AML CTF Risk Assessment Free Template

AML/CTF Risk Assessment Template
for Payment and E-money Firms
Date Updated Nominated Officer Version
- 1 - To understand how to fill-in this template, read our article https://psplab.com/guide-with-

free-aml-risk-assessment-template or book a free consultation
https://calendly.com/psplab/free-aml-compliance-consultation-risk-assessment
Table of Contents
1 Information about this document....................................................................................3
2 Firm Details..........................................................................................................................3
2.1 Type of Payment and E-money Services Offered.....................................................3
2.2 Jurisdictions of Operation...........................................................................................4
3 Regulatory and Legal Considerations..............................................................................4
4 Executive Summary............................................................................................................5
5 Risk Assessment Methodology..........................................................................................5
5.1 Risk Rating Criteria......................................................................................................5
5.2 Risk Rating Criteria Based on Likelihood and Impact.............................................6
6 Risk Assessment:.................................................................................................................7
6.1 ‘E-money Industry Sector Risk....................................................................................8
6.2 [‘Products and Services Risk.......................................................................................8
6.3 [‘Geographical Risk......................................................................................................9
6.4 [‘Customer Risk............................................................................................................9
6.5 [‘Channel/Delivery Risk.............................................................................................10
6.6 [‘Intermediary/Third-party Risk...............................................................................10
7 Control Assessment..........................................................................................................11
7.1 ‘Customer Due Diligence (CDD) Measures.............................................................11
7.2 [’Monitoring and Reporting......................................................................................11
7.3 [‘Training and awareness..........................................................................................11
7.4 [‘Record keeping........................................................................................................12
7.5 [‘Internal Controls and Governance........................................................................12
8 Action Plan.........................................................................................................................13
9 Conclusion and Recommendations:...............................................................................14
9.1 Category Breakdown:...............................................................................................14
10 Approval and Review:...................................................................................................15

1 Information about this document
[Describe this document and its purpose. For example, ‘AML/CTF Risk Assessment was
adopted on _____ by the governing body. The nominated officer responsible for
reviewing this AML/CTF Risk Assessment is _____.
The purpose of this document is to identify and record the likelihood of our business
being exploited for money laundering or terror financing purposes. Furthermore, we
evaluate the protective measures we've established to counteract these threats,
gauging their effectiveness. We also outline the continuous monitoring process for this
risk assessment, drawing insights from the firm's operational data. The scope of this
assessment encompasses all operational aspects of our services, ranging from client
onboarding to funds transfer mechanisms, and includes all jurisdictions in which we
operate…’]
Explanation:
The information about this document serves to articulate why you are conducting the risk
assessment – in this case, to understand vulnerabilities to ML and TF. The scope, meanwhile,
defines the boundaries of your assessment – what it will cover and what it will not. For
instance, are you focusing on certain products or the entire suite? Are you covering only
domestic operations, or international ones as well? Clearly defining the scope ensures
stakeholders understand the parameters of your findings.
2 Firm Details
[Sample:
‘Legal Name: XYZ Payment Solutions Limited
Trading Name: XYZ Pay
Registration Details: Registered in [Country], Company Number: 12345678,
Registered Address: 123 Street, City, Country.
Authorisation Details: Authorised Payment Institution
FRN: 1231421’]
2.1 Type of Payment and E-money Services Offered
[This section should clearly state what services are offered. It can be either as stated in
the legislation or as codified within the firm and accepted as products by operations.
For example:
1. ‘Online money transfers

2. Prepaid electronic wallets
3. Merchant payment gateways
4. Cross-border remittances’]

Explanation:
List and briefly describe all the financial services the firm offers related to payments and e-
money. This provides context about the company's operations and can help the reader
understand potential risk areas, as some services might inherently carry higher risks than
others.
2.2 Jurisdictions of Operation
[It is imperative to outline all countries to which the firm has nexus, as well as to
explain what is the standing of the firm, i.e. whether it is a group policy or not. For
example:
‘The company is operating in the following jurisdictions:
1. Country A (Headquarters)
2. Country B (Subsidiary)
This risk assessment is group-wide.’
Explanation:
Clearly state each jurisdiction or country where the firm has a presence or offers its services.
Including additional notes, such as where the company's headquarters is located or where
there might be a special arrangement like a joint venture, provides more depth and context
about the firm's international engagements and possible risk exposure.
3 Regulatory and Legal Considerations
[The AML/CTF Risk Assessment should be based on at least the national risk
assessment, legislation applicable to the conduct of the firm (e.g. payment and/or
electronic money regulations, anti-money laundering and counter-terrorism financing
regulations, etc.), relevant regulatory guidance (e.g. HMRC, FCA, JMLSG, etc. depending
on the jurisdiction), guidance from the industry bodies (e.g. FATF, Transparency
International, etc. depending on the jurisdiction), etc. and all of them should be listed
within the document as those sources that were taken into account whenever
preparing the document.]
Explanation:
Aim of regulatory and legal considerations is to outline the basis and guidance taken into
account when preparing this document. Please note that in different jurisdictions there may
be different prescribed guidance and legislation.

