WORKSHOP ON AML CFT RISK-BASED SUPERVISION TOOLS FOR FINANCIAL

WORKSHOP ON AML/CFT RISK-BASED SUPERVISION TOOLS FOR FINANCIAL INSTITUTIONS AND BANK EXAMINERS PRESENTED BY AML/CFT DIVISION FINANCIAL POLICY & REGULATION DEPARTMENT, CENTRAL BANK OF NIGERIA

OUTLINE 2 Synopsis of the supervisory process Benefits of Risk-Based Approach (RBA) to AML/CFT supervision Overview of Risk- Profiling of Institutions ML/TF Risk Assessment Form: Input Data by Financial Institutions Risk Assessment Tools for Bank Examiners

SYNOPSIS OF THE SUPERVISORY PROCESS 3

SYNOPSIS OF THE SUPERVISORY PROCESS (cont’d) 4 a) Traditional Prudential Supervision (PS): Ø Focuses on capital, solvency, asset quality, earnings, liquidity, management, etc. Ø Pays attention to legal compliance (LC) (or rules-based approach to supervision) with Laws, Regulations, Circulars, Directives, Guidelines, other enforceable instruments. Ø Ø b) Relies on checklist of items and issues Lays emphasis on imposing financial penalties Risk based approach (RBA) to prudential supervision (PS): Ø Focuses on credit risk, market risk, liquidity risk, operational risk, legal risk, etc. a) Ensures compliance with previous recommendations/observations b) Sometimes, does not capture or appropriately capture money laundering/terrorism financing risks. NOTE: There is nothing like pure risk-based approach to supervision without attention to compliance with laws and regulations. RBA to AML/CFT Supervision: a) Complements Prudential Supervision and Legal Compliance b) Pays special attention to ML/FT risks (in view of their evils) c) Complies with FATF Recommendation No. 1

SYNOPSIS OF THE SUPERVISORY PROCESS (cont’d) 5 RBA to AML/CFT requires a re-focusing and re-tooling of supervisory practices because of the wide areas and many issues covered, urgency required and dangers involved, etc. Approach to supervision of policies, procedures, guidelines, regulations, etc. often depends on who conducts AML/CFT supervision: Ø Ø Prudential Supervisor (Central Bank, Securities Commission, Insurance Regulator) Financial Intelligence Unit (FIU) General supervisor or specialized AML/CFT Unit Shared responsibility with various stakeholders - ü Challenges include lack of coordination, cooperation, fragmented approach, and conflicting priorities.

BENEFITS OF A RISK-BASED APPROACH 6 Ensures that institutions have in place structured and uniform approach to measuring and evaluating risks. RBA to AML/CFT focuses on: Ø Ø Ø Structural/institutional risk factors; Principal business lines and activities of FIs; and Risk mitigants put in place. Enhances more efficient use of time and supervisory resources(safe cost and resources) because focus is on higher risk areas and risk to significant business activities. Provides input to conduct sectoral and national risk assessments.

OVERVIEW OF RISK-PROFILING OF INSTITUTIONS 7

OVERVIEW OF RISK-PROFILING OF INSTITUTIONS (cont’d) 8 1. Analysis of Structural Risk Factors and Components of Know Your Institutions (KYI) General information on FI: Structural and Institutional issues Ø Ø Ø Complexity and scope of business and markets Ø Ownership (e. g. complexity, transparency, country) Size Age, etc. Financial groups, type of clients (retail vs. wholesale), technology, etc. Management Ø Fit and proper rules and practice, organizational culture (appetite for risk, compliance) and cooperation with authorities, etc. Competitive environment and position in the sector Reputation in the industry 1. Press Reports 2. Published Statements 3. Examiners’ Reports

