In implementing the AML & CFT programs, the Bank has set up 3 (three) lines of defense, as follows:
1. First Line of Defense
The first line of defense is carried out by the Business Unit/Branch Office that operates the Bank’s daily business activities as the front-liners. In every Business Unit/Branch Office, there is someone who is responsible for the AML & CFT programs, designated as the Local AML. He or she is also given access to the information system used in the management of AML
& CFT.
2. Second Line of Defense
The second line of defense is an oversight function that ensures the first line of defense is on top of the situation. The AML & CFT Unit that acts as the second line of defense, prepares the strategy and steps needed to take, and the system in use to strengthen the implementation of the AML & CFT programs.
3. Third Line of Defense
The third line of defense is an oversight function on implementation of the AML & CFT programs by the first and second lines of defense. The internal auditors, external auditors and the Board of Commissioners carry out this function to ensure that the first two lines of defense are working effectively.
The implementation of AML & CFT programs that are actively supervised by the Board of Directors and Board of Commissioners of CIMB Niaga is as follows:
1. Establishment of a special organization, the Anti Money Laundering (AML) Unit, to implement the AML & CFT programs
In carrying out its function, the AML unit reports and is directly responsible to the Compliance Director.
The staffs of AML unit possess adequate banking knowledge and experience on the evaluation and mitigation of risks related to the implementation of the AML & CFT programs. All of the staffs have participated in training and certification programs on compliance. 6 (six) additional staffs was joined in 2020, increased from 23 staff to 29 staff. In addition, in view of the large scale of the Bank, a DCORO and the Local AML Team are located at every Branch Office and Business Unitto ensure the implementation of AML
& CFT in their respective branch or unit. As at year- end 2020, the total number of employees assigned to Local AML Team amounted to 6,144 employees.
2. Risk-based AML & CFT policies and procedures of, in accordance with the complexity of the Bank’s business, involving the followings relevant provisions:
a. Customer Due Diligence (CDD) in the context of Customer Identification and Customer Data Updates, including the classification of the customer’s risk profile on the potential for money laundering and terrorism financing, identifying the Beneficial Owner and screening of customer data against the Anti Money Laundering Watchlist (AML Screening) database. The realization of data updating in 2020 reached 78,216 CIF (89,90%) out of a total of 87,000 CIF.
b. The AML & CFT risks are measured through the indicators/parameters of the Risk Based Approach (RBA), which comprises of the Customer Risk Rating and the Bank AML Risk Rating.
c. The AML & CFT risks are controlled and managed through Customer Due Diligence (CDD) process or Enhanced Due Diligence (EDD) to ascertain the profile of the customer and analyze whether the transactions match with the customer’s profile, as well as through the socialization of the policies and procedures, training of all employees of the Bank, and evaluation on the implementation of AML & CFT at Branch Office through the Risk Control Self-Assessment (RCSA).
d. Continuous monitoring and analysis to identify correlation between customer transaction and customer profile, including the closure of accounts and refusal to carry out the transactions in the interest of AML & CFT enforcement.
e. Identification and evaluation of the risk of potential money laundering and terrorism financing through the Bank’s products, services and e-channel deliveries.
f. Identification and Reporting of Suspicious Financial (LTKM), Cash Financial Transaction (LTKT), Foreign Financial Transactions (LTKL) and the Integrated Service User System (SIPESAT) to the PPATK.
g. Procedure for screening new employees and monitoring of employee’s financial transaction as part on implementing the Know Your Employee (KYE).
h. The administration of CDD document and other documents related to AML & CFT.
i. Follow-up on results of evaluation and the reporting on AML & CFT risk exposures to senior management, committee and regulator.
j. Internal Control, encompassing:
1) Preparing the process and control as guidelines for business units to ensure compliance and understanding of the AML &
CFT programs. The controls are described in AML & CFT policies and procedures (SOPs).
2) Testing and quality assurance process to ensure that Branch Office and Business Unit have implemented AML & CFT in line with prevailing Policies and Procedures.
3) Evaluation on risk indicators based on appropriate risk considerations and methodology as well as the documentation.
3. Management Information System in the Implementation of AML & CFT
For the purpose of monitoring the profile and transaction of the customer, CIMB Niaga has used an application system that can identify and determine the degree of risk ascribed to the customer, analyze, monitor and prepare a report on the characteristics of the transactions of the customer, including the identification of suspicious transactions. This application is able to comprehensively monitor all of the customer transactions in the Bank, including those of credit cards, wealth management and custody.
