This is how your company complies with §8 of the AML act

If you are subject to the Anti-Money Laundering Act, you must prepare documents describing the internal policies, procedures, and controls you have established to effectively combat the misuse of your business for money laundering or terrorist financing.

Section 8 of the AML Act requires you to assess your company’s inherent risks. Based on this assessment, you must establish appropriate preventive and mitigating measures to manage risks related to money laundering and fraud.

You can find an in-depth guide on preparing your Section 8 document package on the Danish Business Authority's website. Below is a brief overview of the most important elements to remember.

Where Should You Start?

First, you must prepare your company’s risk assessment according to Section 7. This involves gaining an overview of your inherent risks and defining where you are most vulnerable to fraudulent activities. Based on this, you can determine how to best mitigate your company's risks.

If you need guidance on preparing your risk assessment, we also have a guide specifically on that topic. Once your risk assessment is in place, you can start working on your Section 8 document package, which should primarily consist of:

• Policies: High-level principles that address the company’s risks and set the strategy for mitigating them.

• Procedures: Detailed workflows that translate policies into practice, such as KYC procedures and risk assessments.

• Controls: Mechanisms to ensure that policies and procedures are followed, such as spot checks and monitoring.

Policies – Assess Risks

Your policies should be based on the risk assessment and define the risks your company is willing to accept and how they will be managed. For instance, this could include deciding which activities, customer types, or geographical areas should be avoided. You may also decide not to accept customers from high-risk countries or to refrain from offering specific services with a high risk of abuse.

The policies should also address risk management, including how risks are continuously monitored and managed. This involves describing how risks are identified and handled and defining who is responsible for AML tasks in your company.

Procedures – Better to Document Too Much Than Too Little

The level of detail in your procedures is crucial, as they translate your described policies into practice and delve into the prevention of money laundering and terrorist financing. The goal of your procedures is to establish effective prevention in compliance with the Anti-Money Laundering Act.

This part of the process is comprehensive and requires you to cover the following areas:

1. Risk Management:
   Describe how new risks are continuously identified, assessed, and managed. This may include specific measures for detecting changes in the risk landscape, reacting to them, and incorporating new risks into practice.

2. KYC Procedures:
   Knowing your customer and understanding the purpose of their use of your services helps prevent the misuse of your business. You must establish processes for customer identification and describe them in your procedures.

   Describe when to conduct KYC procedures, such as when agreeing to provide a service, when a customer’s circumstances change, or if you doubt previously collected information. Explain how your company ensures accurate identification, assesses the customer’s purpose and intended activities, and monitors them regularly.

3. Investigation and Recording Obligation:
   You must investigate unusual transactions or activities and document your findings. Describe when you are required to investigate a customer and how you identify unusual activities. Explain when you must document your findings, what information the record should contain, its format, and where it is stored.

4. Reporting Obligation:
   You are required to report to the Money Laundering Secretariat if you become aware of activities that may be linked to money laundering or terrorist financing. In your procedures, describe this reporting obligation and how you comply with it.

5. Storage Obligation:
   Describe how you comply with your storage obligations, detailing what information you must store and where it is stored. This includes documentation related to KYC procedures or investigations conducted. Specify when and how personal data is deleted and who is responsible for this task.

6. Employee Screening:
   Prevent your employees from abusing their position or inadvertently contributing to money laundering or terrorist financing. This is done by checking that employees have no criminal record and by ensuring they are trained on the rules and obligations under the Anti-Money Laundering Act.

   Describe how you check for criminal records and ensure that employees are sufficiently informed about compliance with the Act’s rules and obligations, possibly through regular training and education.

Controls – Ensure Compliance with Procedures and Policies

To comply with the Anti-Money Laundering Act, it is crucial to control whether your company follows its described procedures and policies. Internal controls should be conducted at regular intervals, typically using spot checks to monitor the areas we have covered: risk management, KYC procedures, investigation and recording obligations, reporting obligations, information storage, and employee screening.

You must also check that controls are being carried out appropriately. These “control checks” must be documented for auditing purposes, and there should be independence between the person conducting the control and the person being controlled. In small companies, the owner may handle this. The number and frequency of spot checks depend on your company's risk level and size.

In your procedures, describe how you monitor compliance with your company's procedures and policies and how you ensure that controls are being controlled. Include what should be checked, when it is done, who performs the checks, and how the documentation is handled.

Updating Materials

Now that you have completed your procedures and policies, remember that this is an ongoing process requiring regular updates.

You must update your procedures, policies, and controls if there are changes to your business model or customer portfolio. New national risk assessments may also require adjustments to your processes, or practical changes in how tasks are solved may necessitate updates.

Your Section 8 documents must always reflect how you practically work to prevent money laundering and terrorist financing. If there are changes in aspects related to your workflows, your procedures must be updated to accurately represent your actual practices.

We’re Here to Help!

There’s a lot to handle when preparing your procedures and policies! We have helped many of our customers through this process with our Consultancy Services. Here, you receive personal advice on your risk assessment, procedures, and policies and end up with a complete document package.

If you don’t want to develop your Section 8 document package yourself, feel free to reach out to us to learn how we can assist you with the task. Otherwise, we wish you good luck with the preparation, which is an essential part of the collective effort to combat money laundering and terrorist financing.