In implementing the AML & CFT programs, the Bank has set up 3 (three) lines of defense, as follows:
1. First Line of Defense
The first line of defense is carried out by the Business Unit/ Branch Office that operates the Bank’s daily business activities as front-liners. In every Business Unit/ Branch Office, there is someone responsible for the AML & CFT programs, designated as the Local AML. He or she is also given access to the information system used in the management of AML & CFT.
2. Second Line of Defense
The second line of defense is an oversight function that ensures the first line of has carried out its functions properly. The AML & CFT Unit that acts as the second line of defense prepares the strategy and steps to be taken, and the system that will be used to strengthen the implementation of the AML & CFT programs.
3. Third Line of Defense
The third line of defense is an oversight function on implementation of the AML & CFT programs by the first and second lines of defense. The internal auditors, external auditors and the Board of Commissioners carry out this function to ensure that the first two lines of defense are working effectively.
The Board of Directors, together with the Board of Commissioners, actively supervise the implementation of the AML & CFT program with detailed information as follows:
1. Establishment of a special organization, the Anti Money Laundering (AML) Unit, to implement the AML & CFT programs
In carrying out its function, the AML unit reports and is directly responsible to the Compliance Director.
The staff of the AML unit possess adequate banking knowledge and experience in the evaluation and mitigation of risks related to the implementation
of the AML & CFT programs. All staff must have participated in training and certification programs on compliance. The number of staff in the AML unit as of December 2021 is 28 people. In addition, in view of the large scale of the Bank, a DCORO and a Local AML Team are located at every Branch Office and Business Unit to ensure the implementation of AML & CFT in their respective branch or unit and are responsible for accessing and monitoring customer transactions.
Currently, the total number of employees assigned to Local AML Teams amounts to 6,467 employees.
2. Risk-based AML & CFT policies and procedures that are in accordance with the complexity of the Bank’s business, involve the following relevant provisions:
a. Customer Due Diligence (CDD) in the context of Customer Identification and Customer Data Updates, including the classification of the customer’s risk profile on the potential for money laundering and terrorism financing, identifying the Beneficial Owner and screening of customer data against the Anti Money Laundering Watchlist (AML Screening) database. The realization of data updating in 2021 reached 83,546 CIF (92.83%) out of a total of 90,000 CIF.
b. Measurement of AML and CFT risk is carried out using indicators/parameters of the Risk Based Approach (RBA), which includes the Customer Risk Rating and Bank AML Risk Rating .
c. AML and CFT Risk Control and Management carried out through the implementation of the Customer Due Diligence (CDD) or Enhanced Due Diligence (EDD) process to determine the customer profile and analysis of the suitability of transactions with the Customer/WIC profile as well as dissemination of policies and procedures, training to all Bank employees, evaluation of the implementation of AML and CFT in Branch Offices through Risk Control Self-Assessment (RCSA).
d. Continuous monitoring and analysis to identify conformity between customer transactions and customer profiles, including the closure of businesss and rejection out of transactions in the in the context of implementing AML and CFT.
e. Identification and evaluation of the risk of potential money laundering and terrorism financing through the Bank’s products, services, and e-channel deliveries.
f. Identification and Reporting of LTKM, LTKT, Foreign Financial Transactions (LTKL), and SIPESAT to the INTRAC.
g. Procedures for screening new employees and monitoring of employee’s financial transactions
h. The administration of CDD documents and other documents related to AML & CFT.
i. Follow-up on results of evaluations and the reporting of AML & CFT risk exposures to senior management, committees and regulators.
j. Internal control, covering:
1) Preparing the processes and controls as guidelines for business units to ensure compliance and understanding of the AML &
CFT programs. The controls are described in AML & CFT policies and procedures (SOPs).
2) Testing and Quality Assurance (QA) processes to ensure that Branch Offices and Business Units have implemented AML & CFT in line with prevailing Policies and Procedures.
3) Evaluation on risk indicators based on appropriate risk considerations and methodology, as well as documentation.
3. Management Information System in the Implementation of AML & CFT
For the purpose of monitoring the profiles and transactions of customers, CIMB Niaga has an application system that can identify and determine the degree of risk ascribed to the customer, analyze, monitor and prepare a report on the characteristics of the transactions of the customer, including the identification of suspicious transactions. This application is able to carry out comprehensive monitoring off all customer transactions in the Bank, including credit cards, wealth management and custody. The application is equipped with parameters and thresholds, which are continuously evaluated in accordance with the evolvement in the modus operandi of money laundering and terrorism financing. This application also has a function for the implementation of the screening process for the watch-list and reporting of LTKM, LTKT, LTKL & Sipesat.
