Professional Documents
Culture Documents
AML - CFT - P Annual Self-Assessment Questionnaire
AML - CFT - P Annual Self-Assessment Questionnaire
FOR
SPECIALISED DESPOSIT-TAKING
INSTITUTIONS (SDIs)
2
BACKGROUND
The questions cover key aspects which include Board / Senior Management responsibilities, the
role of the Anti-Money Laundering Reporting Officer (AMLRO), AML/CFT&P policies and
procedures, adopting a risk-based approach, detecting and reporting suspicious activities,
record keeping, staff training and independent testing.
This questionnaire is not a checklist and is neither exhaustive nor prescriptive. It is designed to
assist SDIs to focus on the key areas and to enable them to gauge if they are effectively
managing their ML/TF&PF risks and complying with regulatory obligations.
The annual Self-Risk Assessment on AML/CFT&P requires the SDI to assess and document
their AML/CFT&P programme against each requirement/control and indicate their level of
control as (categories – e.g. no control, partial control, largely effective control, and effective
controls). Bank of Ghana (BOG) has provided a list of points that SDIs should consider when
assessing themselves against each requirement/control measure.
BOG will also expect SDIs to be able to justify and verify their assessment with supporting
documentation if requested.
NAME OF INSTITUTION
DATE
Requirement/Control
The governing board and senior
management of the SDI take and
demonstrate overall responsibility for
AML/CFT&P systems and controls.
Consider whether the board and senior
management of the SDI:
i. Fully understand their obligations and 5.0%
AML/CFT&P responsibilities.
ii. Approve the SDI’s AML/CFT&P policy 4.0%
and procedures.
iii. Receive regular AML/CFT&P training; 2.0%
iv. Play a directing role in terms of allocating 3.0%
resources to AML/CFT&P (human, IT,
budgets etc.)
v. Appointment and approval of the AMLRO 4.0%
Requirement/Control
Requirement/Control
The AMLRO is sufficiently senior,
competent and independent to effectively
discharge his/her responsibilities.
Consider:
i. Whether the AMLRO is appointed at 2.0%
Management level;
ii. Who the AMLRO reports to on day to 2.0%
day level and on AML/CFT&P matters;
whether the AMRO has a direct access
to the board;
iii. Whether the AMLRO has relevant 2.0%
AML/CFT&P qualifications and
experience;
iv. Whether the AMLRO has sufficient 1.0%
knowledge of the Ghanaian
AML/CFT&P regime;
6
Requirement/Control
Timely and adequate reporting to Board on
AML/CFT&P matters.
Consider:
i. Whether the AMLRO produces regular 2.0%
AML/CFT&P reports and submits it to
the board;
ii. Whether the content of the AMLRO’s 1.0%
report is sufficiently comprehensive;
iii. Whether the Board provides feedback on 1.0%
reports submitted.
iv. Whether additional risks are reported to 1.0%
the Board which may have
AML/CFT&P implications.
7
Requirement/Control
a. Adequate CDD policies and procedures.
Consider:
i. Whether the SDI has a CDD policy 3.0%
outlining its approach to KYC
ii. Whether CDD policies and procedures 2.0%
require identification of the beneficial
owner and ensure that staff understand
the definition of beneficial owner
iii. Whether the SDI has documented CDD 2.0%
procedures for identification and
verification in accordance with the
supervisory guidance note on the use of
the Ghana Card for Accountable
Institutions.
iv. Whether CDD procedures are embedded 1.0%
into the account opening process.
v. Whether the SDI develops a customer 1.0%
profile consistent with the requirement
of the account opening form.
vi. If the customer profile provides 1.0%
sufficient information to monitor the
customer and his account for suspicious
activity or transactions
8
Requirement/Control
a. SDI assesses its ML/TF&PF risks. 7.0%
Consider:
i. Whether the SDI has an approved
AML/CFT&P Internal Risk 3.0%
Assessment Framework in place
ii. Whether the SDI has formally identified, 2.0%
assessed and documented its
exposure/vulnerability to ML/TF&PF
considering its products, services,
customers, geographic scope and
delivery channels;
iii. Whether the SDI has identified which 1.0%
products and services are considered a
higher AML/CFT&P risk
iv. Does the SDI review and update its 1.0%
AML/CFT&P risk assessment profile?
(how often)?
Requirement/Control
a. Keeping KYC/CDD information updated. 1.5%
Consider:
i. Whether the SDI’s procedures ensure 0.5%
customer’s verification documentation
remains valid;
ii. If the SDI requires a periodic review of 0.5%
customer’s KYC information to ensure it
is current;
iii. Whether the SDI has internal controls 0.5%
that trigger events which require a
review of a customer’s KYC
information.
Requirement/Control
a. An adequate training programme which 5.0%
encompasses AML/CFT&P training for all
employees and the Board.
Consider:
i. If the SDI has a documented and 2.0%
approved AML/CFT&P training
programme including the scope and
content of AML/CFT&P training,
frequency and delivery methods;
ii. Whether AML/CFT&P training is 1.0%
tailored for different employees;
iii. Whether employees are required to 1.0%
undertake AML/CFT&P training before
undertaking customer related or other
relevant activities;
14
Requirement/Control
Record keeping of all required information
and documents relating to AML/CFT&P.
15
Requirement/Control
Annual independent audit of the effectiveness
of AML/CFT&P policies, procedures,
systems and controls.
Consider: