Clear policies set out what the organisation’s response to tackling IWT is. These are supported by procedures outlining how the organisation builds these controls into their operating models.
- 3 lines of defence: Whilst a policy should work across the whole organisation, we recommend that you create specific procedures for each different business line or grouping within your organisation, including Senior Management, Front-line business teams, Risk & Compliance, Operations, Procurement & HR.
- Mitigate the risk of direct & indirect links to IWT through due diligence on customers, staff, 3rd party suppliers, investments and investors.
- Ongoing monitoring: Firms should screen their business relationships against specific IWT databases to identify any potential links to criminal convictions both at onboarding and on an ongoing basis.
- Risk Appetite: setting out the firm’s response to tackling IWT and related appetite or tolerance for businesses or customers which present the highest risk of links to IWT.
- Scope: what does the policy cover and who does it apply to. Consider splitting out your policies for internal staff as well as external stakeholders (eg clients, suppliers and 3rd parties).
- Legal Framework: outlining the relevant local regulatory requirements as well as international standards and best practice (incorporating relevant IWT, Financial Crime and ESG recommendations).
- Definitions: key and relevant terms covered by the policy (eg: IWT, Money Laundering and other Serious and Organised Crimes (SOCs).
- Key Principles: where are the key risk areas (eg: clients, investments, supply chains, people and or investors) your business is exposed to and via.
- Systems and controls: a summary of the risk based approach and key controls employed to detect and report potential linkages to IWT.
- Roles and responsibilities: across all 3 lines of defence, including a statement of governance & accountability (who is responsible for protecting the firm against IWT risk (typically this is all staff or all front line staff) and who is your nominated accountable executive and reporting officer).
- Policy effective date: plus revision history.
Useful resources:
- CDD Best Practice Guide (Themis, 2022): A helpful guide for firms on conducting Customer Due Diligence. Coming soon.
- Adverse Media Best Practice Guide (Dow Jones & Themis, 2020) best practice guide outlining steps firms can incorporate strong adverse media practices into their systems, tools, policies and procedures.