AML/CFT: The Moroccan Insurance and Social Welfare Control Authority (Autorité de contrôle des assurances et de la prévoyance sociale or ACAPS) recently published the results of its last control mission of the insurance and reinsurance sector, in terms of anti-money laundering and the financing of terrorism (AML / CFT).
ACAPS is the regulator responsible for ensuring compliance, by the organizations subject to its control, with the corresponding provisions of the AML laws and regulations.
The objectives of the mission carried out from the first quarter of 2021 to the first quarter of 2022 were to ensure:
- Supervision: Ensure compliance by entities in the insurance sector, with the provisions of circular AS/02/19 two years later its entry into force.
- Support: Support reporting entities in their implementation of an AML/CFT compliance program.
- Report: Demonstrate the progress made by the reporting entities and the Authority. It is worth reminding in early 2021, Morocco was added to the Financial Action Task Force’ grey list (FATF). Among the vulnerabilities highlighted by FATF, the need for Morocco to increase its AML sanctions, and receive SARS reports from wider sources.
ACAPS conducted an on-site inspection of 5 insurance and reinsurance companies (EAR) and 16 intermediaries (IA). At the term of the inspection ACAPS decided on a draft of sanctions against 2 EAR and sanctions against 6 IA. It is unfortunate that ACAPS has chosen not to publicly disclose the names of the entities or what the sanctions entail at this time.
The AML compliance failures and compliance recommendations were however detailed in the report as follows:
AML Deficiencies – EARs
Upon auditing insurance and reinsurance companies, it was determined that:
-2 EAR among the 5 audited do not yet have a filtering tool
-2 EAR among the 5 audited do not have sufficient human resources and an efficient organization for the accomplishment of the various missions of AML/CFT compliance
– No risk classification automation tool is in place or in use.
– 2 EAR have not set up operational exchange methods with their partner banks and do not have a real exchange of data with said banks
-Proposed sanctions against 2 EAR
-Post-mission follow-up with regard to the other 3 EAR
RECOMMENDATIONS MADE BY THE AUTHORITY TO EARs:
AML/CFT CONTROL ENVIRONMENT:
• Allocate more personnel dedicated to AML/CFT compliance;
• Involve the internal audit structure as the 3rd line of defense to ensure the evaluation and implementation of AML/CFT procedures.
• Set up a risk classification automation tool, allowing to classify in real time the customer portfolio of the EAR.
• Update existing customer data;
• Raise operational awareness of the need to collect information identification and knowledge of customers.
• Accelerate the filtering automation projects in relation to the lists of sanctions and Politically Exposed Persons (PEPs).
AML Deficiencies -IAs
Upon auditing intermediary companies, it was determined that:
• 37% of the IAs checked do not have internal documents formalizing the AML/CFT procedures;
• The majority of IAs checked say they were not aware of the publication of the Authority’s circular no. AS/02/19 relating to the duty of vigilance.
• 80% of IAs checked do not have a risk classification model AML/CFT;
• 12% of IAs checked have a risk classification model but it is not applied to business relationships.
• The operations monitoring system depends on the existence of procedures AML/CFT and an operational risk classification. However, the majority of intermediaries do not meet these two criteria.
• 87% of controlled IAs do not have access to the UTRFNET platform (platform linked to the Moroccan FIU, previously named UTRF, now renamed ANRF)
• None of the controlled IAs performed a DS: déclaration de soupçon (the equivalent of SARs).
6 IAs were sanctioned as a result while 10 others will undertake a post-mission follow-up.
RECOMMENDATIONS MADE TO INTERMEDIARIES BY THE AUTHORITY:
AML/CFT CONTROL ENVIRONMENT:
• Formalize the procedures governing the AML/CFT program within the firm and disseminate to all staff, ensuring their application;
• Define the roles and responsibilities of employees in terms of vigilance and internal monitoring;
• For agents, get closer to the mandating EAR for the implementation of AML/CFT procedures;
• For smaller firms, consider the possibility of combining governance and the implementation of the AML/CFT mechanism and its monitoring.
DS AND VIGILANCE:
• Designate an ANRF correspondent and subscribe to the ANRFNET platform (eg UTRFNET) relating to suspicious transaction reports;
• Do not attract the attention of customers who present suspicions of ML/FT or inform of the suspicious transaction report.
• Ensure the reliable and exhaustive collection of identification and security information knowledge about customers, using a risk-based approach.
• Organize training and awareness sessions for the benefit of employees to make them aware of their obligations of vigilance and internal watch.