1

ANNUAL SELF-RISK ASSESSMENT

ON ANTI-MONEY LAUNDERING /
COMBATING THE FINANCING OF
TERRORISM & PROLIFERATION OF
WEAPONS OF MASS DESTRUCTION
(AML/CFT&P)

FOR

SPECIALISED DESPOSIT-TAKING
INSTITUTIONS (SDIs)
 2

BACKGROUND

This annual self-risk assessment questionnaire on Anti-Money Laundering, Countering the

Financing of Terrorism and Proliferation of Weapons of Mass Destruction (AML/CFT&P) is a
set of key AML/CFT&P questions to assist Specialised Deposit-Taking Institutions (SDIs) in
Ghana to assess if they are effectively managing and controlling their money laundering, terrorist
financing and proliferation financing (ML/TF&PF) risks.

The questions cover key aspects which include Board / Senior Management responsibilities, the
role of the Anti-Money Laundering Reporting Officer (AMLRO), AML/CFT&P policies and
procedures, adopting a risk-based approach, detecting and reporting suspicious activities,
record keeping, staff training and independent testing.

This questionnaire is not a checklist and is neither exhaustive nor prescriptive. It is designed to
assist SDIs to focus on the key areas and to enable them to gauge if they are effectively
managing their ML/TF&PF risks and complying with regulatory obligations.

The annual Self-Risk Assessment on AML/CFT&P requires the SDI to assess and document
their AML/CFT&P programme against each requirement/control and indicate their level of
control as (categories – e.g. no control, partial control, largely effective control, and effective
controls). Bank of Ghana (BOG) has provided a list of points that SDIs should consider when
assessing themselves against each requirement/control measure.

BOG will also expect SDIs to be able to justify and verify their assessment with supporting
documentation if requested.

NAME OF INSTITUTION

PREPARED AND SUBMITTED SIGNATURE:

BY AMLRO / COMPLIANCE
OFFICER

APPROVED BY CEO SIGNATURE:

DATE

Please do a self-assessment using the maximum score assigned to each consideration. Be

objective in your assessment; if possible corroborate your score with persons who
understand the SDI’s MLTF&PF risks.
 CONTROLS/RISK MITIGANTS RATING MATRIX

Assessment Maximum SDI’s SDI’s Score Justification Supervisor’s Supervisor’s Score

Score Score (Narrative) Score Justification
(%) (Narrative)

1. Board and Senior Management Oversight 20.0%

Requirement/Control
The governing board and senior
management of the SDI take and
demonstrate overall responsibility for
AML/CFT&P systems and controls.
Consider whether the board and senior
management of the SDI:
i. Fully understand their obligations and 5.0%
AML/CFT&P responsibilities.
ii. Approve the SDI’s AML/CFT&P policy 4.0%
and procedures.
iii. Receive regular AML/CFT&P training; 2.0%
iv. Play a directing role in terms of allocating 3.0%
resources to AML/CFT&P (human, IT,
budgets etc.)
v. Appointment and approval of the AMLRO 4.0%

vi. Regular discussion/deliberation of 2.0%

Compliance report and AML/CFT&P
issues
 4

Assessment Maximum SDI’s SDI’s Score Justification Supervisor’s Supervisor’s Score

Score Score (Narrative) Score Justification
(%) (Narrative)

2. Policies and Procedures 10.0%

Requirement/Control

Documented AML/CFT&P policies and

procedures.
Consider:

i. To what extent AML/CFT&P policies 4.0%

and procedures are translated into day to
day operational procedures. Consider
on-boarding and determine if they are
sufficiently detailed to ensure
compliance with KYC/CDD
requirements and the SDI’s own KYC
policy;
ii. How often are AML/CFT&P policies 2.0%
and procedures updated and the date of
the last review (consider whether new
legal or regulatory requirements are
introduced recently and if internal
policies and procedures reviewed to
reflect those changes);
iii. Whether the SDI applies its 2.0%
AML/CFT&P policies, procedures,
systems and controls to any branches or
agents;
 5

Assessment Maximum SDI’s SDI’s Score Justification Supervisor’s Supervisor’s Score

Score Score (Narrative) Score Justification
(%) (Narrative)
iv. If all staff have easy access to relevant 2.0%
AML/CFT&P policies and procedures;
and have confirmed receipt and
understanding

3. Anti-Money Laundering Reporting

Officer (AMLRO) and AML/CFT&P
Resources 10.0%

Requirement/Control
The AMLRO is sufficiently senior,
competent and independent to effectively
discharge his/her responsibilities.
Consider:
i. Whether the AMLRO is appointed at 2.0%
Management level;
ii. Who the AMLRO reports to on day to 2.0%
day level and on AML/CFT&P matters;
whether the AMRO has a direct access
to the board;
iii. Whether the AMLRO has relevant 2.0%
AML/CFT&P qualifications and
experience;
iv. Whether the AMLRO has sufficient 1.0%
knowledge of the Ghanaian
AML/CFT&P regime;
 6

Assessment Maximum SDI’s SDI’s Score Justification Supervisor’s Supervisor’s Score

Score Score (Narrative) Score Justification
(%) (Narrative)
v. Whether the AMLRO undertakes other 1.0%
functions or duties.
vi. Whether the AMLRO’s duties and 2.0%
functions are clearly documented in a
policy statement and have provided
adequate resources for AML/CFT&P
function.