4 Executive Summary
[Executive summary should provide a synopsis of key points; it should indicate what
key concerns were highlighted and overall conclusions that were reached. For example,
‘Our assessment identified potential high risks associated with our online fund transfer
mechanism, especially for cross-border transactions involving countries listed in the
FATF grey list. Additionally, we found medium risks in our customer due diligence
processes for corporate clients, and low risks in our closed-loop transaction services...’]
Explanation:
The summary of key findings provides stakeholders with a quick snapshot of the most
pressing vulnerabilities or risk areas. Ideally, these should be categorised based on severity,
allowing the reader to immediately gauge where the most attention may be needed. Also,
this could be illustrated in a table with the risk-coloured evaluation to give immediate visual
feedback. Be concise, but provide enough detail to give context – e.g., specifying that risks
are tied to FATF grey-listed countries rather than making a general statement about
international transactions.
5 Risk Assessment Methodology

[The document must contain a description of the approach used to identify and
evaluate risks. It should be providing an overview of the methods used and the sources
of data. For example:
‘Our approach employs a combination of quantitative and qualitative methods. We

utilise a detailed analysis of historical transaction data to identify patterns and
anomalies. Concurrently, we conduct interviews with key departmental stakeholders to
understand inherent operational risks. Both sets of findings are then evaluated against
industry best practices and relevant regulatory guidelines to determine the potential
areas of exposure…’]
Explanation:
This section should provide a clear picture of the procedures, techniques, or tools used to
identify risks. Whether you're analysing transaction data, speaking with department heads,
or comparing against industry standards, the methodology should be rigorous and
comprehensive. The goal is to ensure stakeholders understand the depth and breadth of the
research and assessment.
5.1 Risk Rating Criteria

[Risk rating criteria should be based on the evaluation of likelihood and impact which
would then translate into risk levels. This can be implemented as follows:
‘Likelihood Evaluation:

Likelihood refers to the probability of a risk event occurring within a specified period.
We use a combination of historical data, industry trends, and expert judgment to
estimate this:
1. Rare: Event might occur once in every 10 years.
2. Unlikely: Event might occur once in every 5 years.
3. Possible: Event could occur within the year.
4. Likely: Event is expected to occur multiple times within the year.
5. Almost Certain: Event is anticipated to occur regularly and frequently.
Impact Evaluation:
Impact considers the potential consequences or damage an event might cause. We
categorise impact based on financial loss, reputational damage, and regulatory
implications:
1. Minor: Minimal financial loss, negligible reputation damage, no regulatory

implications.
2. Moderate: Noticeable financial implications, minor reputational consequences,

possible minor regulatory findings.
3. Major: Significant financial loss, major reputation damage, potential major

regulatory sanctions.
4. Severe: Very large financial implications, severe reputation damage, strict

regulatory penalties or sanctions.
5. Catastrophic: Bankruptcy or business cessation, irreversible reputation

damage, loss of license or extreme regulatory sanctions.
5.2 Risk Rating Criteria Based on Likelihood and Impact

By combining the evaluations of both likelihood and impact, we can categorise
identified risks:
1. Low Risk: This is the least severe risk level. It indicates that the potential risk is
minimal and its occurrence is unlikely. Such risks often require minimal controls
or mitigation efforts.
2. Medium Risk: These risks can have a moderate impact on the firm and their
likelihood of occurrence is neither rare nor common. These risks require more
attention and management effort, and often involve a balanced approach
between accepting, avoiding, or mitigating the risk.
3. High Risk: High-level risks are those that can significantly disrupt the firm’s
operations, profitability, or reputation. They are more likely to occur than lower-

ranked risks. High risks require strong risk management controls and are often
priorities in any risk mitigation strategy.
4. Prohibited Risk: This level indicates risks that the organization is not willing to
accept under any circumstances. They are generally associated with illegal
activities or actions that violate the firm’s policies, regulations, or values. These
risks are to be completely avoided and strong measures are taken to ensure
these do not occur.
Risk rating table Likelihood
Rare Unlikely Possible Likely Almost

certain
Minor Low Low Medium Medium High
Moderate Low Medium Medium High High
Major Medium High High High Prohibited

