Independent AML Audit Conclusions

06/07/2018

On 22 May 2018, the Bank concluded its independent anti-money laundering program review, conducted by an international team of experts. This was a mandatory requirement of the AML Settlement Agreement of 19 July 2017 with the Financial and Capital Markets Commission ("FCMC").

Over a three month period, the experts reviewed documents, policies, procedures, made 22 interviews with members of staff, ran scenario testing, and sample testing of client files. Within the scope of the review was a) the external AML review conducted by Navigant Consulting, Inc. in April 2016 (by following Bank Secrecy Act (BSA) principles), b) the inspection conducted by the FCMC in September 2016 (following the Latvian AML legislation and regulations), c) additional enhancements (AE) initiated by the Bank in the pursuit of a robust AML /CFT program and d) compliance with regulation No. 219 on the provision of money laundering and terrorist financing risk management information technologies. The audited period was from the previous FCMC AML audit to year-end 2017.

The experts performed reconciliation between the Navigant and FCMC recommendations. While assessing corrective actions performed by the Bank, they rated each observation and recommendation as: (i) Implemented, (ii) Partially Implemented and (iii) Not Implemented. While assessing the AML Program and additional enhancements initiated by the Bank, the experts used local regulations, international better practices and Bank Secrecy Act (BSA) principles (where applicable). During evidence review activities included: (i) off-site documentary evidence review, (ii) series of interviews with the Bank’s management and operational staff, (iii) job shadowing sessions and (iv) substantive testing of outcomes AML Program. Risk-based sampling of the main outcomes of the AML Program included: KYC files (including LORO files), Transactions Monitoring investigations, SAR files, training records and risk indicators calculations. Further to this, the experts performed Sanctions testing exercise and Transactions Monitoring scenarios analysis. For the IT systems, the scope of the work consisted of three parts: 1. Assessment of AML IT systems functionality; 2. AML systems testing; 3. Assessment of selected IT governance controls.

Of the 51 previous recommendations from Navigant and the FCMC, 25 have been fully implemented, 24 partially implemented, and 2 not implemented (1 of which was justified based on local FIU requirements).

Additionally, the Bank received 46 recommendations on the additional enhancements made by the Bank, and 12 recommendations on improving the IT systems used to fight money laundering.

The audit methodology scored each recommendation on two scales - Impact Rating & Priority Rating - with a rating of 1-4 (low - high risk), and in combination then an overall rating for each recommendation.

Of the 103 recommendations received, 46 were classed as Low Risk, 42 were classed as Moderate Risk, and 15 as High Risk. In response to this, the Bank have approved an 80-point corrective action plan, with the implementation of the various recommendations by year-end 2018 at the latest (depending on the established priority).

Commenting on the report, Oliver Bramwell, Chairman of the Board noted that the Bank was not surprised by the depth of the analysis, and the number of recommendations was to be expected given the current market pressure regards AML. Of the 80-point corrective action plan he noted with confidence that this could be executed based on the current resources in the Bank, and should not have a visible impact to our clientele. Additional investment in systems, training, and personnel was planned for 2018, and is being made - there is always a way to run things smarter, faster, and optimised - that's our permanent state of affairs regards AML, Mr. Bramwell added.