1 Securities & Investment Institute – Compliance Forum. “Towards complying with the Risk-based Approach – a new role for MLROs?”. 17 th May, 2006.

2 Presentation Structure A bit of History. Key Changes. New FSA Rules (SYSC). JMLSG Guidance Action needed & Key Dates. Is / should the MLRO be “the focal point”? Is there a Bi-focal point now? The positive view of the MLRO role.

3 The Species “MLRO” Hitherto known as “Praefectus Adligo Vinculum” (“Officer Responsible For Going To Prison” !) CHARACTERISTICS : An almost unquenchable desire to do good in the face of great adversity. A willingness to explain – over & over again- the concept of “tipping off”. A touching belief that “knowing the customer” really, honestly, genuinely, is a good idea ! An un-natural familiarity with jurisdictions where all things / names are negotiable ! A stoic ability to cope with solitude, cynicism, apathy, indifference & venal hostility (With thanks to “Regulus”)

4 What Has Changed? The law ? Not a word. FSA rules ? Yes ! JMLSG Guidance ? Yes ! Net effect ? Time & FSA/FATF will tell! NOTE! * RBA is a step change for many firms! Important changes of emphasis Some key relationship challenges

5 JMLSG Guidance 2006 & FSA SYSC rules – Key Changes. 1.Increased SM Involvement 2.Increased focus on Systems and Controls 3.Increased focus on risk assessment 4.Flexibility introduced re ID&V relative to risk 5.Increased KYC and monitoring but effort relative to risk

6 JMLSG Guidance 2006 & FSA SYSC rules – Key Changes. 6.Increased focused training with effort relative to risk 7.Keeping records more important than ever. 8.Demonstrate a proportionate & reasonable approach. 9.Holistic view / approach to “Financial Crime”.

7 Key changes Increased risk assessment (Part 1 Chapter 4) Discrete steps to be taken (JMLSG 4.2 SYSC 3.2.6F G) Identify potential risks for sector Assess actual risks from customers and products Design and implement controls to manage actual risks Monitor and improve effective operation of controls Keep appropriate records of what done and why

8 Key changes Increased risk assessment (Guidance, Part 1 Chapter 4) No fixed approach (JMLSG SYSC 3.2.6F G) Simple or complex to reflect business May be product or customer lead Often results in formal categorisation High/Medium/Low Products, Customers etc allocated Controls designed to match risk

9 Key changes Increased risk assessment (Guidance, Part 1 Chapter 4) Considerations/recommended questions to consider (JMLSG 4.13 – 4.18) : Nature of products Nature of customers Interaction between customers and products Geography Delivery

10 Key changes Increased risk assessment (Guidance, Part 1 Chapter 4) Implement controls to manage risks (JMLSG 4.19 – 4.26) : Vary ID &V procedures and documentary requirements to reflect risk Vary amount of additional KYC info to reflect risk Vary monitoring effort to reflect risk

11 Key changes Increased risk assessment (Guidance, Part 1 Chapter 4) Simple or complex the approach and result must be: Documented Endorsed by the Board/Senior Management Kept under review (annually) (JMLSG 4.29 –4.33 Chapter 1 and 3)

12 Key changes Increased risk assessment (Guidance, Part 1 Chapter 4) Document and defend FSA Supervisors attitude? Not to challenge assessment providing a responsible and reasonable approach taken? Read FSA letter to JMLSG, 10 TH April, Assessment down to SM No level playing field Probably AML will become a competitive issue.

13  Action Required: Action Required: * Assess & document risk profiles for S.M.sign- off. * Review/Amend policies, procedures, systems & controls. * Determine revised staff training needs & training strategy going forward. * Monitor & report back to S.M. via project management discipline.

14 Key Dates: + Guidance published 1 st February, Treasury approval 13 th February, FSA SYSC Rules in full effect from 1 st September, FATF evaluation due Oct/Nov, 2006.

15 The MLRO – Interaction of law,rules & Guidance (1) Remains controlled function ) {SYSC 3.2.6I R Must still be approved person ) APER R} Can also be “ nominated officer “ under POCA( JMLSG PT.1ch.3.4) “Nominated Officer “ / “MLRO” for relevant business” ( ch.3.1 – 3.2) Ultimate Senior Management responsibility - can be all 3 roles

16 The MLRO – Interaction of law,rules &Guidance (2) AML / financial crime responsibility of Senior Management (sysc / / / 3.2.6H R) Director or Senior Management allocated responsibility (ch.1.23) Can also be MLRO (ch.1.24 & SYSC H R) Senior Management to take ownership (ch.2) “Held Accountable” (ch.2) BUT!!! POCA obligations of MLRO Interface of S.M./ Director with MLRO is key (ch.1.24) MLRO / FSA interface (ch.3.6)

17 Standing of MLRO Threshold competence required Able to act on own authority Adequately resourced Continuing training to remain competent Linkage with A.P.E.R. Code principle 7 (ch 3.6, SYSC 3.2.6I R) Continuing focal point “ for all aspects….” (ch.3.9).

18 MLRO - Senior Management Relationship Support / coordinate Senior Management focus on managing money laundering risk in individual business areas --- new ! (ch.3.10) Responsible for offering training + standards + scope --- new ! (ch. 3.26) Remember ! -- ultimate responsibility is Senior Management (sysc R./ R/ ch.2.5). MLRO annual report (ch – 3.37). MLRO to monitor effectiveness of SYSC in firm (ch.3.28) “caesar ad praefectus adligomant vinculum” !!

19 Position of the MLRO – The NEGATIVE View The meat in the sandwich Law EnforcementFSA MLRO Government Legislation Firm + Senior Management

20 Position of the MLRO – The POSITIVE VIEW - at the centre of everything! SOCA Staff MLRO Senior Mngmnt Customers Internal Reports Awareness & training HMG / FSA / FATF Requirements External reports Annual reports KYC/KYCB Consent

21 A Final Thought…THE FSA VIEW The REAL FSA Requirement? To see that SENIOR MANAGEMENT are involved in MANAGEMENT of the RISKS of money laundering in a thoughtful consistent and responsible manner The MLRO is the key player in making this happen

22 SII Compliance Forum. Presentation, 17 th May, Tel/Fax