Impact
Severe High High Prohibited Prohibited Prohibited
Catastrophic High Prohibited Prohibited Prohibited Prohibited
‘]
Explanation:
The risk rating criteria provide a benchmark against which identified risks can be evaluated.
This allows for the prioritisation of risks based on their potential severity and likelihood. The
combination of likelihood and impact provides a matrix-style approach to risk rating. For
instance, a risk event that's "Almost Certain" to occur but has only "Minor" impact might still
be categorised as a "Medium Risk" because of its frequency. Similarly, a "Rare" event with
"Catastrophic" consequences could be categorised as "High Risk" due to its severe
implications, even if its likelihood is low. Apart from the above, any other risk evaluation
manner could be utilised but the main point is that it should be precise enough to
substantiate further decision-making related to the risk management.
6 Risk Assessment:
[Risk assessment should describe what types of risks the firm is exposed to, this
includes the ones that emanate from the products or services offered, geographies
served, etc. This must be done whilst outlining the inherent risk and reviewing what

types of measures there are, if any, to mitigate them and what residual risks remain
thereafter. The following can serve as an illustration:
6.1 ‘E-money Industry Sector Risk

The national risk assessment of money laundering and terrorist financing has assessed
the risks around e-money services to present significant residual risks for money
laundering and terrorist financing. This is a consequence of the electronic money
institution sector having very high inherent risks common to the entire sector.
Nevertheless, this consideration is mostly surrounded by the concerns that the risk of
the sector is so high because of the absence of limits, anonymity of products in certain
instances/countries, and no adequate controls such as policies or procedures….’]
Explanation:
It is worth referring to the national risk assessment whenever evaluating industry risk,
moreover, reference could be made to other authoritative sources such as FCA’s Dear CEO
Letters, EBA’s opinions, etc. This is needed to show that consideration of the local regulators
towards the risks posed by the sector of the institution was taken into consideration and
evaluated as per market standards.
6.2 [‘Products and Services Risk
Online Money Transfers: This service may be vulnerable to fraud, particularly if

authentication measures aren't stringent. The speed and volume of transfers also
mean laundering illicit funds can be quick…
 Inherent Risks: The firm considers that the likelihood is possible and the
impact of this service is major, hence the overall inherent risk level is High Risk.
 Control Measures: CDD, Customer Monitoring, Strict Limits…
 Residual Risks: Medium risks …
Prepaid Electronic Wallets: Without strong Know Your Customer (KYC) measures,
these wallets can be used anonymously, increasing the risk of them being used for
illicit activities.
 Inherent Risks: The firm considers that the likelihood is possible and the
impact of this service is major, hence the overall inherent risk level is high…’]
Explanation:
For each product or service offered by the company, there should be a concise description
followed by a breakdown of associated ML/TF risks. Moreover, if the firm already has some
statistics as to the actual use of the aforementioned service or product it should be outlined
here as well. Recognising these risks helps in designing controls to mitigate them and
further allows to consider and outline what is actually being done by the firm to reduce
such.

6.3 [‘Geographical Risk
Countries of Operation: Country A, Country B

Countries Serviced: Country X, Country Y, Country Z
High-Risk Jurisdictions: Country Z (as per FATF grey list)
The Company is exposed to a number of clients from high-risk jurisdictions as a

consequence of …. and this remained a prevalent trend during the year in review… as
such this exposure presents possible likelihood and moderate risk which represents a
medium inherent risk…. ’]
Explanation:
This section should list all countries the firm operates in and services. Highlight countries
are known for weak AML/CTF regulations or other significant risk factors, often guided by
sources like the FATF's grey and blacklists or those identified by European Commission as
having strategic deficiencies, etc. also, it could provide an overview of the countries that are
prohibited and the exact source of the considerations why, e.g. North Korea and Russia and
sanctions that are placed on them. Further, it could indicate which countries are accepted as
though presenting high risk but those which are essential because, for example, of the
business model of the firm.
6.4 [‘Customer Risk

