AML Policy Overview
1. Purpose and Scope
This policy (Ref: COMP-AML-001) establishes the Bank's overarching framework for the prevention, detection, and reporting of money laundering and terrorist financing activities. It applies to all employees, contractors, and third-party agents operating on behalf of the Bank across all jurisdictions in which the Bank maintains a presence.
The policy is aligned with the EU's Sixth Anti-Money Laundering Directive (AMLD6), the Financial Action Task Force (FATF) Recommendations, the UK's Proceeds of Crime Act 2002 (POCA), and all applicable national transpositions.
2. Governance and Oversight
The Bank's AML governance structure is organised as follows:
- Board of Directors — Ultimate accountability for AML compliance and risk appetite.
- Group Chief Compliance Officer (CCO) — Responsible for the design and effectiveness of the AML programme across all business lines.
- Money Laundering Reporting Officer (MLRO) — Designated under applicable regulations to receive, evaluate, and file Suspicious Activity Reports (SARs) with the relevant Financial Intelligence Unit (FIU).
- AML Unit — Operational team responsible for transaction monitoring, screening, and investigations.
- First Line of Defence — All business units and relationship managers are responsible for applying CDD measures and escalating concerns.
3. Key Obligations
3.1 Customer Due Diligence (CDD)
All customer relationships must be subject to risk-based Customer Due Diligence at onboarding and throughout the lifecycle of the relationship. Refer to policy COMP-AML-003 for detailed CDD requirements.
3.2 Transaction Monitoring
The Bank operates automated transaction monitoring systems calibrated to detect patterns indicative of money laundering, terrorist financing, and sanctions evasion. Alerts must be reviewed and dispositioned within five (5) business days of generation. High-priority alerts must be escalated to the AML Unit within 24 hours.
3.3 Suspicious Activity Reporting
Any employee who suspects or has reasonable grounds to suspect that a transaction or activity involves the proceeds of crime must file an internal SAR with the MLRO immediately and no later than 24 hours from the point of suspicion. The MLRO will assess and, where appropriate, file an external report with the FIU. Refer to policy COMP-AML-002 for the full SAR procedure.
3.4 Sanctions Screening
All customers, counterparties, and transactions must be screened against applicable sanctions lists, including EU Consolidated List, OFAC SDN, UN Sanctions, and HM Treasury. Screening must occur at onboarding, upon trigger events, and on a periodic basis no less than quarterly.
4. Risk Assessment
The Bank conducts an enterprise-wide AML risk assessment annually, evaluating risk across the following dimensions:
| Risk Dimension | Examples |
|---|---|
| Customer Risk | PEPs, high-net-worth individuals, non-resident customers |
| Product/Service Risk | Correspondent banking, private banking, trade finance |
| Geographic Risk | FATF high-risk jurisdictions, jurisdictions with strategic deficiencies |
| Channel Risk | Non-face-to-face onboarding, digital channels |
5. Record Keeping
All CDD records, transaction records, and SAR-related documentation must be retained for a minimum of five (5) years following the termination of the business relationship or the completion of the transaction, whichever is later. In jurisdictions where a longer retention period is mandated, the local requirement shall prevail.
6. Training
All employees must complete mandatory AML training upon induction and annually thereafter. Role-specific training is required for staff in higher-risk functions. Refer to COMP-AML-005 for detailed training requirements.
7. Review and Approval
This policy is reviewed annually by the AML Unit and approved by the Group CCO. The next scheduled review date is Q1 2027.