OVERVIEW OF RISK-PROFILING OF INSTITUTIONS (cont’d) 9 1. Analysis of Structural Factors and Component of KYI (Cont’d) Growth Policies: Aggressive vs. conservative. Funding Sources: Equity, deposits, borrowing. Liquidity: Surplus vs. shortage. Solvency and Earnings: Strong vs. weak. 1. Sources of Income: Interest, premium, fees, commissions, Peer group comparison. 2. Staff Incentives and Reward System: Salary, bonuses, etc. 3. STR reporting to NFIU 4. Other statutory reports to LEAs & Regulatory authorities 5. Industry Intelligent Reports 6. Is it worthwhile to comply? (cost/benefit analysis? )

OVERVIEW OF RISK-PROFILING OF INSTITUTIONS (cont’d) 10 2. Overview of Business Activities And ML/FT risk factors

OVERVIEW OF RISK-PROFILING OF INSTITUTIONS (cont’d) 11 Overview of Business Activities and ML/FT Risk Factors (cont’d) General considerations: i. Type of Customers Note: Primary source of ML/FT risk ii. Products/services Identify those that are most vulnerable to ML/FT iii. Delivery channels Intermediaries, non face-to-face businesses and transactions, e-banking iv. Markets served/geographic zones operated Local, regional, cross-border risks • Other factors Ø Typologies and schemes used for ML/FT (local and international) Ø Sources of information: from the sector/industry, supervisors, FIU, law enforcement, etc.

OVERVIEW OF RISK-PROFILING OF INSTITUTIONS (cont’d) 12 (i) Analysis of Risk Factors on Customer • Natural vs. legal/corporate, trusts • National vs. Foreigner • Retail vs. institutional • Financial vs. non-financial • Regulated vs. unregulated • Designated Non-Financial Business and Professions • • Cash intensive, construction/real estate, car dealers, professions (e. g. lawyers, financial advisers, etc. ) Politically exposed persons (PEPs)

OVERVIEW OF RISK-PROFILING OF INSTITUTIONS (cont’d) 13 (ii) • Analysis of Risk Factors on Products & Services NOTE: Deposits are the main entry point of risk. Why? Ø Consider in relation with the type of customer, sectors, zones, etc. Ø Structure of deposit: type and term of deposit (demand vs. certificates) Ø Local vs. foreign currency Ø Growth, liquidity issues Ø Concentrations: large accounts • • Ø Interest margins: peer sector drive Loans and credit cards: back-to-back transactions, deposits/loans Other risk services: Ø Private banking (VIP banking, high net-worth individuals, etc. ) Ø Fiduciary services and trusts Ø Internet banking and other non face-to-face transactions Ø Correspondent banking Ø Cash handling, export/import services Ø Embassies and PEPs Ø Wire transfers and drafts Ø Money remittance and currency exchange Ø Securities trading for clients Ø Others

OVERVIEW OF RISK-PROFILING OF INSTITUTIONS (cont’d) 14 (iii) Analysis of Risk Factors on Delivery Channels • Branch banking (face-to-face, non face-to-face) • On-line or internet banking • Mobile banking • Phone banking • ATM • Mail banking (credit cards) • Introducers/Intermediaries

OVERVIEW OF RISK-PROFILING OF INSTITUTIONS (cont’d) 15 (iv) Analysis of Risk Factors on Geographic Zone Based on location of clients, branches, subsidiaries, affiliates: Ø Domestic (high crime zones, etc) Ø International (countries, regions, OFAC, ICRG, UN, other official listings) Crime and international compliance factors. Free trade zones (anywhere)

OVERVIEW OF RISK-PROFILING OF INSTITUTIONS (cont’d) 16 3. Risk Mitigation Role of board and management, corporate governance Ø Policies and procedures Ø oversight and resources, compliance culture scope and sufficiency (risk management, CDD, recordkeeping, hiring and compensation, etc. ) Internal controls Ø Macro (audit, compliance, etc) and micro (line level systems and procedures, e. g. customer acceptance) Compliance function, compliance officer Monitoring and reporting (STR, CTR, etc) Training Others