4. Management Reporting 5.0%

Requirement/Control
Timely and adequate reporting to Board on
AML/CFT&P matters.

Consider:
i. Whether the AMLRO produces regular 2.0%
AML/CFT&P reports and submits it to
the board;
ii. Whether the content of the AMLRO’s 1.0%
report is sufficiently comprehensive;
iii. Whether the Board provides feedback on 1.0%
reports submitted.
iv. Whether additional risks are reported to 1.0%
the Board which may have
AML/CFT&P implications.
 7

Assessment Maximum SDI’s SDI’s Score Justification Supervisor’s Supervisor’s Score

Score Score (Narrative) Score Justification
(%) (Narrative)

5. Customer Due Diligence (CDD) 10.0%

Requirement/Control
a. Adequate CDD policies and procedures.
Consider:
i. Whether the SDI has a CDD policy 3.0%
outlining its approach to KYC
ii. Whether CDD policies and procedures 2.0%
require identification of the beneficial
owner and ensure that staff understand
the definition of beneficial owner
iii. Whether the SDI has documented CDD 2.0%
procedures for identification and
verification in accordance with the
supervisory guidance note on the use of
the Ghana Card for Accountable
Institutions.
iv. Whether CDD procedures are embedded 1.0%
into the account opening process.
v. Whether the SDI develops a customer 1.0%
profile consistent with the requirement
of the account opening form.
vi. If the customer profile provides 1.0%
sufficient information to monitor the
customer and his account for suspicious
activity or transactions
 8

Assessment Maximum SDI’s SDI’s Score Justification Supervisor’s Supervisor’s Score

Score Score (Narrative) Score Justification
(%) (Narrative)

6. Risk Assessment Framework 15.0%

Requirement/Control
a. SDI assesses its ML/TF&PF risks. 7.0%
Consider:
i. Whether the SDI has an approved
AML/CFT&P Internal Risk 3.0%
Assessment Framework in place
ii. Whether the SDI has formally identified, 2.0%
assessed and documented its
exposure/vulnerability to ML/TF&PF
considering its products, services,
customers, geographic scope and
delivery channels;
iii. Whether the SDI has identified which 1.0%
products and services are considered a
higher AML/CFT&P risk
iv. Does the SDI review and update its 1.0%
AML/CFT&P risk assessment profile?
(how often)?

b. Policies and procedures are in place to 4.0%

 9

Assessment Maximum SDI’s SDI’s Score Justification Supervisor’s Supervisor’s Score

Score Score (Narrative) Score Justification
(%) (Narrative)
assess the ML/TF&PF risk associated with a
business relationship.
Consider:
i. Whether the SDI assigns each customer 1.0%
a risk rating, based upon the level of
potential ML/TF&PF risk;
ii. If the SDI has a risk matrix designed to 1.0%
assist in allocating a risk rating to a
customer;
iii. Whether the SDI has a methodology for 1.0%
rating geographical locations, countries
or jurisdictions;
iv. Whether the SDI regularly reviews a 1.0%
customer’s ML/TF&PF risk rating (how
often)?

c. Enhanced Due Diligence (EDD) for higher 4.0%

risk customers.
Consider:
i. Whether the SDI’s has enhanced due 1.0%
diligence policy and procedures in place.
ii. Whether the SDI has identified 1.0%
particular products or services as high-
risk and if EDD is conducted on
customers who subscribe to such
products/services.
 10

Assessment Maximum SDI’s SDI’s Score Justification Supervisor’s Supervisor’s Score

Score Score (Narrative) Score Justification
(%) (Narrative)
iii. Whether the SDI requires and 1.0%
documents EDD steps for customers
flagged as high risk;
iv. Whether transaction monitoring is 1.0%
required over high-risk customers or
accounts.

7. Monitoring of Suspicious Transactions / 10.0%

Activities

Requirement/Control
a. Keeping KYC/CDD information updated. 1.5%
Consider:
i. Whether the SDI’s procedures ensure 0.5%
customer’s verification documentation
remains valid;
ii. If the SDI requires a periodic review of 0.5%
customer’s KYC information to ensure it
is current;
iii. Whether the SDI has internal controls 0.5%
that trigger events which require a
review of a customer’s KYC
information.

b. Adequate processes and documented 2.5%

 11

Assessment Maximum SDI’s SDI’s Score Justification Supervisor’s Supervisor’s Score

Score Score (Narrative) Score Justification
(%) (Narrative)
procedures for monitoring transactions for
unusual or suspicious activity.
Consider:
i. Whether the form and method of 1.0%
monitoring is appropriate given the
nature, scale and complexity of the SDI;
ii. The frequency and scope of transaction 0.5%
monitoring (are all transactions reviewed
/ filtered);
iii. Whether transaction/activity monitoring 1.0%
is conducted against the customer profile
of expected activity;

c. Enhanced monitoring for high-risk 1.0%

customer, products or services.
Consider:
i. If the SDI has procedures for conducting 0.5%
enhanced monitoring for high-risk
customers, products or services and what
this entails;
ii. Whether complex, unusually large 0.5%
transactions or transactions that have no
apparent or visible economic or lawful
purpose are examined.

d. Internal reporting of potentially suspicious 2.0%

 12

Assessment Maximum SDI’s SDI’s Score Justification Supervisor’s Supervisor’s Score

Score Score (Narrative) Score Justification
(%) (Narrative)
transactions.
Consider:
i. If employees are trained to identify 0.5%
suspicious activity;
ii. Whether employees understand their 0.5%
obligation to make internal reports to the
AMLRO of any suspicious activity;
iii. The level of detail of the SDI’s internal 0.5%
procedures for reporting of potentially
suspicious transactions (timeframes,
approvals, use of a template report for
internal suspicious transactions etc.);
iv. How employees are made aware that 0.5%
failing to make a report may result in
disciplinary action.

e. Procedures for the AMLRO investigation 3.0%

and evaluation of STRs.
Consider:
i. Whether there are documented 1.0%
procedures for the AMLRO to follow on
receipt of an STR;
ii. Whether the AMLRO documents the 0.5%
investigation;
iii. Whether the AMLRO is able to make a 0.5%
decision as to whether to report to the
FIC independently (and without consent
 13

Assessment Maximum SDI’s SDI’s Score Justification Supervisor’s Supervisor’s Score

Score Score (Narrative) Score Justification
(%) (Narrative)
or approval of any other person).
iv. If the SDI’s procedures include 0.5%
documenting reasons why a report was
not made to the FIC.
v. Whether the SDI’s procedures include 0.5%
actions preventing tipping off, what to
do if a customer wishes to move his
funds etc.;

8. Training and Staff Awareness 10.0%

Requirement/Control
a. An adequate training programme which 5.0%
encompasses AML/CFT&P training for all
employees and the Board.
Consider:
i. If the SDI has a documented and 2.0%
approved AML/CFT&P training
programme including the scope and
content of AML/CFT&P training,
frequency and delivery methods;
ii. Whether AML/CFT&P training is 1.0%
tailored for different employees;
iii. Whether employees are required to 1.0%
undertake AML/CFT&P training before
undertaking customer related or other
relevant activities;
 14

Assessment Maximum SDI’s SDI’s Score Justification Supervisor’s Supervisor’s Score

Score Score (Narrative) Score Justification
(%) (Narrative)
iv. Whether and how employees are 1.0%
assessed for knowledge retention
following the AML/CFT&P training.

b. Evidence of adequate AML/CFT&P 5.0%

training.
Consider:
i. Whether the SDI maintains a current 2.0%
training log providing details of all staff
and the date of their last AML/CFT&P
training;
ii. Whether, it is easy to identity staff that 1.0%
are due, or have not received,
AML/CFT&P training and if it is clear
who in the SDI is responsible for
following up with staff to ensure training
is conducted;
iii. Whether the SDI imposes disciplinary 2.0%
actions on staff if training is not
undertaken within the timeframe;

9. Record Keeping 5.0%

Requirement/Control
Record keeping of all required information
and documents relating to AML/CFT&P.
 15

Assessment Maximum SDI’s SDI’s Score Justification Supervisor’s Supervisor’s Score

Score Score (Narrative) Score Justification
(%) (Narrative)
Consider:
i. Whether there is a policy for record 3.0%
retention.
ii. The adequacy of record retention, 2.0%
include the form that records are
maintained (hard copy, electronic),
whether they are maintained onsite or
offsite and can be readily accessed;

10. Independent Testing 5.0%

Requirement/Control
Annual independent audit of the effectiveness
of AML/CFT&P policies, procedures,
systems and controls.
Consider:

i. Whether the SDI has an independent 2.0%

audit function that conducts regular
review of the effectiveness of measures
taken by the SDI with regard to
preventing ML/TF&PF;
ii. What is the scope and frequency of the 1.0%
independent testing;
 16

Assessment Maximum SDI’s SDI’s Score Justification Supervisor’s Supervisor’s Score

Score Score (Narrative) Score Justification
(%) (Narrative)
iii. Whether audit findings are relayed to the 1.0%
Board or Board Sub-Committee;
iv. Whether there is a proper system for 1.0%
monitoring rectification of
breaches/deficiencies.