The application is equipped with parameters and thresholds, all of which are continuously evaluated in line with the evolvement in the modus operandi of money laundering and terrorism funding. The application is also able to carry out the screening process of the watch list and the reporting of LTKM, LTKT, LTKL & Sipesat. The Bank will continue to expand the use of the application with additional functions that are designed to increase the effectiveness and efficiency of the system.
4. Screening of the Watch-List
The Bank carries out screening on every account opening to ascertain if there are business connections between the customer and those listed on the watch list issued by the authorities as well as the watch lists that are commonly referred to as part of international best practices, including The Office of Foreign Assets Control (OFAC) List, United Nations (UN) List, List of Alleged Terrorists and Terrorist Organisations (DTTOT) and Proliferation List, Politically Exposed Peoples (PEP) and adverse news. The Bank subscribes to the watch-list database of Thomson Reuters-Worldcheck.
The Bank also carries out repeat screening of all existing customers every time there is an update or addition to the watch-list.
5. AML & CFT Risk Assessment
The Bank has developed a risk-based method to approach the measurement of risks related to AML
& CFT at the customer level (customer risk rating) as well as at the bank-wide level (Bank AML risk rating):
a. Customer AML Risk Rating (CRR), is a measure of the AML & CFT risk that is inherent in every customer by using indicators that cover customer identity/profile, geographic factors/countries or businesses, products/services/channels that are used by customers and the type of business that is classified as Low, Medium and High.
The Risk Profile of CIMB Niaga in 2020:
No Customer Risk Total %
1 Low Risk 51 0.00%
2 Medium Risk 5,125,712 95.72%
3 High Risk 229,072 4.28%
b. Bank AML Risk Rating (BARR), is a measure of the AML & CFT risk at CIMB Niaga that is determined based on the inherent risk as well as the level of risk management and control over AML & CFT at the Bank. Based on the Bank’s evaluation, the overall AML & CFT Compliance Risk Profile as of the end of the 2nd semester of 2020 was “Low-Moderate”.
Throughout 2020, assessments had been carried out on 125 branch offices and 14 business units, from which inputs were provided to all branch offices and business units for improvements going forward.
6. Internal Control to Evaluate the Adequacy and Effectiveness of the AML & CFT Programs
To ensure that the AML & CFT programs are implemented in accordance with the policies that have been set, a self-assessment procedure is required of every branch office, which included the Risk Self- Assessment method.
7. Compliance Test and Advisory related to AML &
CFT
Throughout 2020, the AML Unit conducted 454 reviews on the policies, procedures, products/
activities/channels to ensure full compliance towards the prevailing laws and regulations related to AML
& CFT. In addition, the AML Unit gave 454 opinions to the business and other working units on various questions and issues related to the implementation of AML & CFT.
8. Training (Certification) of AML & CFT to Employees Training on AML & CFT are mandatory for all employees on a periodical basis. These trainings are conducted in classrooms as well as through e-learning. The number of employees that had participated in AML & CFT training in 2020 is 18,209 staff including on-line training through Learning on the Go (LoG) application.
AML Training
2018 2019 2020
18,209
12,274 17,857
9. Reporting and Data Submission to Regulator/Law Enforcement
The reporting to PPATK in the implementation of AML
& CFT has been carried out by the AML unit at the head office, as follows:
Reported data to PPATK in 2020
2020 2019 2018
1,219 2,347 4,034 LTKM
109,702 103,570 88,097
LTKT
444,692 491,564 445,992
LTKL
919,496
640,258 422,791
SIPESAT
Number of Correspondence with the Regulator in 2020
Agency Total Data Request
PPATK/BNN/KPK 317
Investigation 42
10. Improvements Initiatives in 2020
In 2020, in the efforts to enhance the implementation of AML & CFT, AML Unit took several initiatives as follows:
a. Improvement of the AML system that used to generate more added value in the implementation of AML & CFT programs of the Bank.
b. Alignment of the policies of AML & CFT as well as SOP in line with prevailing regulations.
c. Alignment of the policies and implementation of AML & CFT with those of the CIMB Group.
d. Assessment of the implementation of AML & CFT at business units/branch offices as well as subsidiaries deemed to have higher risks.
e. Determination of the measurement method for AML & CFT risks and the evaluation process of the inherent risk mitigation.
f. Updates of customer data in line with the type of risk of the respective customer.
g. Addition of special learning modules for front-liners in Learning on the Go (LoG) as a means for the Bank to provide online training related to AML & CFT to all employees.