigated: Through the application of effective internal controls to reduce the risk to an acceptable level.
After the risk management process, the remaining risk is defined as residual risk, which must be at a level determined by the Board of Directors as an acceptable part of doing business.
Every individual or company engaging in services with Easyterms Ltd. must undergo a risk rating to determine their ML/TF/PF risk. This risk profile will be reviewed and reassessed on an ongoing basis, dictating the level of ongoing due diligence. Clients are rated on a risk-sensitive basis and subjected to a commensurate level of due diligence to optimize resource allocation, focusing more attention on high-risk relationships.
The Compliance Risk Management Framework will be assessed and updated on an ongoing basis to reflect changes in technology, legislation, and industry standards. The methodology will be reviewed periodically, at least annually.
The Compliance Officer will determine the level of oversight and testing necessary for the framework's implementation and control effectiveness. All compliance exceptions will be reported to the Supervisor, then to the Compliance Officer, who will determine which exceptions require the Board's attention. The Board of Directors will receive annual updates in the Compliance Risk Board Report and will be kept informed of new and pending legislation, and any exceptions.
Board of Directors / Senior Management: Overall responsibility for approving and overseeing the AML/CTF/PF program and determining the Company's risk appetite.
Money Laundering Reporting Officer (MLRO): Responsible for the day-to-day oversight of the AML/CTF/PF program, receiving internal suspicious activity reports, and filing SARs/STRs with authorities.
Compliance Department/Officer: Responsible for developing, implementing, and maintaining the AML/CTF/PF policies and procedures, overseeing the risk framework, conducting reviews of onboarded clients, ensuring framework reflects legislative requirements, testing review frequencies, and reporting exceptions and updates to management and the Board.
All Employees: Responsible for understanding and adhering to this policy and related procedures, conducting appropriate CDD, monitoring transactions for adherence to client profiles, and reporting suspicious activities to the MLRO.
This policy will be reviewed at least annually, or more frequently if there are significant changes in laws, regulations, business operations, or identified risks, to ensure its continued effectiveness, compliance, and alignment with business objectives.