The Bank also continuously makes improvements to the applications used to add various functions in order to increase the effectiveness and efficiency of the system.
4. Screening terhadap Watchlist
The Bank screens every account opening and customer business relationship against the watch- list issued by the competent authorities as well as the watch-list commonly used in international best practice (among others The Office of Foreign Assets Control (OFAC) List, United Nation (UN) List, List Suspected Terrorists and Terrorist Organizations (DTTOT) and the Proliferation List, the list of Politically Exposed Persons (PEP) and adverse news. The Bank has subscribed to the watch-list database from
Thomson Reuters-Worldcheck. The Bank also re- screens all existing customers every time there is an update/addition of a watch-list.
5. AML & CFT Risk Assessment
The Bank has developed a risk-based method to approach the assessment of risks related to AML &
CFT at the customer level (customer risk rating), and at the bank-wide level (Bank AML risk rating):
a. Customer AML Risk Rating (CRR), which is measurement of AML & CFT risk inherent in each customer by using indicators that cover customer identity/ profile, geographic factors/ countries or businesses, products/ services/ channels that are used by customers, and the type of business entity which classified into Low, Medium and High.
Risk Profile of CIMB Niaga in 2021:
No Customer Risk Total %
1 Low Risk 52 0.00%
2 Medium Risk 5,051,470 95.54%
3 High Risk 235,755 4.46%
b. Bank AML Risk Rating (BARR), is a result of an assessment of the AML & CFT risk at CIMB Niaga which is determined based on the inherent risk, as well as the level of risk control and AML and CFT control at the Bank. Based on our assessment, the overall AML & CFT Compliance Risk Profile as of the end of the 2nd semester of 2021 was “Low- Moderate”.
Throughout 2021, assessments were carried out in 124 branch offices and 13 business units.
Inputs were provided to all branch offices and business units for improvements going forward.
6. Internal Control to Evaluate the Adequacy and Effectiveness of the AML & CFT Programs
To ensure that the implementation of the AML and CFT program is in accordance with predetermined policies, a self-assessment procedure is applied at branch office and includes the Risk Self-Assessment method.
7. Compliance Test and Advice related to AML & CFT Throughout 2021, the AML Unit conducted 411
reviews on the policies, procedures, products/
activities/ channels to ensure full compliance with the prevailing laws and regulations related to AML
& CFT. In addition, the AML Unit gave 4,428 opinions to the business and other working units on various questions and issues related to the implementation of AML & CFT.
8. Training (Certification) of AML & CFT to Employees Training on AML & CFT is mandatory for all employees on a periodical basis. This training is conducted in classrooms as well as through e-learning. The number of employees that participated in AML & CFT training in 2021 is 10,534 staff including on-line training through Learning on the Go (LoG) application.
AML Training
10,534
2021 18,209
2020 12,274
2019
9. Reporting and Data Submission to Regulators/
Law Enforcement
The reporting to the INTRAC for the implementation of AML & CFT has been carried out by the AML unit at the head office, as follows:
Data Reporting to INTRAC in 2021
2,347
103,570
491,564
640,258
4,034
88,097
445,992
422,791
3,465 61,235
242,311
549,506
LTKM LTKT LTKL SIPESAT
2020 2019
2021
Number of Correspondences with the Regulators in 2021
Agency Total Data Request
INTRAC/BNN/KPK 429
Investigation 179
10. Improvement initiatives during 2021
In 2021, in efforts to improve the implementation of the AML & CFT programs, the AML unit undertook several initiatives as follows:
a. Developing the AML system related to the implementation of the GoAML system from the INTRAC.
b. Developing the AML system related to the Suspected Financing of Terrorism Information System (SIPENDAR).
c. Aligning the AML & CFT policies/ procedures to ensure that they are always in line with applicable regulations.
d. Alignment of AML and CFT policies and implementation with the CIMB Group.
e. The process of assessing the implementation of AML and CFT at the Business Units/Branch Offices or Subsidiary level which have a higher risk.
f. Determine the AML & CFT risk assessment method as well as the risk mitigation process g. Updating customer data according to risk types.
h. Refreshment of materials in the Learning on the Go (LoG) application as a means used by the Bank in providing online training regarding AML & CFT to all employees.
i. Developing the current AML system to provide added value to the implementation of the Bank’s AML & CFT, including: updating of dates based on trigger events (for example, opening of additional accounts), real time screening & scoring for account opening via e-channels, onboarding administration system for Financial Institution customers, presentation of a transaction analysis dashboard for Suspicious Financial Transaction (TKM) analysis purposes.