Types of Customers:
 Individuals
 Corporates
High-Risk Customers:
 PEPs from high-risk jurisdictions,

 Corporates in industries prone to money laundering, such as … and others as
identified in e.g. national legislation
The firm recognises that there are severe risks related to high-risk customers,
although, there is an almost negligible number of those and during the year there
were only …. onboarded and as such it is unlikely that it will occur. Therefore, the
inherent risks related to high-risk customers is high and to mitigate them the firm has
designed and implemented…’]
Explanation:
Detail the different customer segments serviced. Highlight any segment that inherently
carries higher risks. PEPs, for example, often need enhanced due diligence because of their
position and potential influence. This evaluation must always outline what risk mitigation is
taken and what residual risks are there remaining. You can go even further than that and
break down the classification of each client type and assign different risk levels based on

that, for instance, because of the industry of operation or exact legal form, such as PLC vs
LTD, etc.
6.5 [‘Channel/Delivery Risk

Delivery Methods:
 Face-to-face,
 Online platform,
 Mobile app
High-Risk Channels:
 Non-face-to-face transactions, especially those without adequate controls such

as – electronic signatures, electronic identification certificates issued in
accordance with Regulation EU (No) 910/2014 and anti-impersonation fraud
checks…
…The firm recognises that we are subject to residual impersonation risks that arise as a
consequence of remote non-face-to-face identifications since most of our customers
are verified in that manner. The likelihood of such is likely, although the occurrences of
them passing is minor so the overall inherent risk score is medium…’]
Explanation:
Different delivery channels come with varying degrees of risk. Face-to-face usually presents
less risk than non-face-to-face channels. Emphasise channels that lack strong authentication
or validation methods.
6.6 [‘Intermediary/Third-party Risk

Reliance on Third Parties: We rely on ABC Verification Ltd. for customer due diligence
and on XYZ Monitor Ltd. for transaction monitoring.
The reliance on the third parties for AML purposes presents a catastrophic impact and
they have a possible occurrence which translates to prohibited inherent risks. As such,
this cannot be left without any controls mitigating… The firm has implemented robust
third-party screening procedures which … thus bringing the residual risk rating to
medium risk…’]
Explanation:
If the firm outsources certain processes, like KYC checks, these relationships need to be
examined for risk. Third-party vendors might not have adequate controls and such
outsourcing should be evaluated. Recognising these helps in defining the supervision that is
required. Moreover, the above example clearly states that in certain instances there may be
prohibited inherent risk which will require implementing measures to bring this in line with
the acceptable risk level.

7 Control Assessment
[Control assessment is the chapter dedicated to the outline of the measures that the
firm has implemented to mitigate different risks. The measures should be those that
are implemented to tackle key risk areas and minimise the exposure of the firm. It
could be detailed as follows:
7.1 ‘Customer Due Diligence (CDD) Measures

Standard CDD Process:
 Use of ABC Verification Ltd service "IDVerifyX" for identity verification.

 Biometric facial recognition for enhanced verification.
 Sanction, PEP, adverse media screening, etc…
The initial steps are carried out by the analyst who further refers this to the…
…Enhanced Due Diligence:
Additional financial background checks for PEPs (Politically Exposed Persons) and
customers from high-risk jurisdictions and industries...’]
Explanation:
Detail your company's protocols for ensuring customer identity and assessing their potential
risk. Enhanced Due Diligence (EDD) measures should be described for high-risk clients,
detailing extra steps or checks beyond the standard procedure.
7.2 [’Monitoring and Reporting

The monitoring by the firm comprises of:
 Employment of XYZ Monitor Ltd and configuration of the rules on their

systems….
 Deployment of "TrackRight" AI system for real-time transaction monitoring,
flagging unusual transaction behaviours...
 Ongoing screening via …’]
Explanation:
Provide insights into the systems or processes in place for monitoring transactions and
clients on an ongoing basis.
7.3 [‘Training and awareness

The firm has developed a robust training programme which includes:
 Mandatory annual AML/CTF training for all staff.

