Accountable institutions must have a Risk Management and Compliance Programme (RMCP) in place which clearly demonstrates the processes and procedures of dealing with money laundering and terrorist financing (ML/TF) risks.
This programme must be a “foolproof” designed plan to prevent the company from being used by criminals to launder “dirty” money. Every risk for being used as a pipeline for money laundering must be identified. Processes to avoid this must be well thought through, implemented and regularly monitored for weak links.
For every “what” a matching “how” must appear in the RMCP
The RMCP must be risk-based and tailored to the specific institution, including the institution’s size, geographic areas(s), customer base and the products and services offered.