Policies
As well as evidencing AML/CFT procedure documents in written form, some policies in Proofdesk also customise your workflow. By checking your team's work against the parameters set out in your policies, Proofdesk helps ensure that procedure is followed consistently.
"The Code makes clear that before any business is conducted for a customer or another person, a relevant person must have in place specified procedures and controls."
"The procedures established must all be in writing. It is not acceptable for any of the procedures to be undocumented practices or customs."
"Relevant persons must ensure that the procedures and controls they have established are operated consistently."
The Handbook 2023 Section 2.1.2
Policies in Proofdesk are customisable and versioned for a full history of reviews to procedure.
"Relevant persons must maintain these procedures ensuring that they remain fit for purpose. This will involve reviewing and testing the procedures to ensure they remain effective..."
The Handbook 2023 Section 2.1.2
Stored in Proofdesk, policies are readily accessible to team members with the appropriate grants to reference as they work. This helps to ensure procedure is more easily followed.
"These documented procedures must be understandable and appropriately accessible to all those conducting business on behalf of the relevant person in order to ensure they can be followed and standards maintained."
The Handbook 2023 Section 2.1.2
Policy Types
Configuration Policies: Record how you've configured Proofdesk to enforce your AML/CFT requirements. Based on the regulator's guidance, Proofdesk has four key types of configuration policy:
Custom Policies: Record written custom policies which do not impact the operation of the software.
Version History & Approval
Every policy is a form accompanied by its full version history, allowing organisations to demonstrate the frequency and depth of reviews made to policies.
"Relevant persons must maintain these procedures ensuring that they remain fit for purpose. This will involve reviewing and testing the procedures to ensure they remain effective..."
The Handbook 2023 Section 2.1.2
Prior to coming into effect, each new policy version must first be approved by the relevant members within the organisation. Every member of the organisation who possesses the 'Approve a policy' grant must signal their approval before the version is signed off.
"Senior management approvals should be comprehensively documented such that it is clear what procedures and controls are approved each time, as well as any considerations, analysis and rationale relevant to the approval."
The Handbook 2023 Section 2.1.2
Once approved, a policy version cannot be deleted.
Reviews
In Proofdesk when policies are reviewed, they can be assigned a "next review date". This keeps your team informed about which procedures are up for review when the time comes.
"Examples of procedures and controls to ensure risk assessments are regularly reviewed and remain relevant include, but are not limited to, the factors listed below.
Setting a particular date for each calendar year for a periodic BRA/TRA review to take place. Relevant persons should be aware that the first BRA and TRA may need to be reviewed on a shorter time frame than future BRAs and TRAs to assess whether the assumptions made before business commenced reflect the business that is being carried out.
Setting a date on a risk sensitive basis for CRA reviews to ensure new or emerging risks are included..."
The Handbook 2023 Section 2.2.6
Relevant Legislation/Guidance
Also refer to The Handbook 2023 section 2.1 through 2.2
Last updated