 Monthly newsletters highlighting emerging money laundering tactics and case
studies…’]
Explanation:

Illustrate the company's commitment to keeping its staff informed about AML/CTF
regulations and best practices. Specify the regularity and depth of the training, and any
other initiatives to maintain awareness.
7.4 [‘Record keeping

Data Storage:
 All customer and transaction data stored securely on the company's encrypted
cloud servers...
 MLRO maintains record of all…
 All communications of firm are carried out through … and retained for a period
of minimum 5 years…
 …
Retention Policy:
 Customer data and transaction records retained for a minimum of 5 years

(depending on the local requirements).
 All documents are kept in … language.
 …’]
Explanation:
Describe the mechanisms for storing sensitive data and the policies dictating how long this
information is held. It's essential to comply with both data protection and AML regulatory
requirements and to keep a track record.
7.5 [‘Internal Controls and Governance

AML/CTF Policy and Procedures:
 Documented AML/CTF policy updated annually and after any significant

regulatory change…
Internal Compliance Structure:
 Designated MLRO responsible for oversight of AML/CTF compliance and primary

contact for regulatory bodies.
 DMLRO supporting the MLRO.
 Chief Compliance Officer who separately supervises the overall regulatory

compliance.
 …
Audits:
 Quarterly quality assurance by CCO.

 Annual self-assessment reports by the MLRO.
 Annual third-party AML/CTF audits.
Reporting Structure:
 Monthly AML compliance reports submitted to the Compliance Committee.
 Quarterly MLRO reports submitted to the Board of Directors.
 …’]
Explanation:
Lay out the internal governance structure that ensures adherence to AML/CTF obligations.
Discuss the role and responsibilities of key personnel, especially the MLRO, and how
frequently the policies and controls are reviewed.
[Apart from the above there is other information and controls that could be detailed in
this chapter, this includes, both the practical measures in place and the underlying
philosophy guiding those measures. This in-depth approach should enable regulators,
auditors, and other stakeholders to gain a clear understanding of the firm's efforts to
prevent money laundering and terrorist financing.]
8 Action Plan
[The action plan section should outline specific measures to address the identified gaps
or those areas which remained with insufficient mitigation measures as per section 6.
It provides a clear roadmap for enhancing the firm's AML/CTF controls and ensures
accountability and timely execution.
Steps to Address Identified Risk Gaps:
1. Identified Risk Gap: Outline the specific risk gaps that were identified during the
risk assessment.
2. Proposed Actions: Detail the specific measures that will be taken to close these
gaps together with responsible people and key milestones.
For example, it could be as follows:
‘The firm has identified the following areas as those of concern and requiring directed
action:
Transaction monitoring for high-risk jurisdictions
 ...Risk Gap: Lack of real-time transaction monitoring for high-risk jurisdictions.

 Action: Implement AI-driven real-time monitoring and alerting system for
transactions originating from or destined to high-risk countries.
 Implementation Start Date: September 1, 2023.

 Milestones: System selection by October 1; Full implementation by January 1,
2024.
 Responsible Party: John Smith, IT Security Manager.
 Reporting: Bi-weekly progress reports to the Compliance Committee…’]
Explanation:
This section should provide a thorough and systematic overview of the gaps identified in the
risk assessment and the corresponding steps that the firm plans to take to address these
gaps. The actions should be concrete, achievable, and directly related to the identified
issues.
9 Conclusion and Recommendations:

[The concluding section of the risk assessment encapsulates the entire analysis,
providing a clear and concise summary of the overall risk rating and offering
recommendations for further improvements.
Summary of Overall Risk Rating:
 Present a summary of the overall risk rating derived from the assessment.
 Highlight the categories of risk and the corresponding ratings (Low, Medium,
High, Prohibited, etc.).
For example, that can be illustrated as follows:
‘Overall Risk Rating of the firm is Medium. This is based on the considerations… and …
having in mind that…
9.1 Category Breakdown:

Products and Services Risk:
1. Online Money Transfers:

 Inherent risk: High
 Residual risk: Medium
2. Prepaid Electronic Wallets:
 Inherent risk: High
 Residual risk: Medium…
The product and service inherent risk is actively countered by…
Geographical Risk:
Overall, the firm operates mostly in low to medium-risk countries.
The following countries are presenting a high risk to the firm: UAE, Nigeria, …
The following countries are presenting a prohibited risk to the firm: Russia, ...

