From 29 June this year, following the entering into force of the new Money Laundering Prevention Act in Lithuania, the responsibility of management for implementing money laundering prevention in its organisation has considerably increased.
What should a manager know, and what is expected of him in the field of money laundering prevention?
1. First of all, the manager should have a good knowledge of the regulations, money laundering risks, and prevention measures applicable. The manager is responsible for overall risk management in a company, so the level of perception required will be different from that of someone at a lower level. This should be taken into account when planning training programmes for executives and employees.
2.The manager must constantly assess the risk of money laundering in the organisation. It is important to bear in mind that the level of risk depends on many factors, and they are constantly changing. Therefore, an evaluation should be carried out periodically, taking into account the changing internal and external circumstances of the company, and it should include at least: (a) the characteristics of the client; (b) the characteristics of the services, transactions, products and channels offered by the company; and (c) the characteristics of the countries that determine the size of the risk assumed by the company. A manager can choose different specialists to make the assessment, but it is up to him to make decisions about the acceptable level of risk for the company, and to provide measures to reduce and/or eliminate it.
3.Based on the risk assessment, a manager should ensure that the company has implemented risk-based prevention procedures and processes.
4.The manager is responsible for appointing a competent compliance specialist. He must ensure that s/he has the necessary powers to implement preventive measures in the company effectively. The person responsible should have sufficient knowledge in the field of money laundering prevention, access to necessary information, the support of management, and all the assistance s/he needs.
5. If the company has appointed a person to implement the prevention of money laundering, it is still the responsibility of the manager to supervise the effectiveness of the prevention, and to ensure that the procedures and processes are constantly reviewed and refined. This can be implemented through an internal audit or independent external evaluation of efficiency, reporting to management.
6. The manager is responsible for the effective dissemination of information in the company. Information has to travel not only upwards, from the staff to the senior manager, but also down the line. Employees should take part in specialised training programmes, and should be continuously informed about significant changes in the company’s activities and procedures, and they must be provided with de-personalised information about significant incidents and the lessons learned. In turn, the Compliance Officer should periodically provide managers with information on the risk of money laundering in the company, compliance incidents, suspicious transaction statistics, proposals to improve performance, and so on. All levels of staff should be given the opportunity to inform managers anonymously about non-compliance within the company, and other allegations of non-compliance.
7. The dissemination of information relates directly to one of the most important responsibilities of the manager: the incorporation of compliance into the culture of the company. The measures to achieve this are diverse, but everything starts with an appropriate and open-minded approach to leadership, reinforced by an adequately arranged promotion system. Employee remuneration should depend not only on the financial goals achieved, but also on employee knowledge in risk management, customer risk, quality of customer data collected, and other efforts to ensure compliance within the company. In this way, compliance principles are actually implemented and promoted throughout the company, and the climate of a ‘healthy’ organisation is formed
8. Finally, the manager should ensure that the resources required for compliance are available. Like any other process, money laundering prevention is based on the cost of implementing it, human resources, IT systems, training budgets, and so on, which should be commensurate with the size of the company’s risk.The consequences of non-compliance can be very painful, both for the manager and the organisation as a whole, and for those who have invested in it. Huge fines reaching millions of euros are most common, which can be imposed on the manager, the shareholder and the company itself, but it should be borne in mind that the consequences may go even further:
Damage to the company’s reputation and brand
Loss of company valueLoss of a business license
Financial penalties for the company and obligations to invest in correcting deficiencies
Administrative and criminal liability.