Accountable institutions must have a Risk Management and Compliance Programme (RMCP) in place which clearly demonstrates the processes and procedures of dealing with money laundering and terrorist financing (ML/TF) risks.

This programme must be a “foolproof” designed plan to prevent the company from being used by criminals to launder “dirty” money.  Every risk for being used as a pipeline for money laundering must be identified.  Processes to avoid this must be well thought through,  implemented and regularly monitored for weak links.

For every “what” a matching “how” must appear in the RMCP

The RMCP must be risk-based and tailored to the specific institution, including the institution’s size, geographic areas(s), customer base and the products and services offered.