The geographical risk is something that the firm actively monitors. It has appropriate
systems and controls and adheres to the risk evaluation provided by…’]
Explanation:
This section synthesises the findings from the risk assessment, summarising the risk levels
for various categories and providing an overall risk rating. It allows readers to quickly grasp
the main outcomes of the risk assessment and understand where the firm stands in terms of
AML/CTF risks.
10 Approval and Review:

[This section sets out the formal review process and approval by the appropriate senior
management or board members, ensuring that the risk assessment has the necessary
oversight and commitment.
‘Next Review Date: August 1, 2024.
Approved by: Jane Doe, Chief Compliance Officer.
Signature: [Space for Signature]
Date of Approval: September 1, 2023.’]
Explanation:
This part of the section provides a formal record of the approval of the risk assessment by
the responsible senior management or board members. It is a critical step that
demonstrates the firm's commitment to the risk assessment and the actions outlined
therein.


AML CTF Risk Assessment Free Template

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AML CTF Risk Assessment Free Template

Uploaded by

Copyright:

Available Formats

AML/CTF Risk Assessment Template

for Payment and E-money Firms

Date Updated Nominated Officer Version

- 1 - To understand how to fill-in this template, read our article https://psplab.com/guide-with-

- 2 - To understand how to fill-in this template, read our article https://psplab.com/guide-with-

2.1 Type of Payment and E-money Services Offered

1. ‘Online money transfers

- 3 - To understand how to fill-in this template, read our article https://psplab.com/guide-with-

2.2 Jurisdictions of Operation

‘The company is operating in the following jurisdictions:

This risk assessment is group-wide.’

3 Regulatory and Legal Considerations

- 4 - To understand how to fill-in this template, read our article https://psplab.com/guide-with-

5 Risk Assessment Methodology

‘Our approach employs a combination of quantitative and qualitative methods. We

5.1 Risk Rating Criteria

- 5 - To understand how to fill-in this template, read our article https://psplab.com/guide-with-

1. Rare: Event might occur once in every 10 years.

2. Unlikely: Event might occur once in every 5 years.

3. Possible: Event could occur within the year.

4. Likely: Event is expected to occur multiple times within the year.

5. Almost Certain: Event is anticipated to occur regularly and frequently.

1. Minor: Minimal financial loss, negligible reputation damage, no regulatory

2. Moderate: Noticeable financial implications, minor reputational consequences,

3. Major: Significant financial loss, major reputation damage, potential major

4. Severe: Very large financial implications, severe reputation damage, strict

5. Catastrophic: Bankruptcy or business cessation, irreversible reputation

5.2 Risk Rating Criteria Based on Likelihood and Impact

- 6 - To understand how to fill-in this template, read our article https://psplab.com/guide-with-

Risk rating table Likelihood

Rare Unlikely Possible Likely Almost

Minor Low Low Medium Medium High

Moderate Low Medium Medium High High

Major Medium High High High Prohibited

Severe High High Prohibited Prohibited Prohibited

Catastrophic High Prohibited Prohibited Prohibited Prohibited

- 7 - To understand how to fill-in this template, read our article https://psplab.com/guide-with-

6.1 ‘E-money Industry Sector Risk

6.2 [‘Products and Services Risk

Online Money Transfers: This service may be vulnerable to fraud, particularly if

 Control Measures: CDD, Customer Monitoring, Strict Limits…

 Residual Risks: Medium risks …

- 8 - To understand how to fill-in this template, read our article https://psplab.com/guide-with-

Countries of Operation: Country A, Country B

The Company is exposed to a number of clients from high-risk jurisdictions as a

6.4 [‘Customer Risk

 PEPs from high-risk jurisdictions,

- 9 - To understand how to fill-in this template, read our article https://psplab.com/guide-with-

6.5 [‘Channel/Delivery Risk

 Non-face-to-face transactions, especially those without adequate controls such

6.6 [‘Intermediary/Third-party Risk

- 10 - To understand how to fill-in this template, read our article https://psplab.com/guide-with-

7.1 ‘Customer Due Diligence (CDD) Measures

 Use of ABC Verification Ltd service "IDVerifyX" for identity verification.

…Enhanced Due Diligence:

7.2 [’Monitoring and Reporting

 Employment of XYZ Monitor Ltd and configuration of the rules on their

7.3 [‘Training and awareness

 Mandatory annual AML/CTF training for all staff.

- 11 - To understand how to fill-in this template, read our article https://psplab.com/guide-with-

7.4 [‘Record keeping

 MLRO maintains record of all…

 Customer data and transaction records retained for a minimum of 5 years

 All documents are kept in … language.