Compliance culture ensures compliance with the Anti-Money Laundering Act

Our experience shows that developing a culture of compliance (compliance – culture) in the business, ensures good compliance with the Anti-Money Laundering Act. In this post, we share some of our experiences from measures that ensure good and safe compliance with the Anti-Money Laundering Act.

The Anti-Money Laundering Act sets extensive requirements for obliged entities

The Norwegian Anti-Money Laundering Act is based on the EU's fourth, and partly fifth, money laundering directive. At the same time as the change in the law in 2018, the Norwegian Financial Supervisory Authority (Finanstilsynet) strongly geared up to control compliance among obliged entities. Many obliged entities have experienced document-based inspections, local inspections, changes in requirements, updated guidelines from the supervisory authority, orders and administrative sanctions. There are many examples of Finanstilsynet using the right to issue administrative sanctions under the Money Laundering Act. There is little doubt that the authorities expect obliged entities to prevent themselves from being misused for money laundering and terrorist financing.

Compliance culture

There are clear requirements for internal control for obliged entities in the Anti-Money Laundering Act. The requirements for which documents must be included in the framework to prevent money laundering and terrorist financing appear in the Act, regulations and guidelines. The framework is nevertheless insufficient to ensure compliance with the requirements set out in the Money Laundering Act. There is also a requirement that employees have knowledge of what they must do and why. Management must therefore ensure that employees receive the necessary training. In addition, the employees must understand why there are requirements for customer due diligence measures, duty to conduct examinations and duty to report. They must be motivated to follow the regulations and be encouraged to make the right examinations, assessments and decisions.

Our experience is that the businesses that succeed in complying with the Anti-Money Laundering Act are those that have managed to develop a compliance culture. These are businesses that know the relevant threats that apply to their own business and that are aware of their own vulnerabilities. They identify continuous improvement measures to manage risk and make quick and correct decisions. At the same time, they have good control and a good overview of relevant and changing risk factors. In contrast to those who base their decisions on what they believe and are mistaken about regulatory risk factors, companies with a good compliance culture also have control over the regulatory risk. Businesses with a good compliance culture are also able to identify and reject or terminate the customer relationship with customers who abuse the customer relationship for the purpose of money laundering or terrorist financing.

A common feature of those with a good compliance culture is that the Board of Directors is very concerned about the risk of non-compliance with the Anti-Money Laundering Act. Therefore, the Board of Directors regularly requests reports and oral presentations in board meetings from both the money laundering reporting officer and the person responsible for compliance (second-line control). The board's attention to deviations and continuous improvement measures also affects the administrative management and their attention to compliance.

We have experienced that some of the businesses that succeed in developing a culture of compliance carry out quality control of employees' compliance with routines and procedures. They carry out quality control of how employees establish customer relationships to ensure that everything is done correctly when establishing customer relationships for the first time. Errors and deficiencies are picked up by the employees' immediate managers, or through quality controls. In this way, employees receive concrete feedback about which tasks need to be solved and what the individual needs to improve. When employees understand what they are measured against and know that managers are watching how they perform their tasks, something also happens with their own attention to what demands and expectations are placed on them.

Another feature of those who have a good compliance culture is the way the business is organised. The employees understand that the person closest to the customer is responsible for carrying out the customer due diligence measures. They understand that the money laundering reporting officer is not there to do their job in the first line, but to take care of other demanding tasks according to the Anti-Money Laundering Act. They understand what tasks the second line (compliance - function) has. The compliance role itself does not take part in the preparation of the risk assessment, the money laundering policy, the money laundering routine, examinations of suspicious circumstances or decide which cases should be reported to the Norwegian Financial Intelligence Unit (FIU). People in the first and second line know how the roles are distributed and are well acquainted with how the boundaries between the various roles in the organization according to the Anti-Money Laundering Act. This ensures, among other things, that the compliance function does not control himself. Good organization, which is known to everyone, ensures good compliance with the Anti-Money Laundering Act.

The continuous motivation and training of managers and employees is clearly visible in a business with a good compliance culture. The continuous and updated training takes place through several different meeting points and by using technical solutions that ensure that the knowledge gained is measured.