17 ML/TF RISK ASSESSMENT FORM: INPUT DATA BY FINANCIAL INSTITUTIONS

ML/TF RISK ASSESSMENT FORM: INPUT DATA BY FINANCIAL INSTITUTIONS (CONT’D) 18 NAME OF REPORTING INSTITUTION: TOTAL ASSET SIZE (N'000): (as at last balance sheet) These should be stated in the nearest million (N’M) and it should consist chiefly of the financial institution’s total loans and investments. 1. GROSS INCOME(N'000): ( as at last balance sheet) ADDRESS OF REPORTING INSTITUTION: YEAR OF ESTABLISHMENT: OWNERSHIP STRUCTURE (State in Percentage) This refers to the financial institution’s annual gross income as at the end of the period being reported. These should be stated in the nearest million (N’m) OWNERSHIP STRUCTURE PEP NON-PEP Domestic Foreign LIST OF SUBSIDIARY(IES)/OTHER GROUP MEMBERS : LOCAL - The ownership structure of the financial institution should be stated in percentages and based on the following category: Category 1: PEP and Non-PEP Category 2: Domestic and Foreign 1. NUMBER OF SUBSIDIARY(IES)/OTHER GROUP MEMBERS Where a financial institution has subsidiaries (whether local or foreign), the names and location should be listed (one per column of the same row) BRANCH INFORMATION FOREIGN - CONTACT PERSON: NAME: BRANCH CODE DESIGNATION: BRANCH NAME TELEPHONE NO. : LOCATION/ ADDRESS E-MAIL ADDRESS: 1. State the address of the branch. STATE: : Indicate the State of the Federation where the branch is located. 2.

ML/TF RISK ASSESSMENT FORM: INPUT DATA BY FINANCIAL INSTITUTIONS (CONT’D) 19 BRANCH CODE BRANCH INFORMATION BRANCH NAME LOCATION (ADDRESS) TOTAL STATE NO. OF CUSTOMERS 1. CUSTOMER TYPE Individual Indicate the total number of accounts by individual (natural persons) and the total amount (in naira for naira accounts and United States Dollars foreign currency). This should be Outstanding Credit Balance (i. e. Account Balance) as end of the reporting Month. Corporate CUSTOMER TYPE INDIVIDUAL 0 0 0 CORPORATE 0 0 0 1. TOTAL DEPOSIT TRANSACTIONS Indicate the total number of accounts by corporate/legal persons and the total amount (in naira for naira accounts and United States Dollars foreign currency accounts). This should be Outstanding Credit Balance (ie Account Balance) as end of the reporting Month. SIZE OF TRANSACTIONS (DEPOSITS) This refers to the total number and value of deposits for each branch. These deposits include tenured funds. It is the total deposit balance for the bank at the end of the month. It is the summation of the balances reported under Individual and Corporate Customer Type.

ML/TF RISK ASSESSMENT FORM: INPUT DATA BY FINANCIAL INSTITUTIONS (CONT’D) 20 POLITICALLY EXPOSED PERSONS (PEPS) INHERENT RISK: Higher Risk Customers 1. Customer NO. 0 N'M 0 $'000 0 NO. 0 N'M 0 $'000 DISTRIBUTOR/MARKET ER NO. 0 N'M 0 $'000 PEPs Public Sector clients NGOs/NPOs OIL AND GAS COMPANIES CRUDE OIL DRILLING IMPORTER 0 $'000 BY-PRODUCT VENDOR NO. 0 0 $'000 IMPORTERS AND EXPORTERS (NON-OIL & GAS) NO. N'M 0 NO. 0 N'M 0 $'000 0 This refers to all accounts operated by PEPs as defined in Regulation 18 of CBN AML/CFT Regulation 2013 and Section 25 of the Money Laundering (Prohibition) Act, 2012. The total credit balances for these categories of customers’ accounts should be reported here. PUBLIC SECTOR CLIENTS The total credit balances for all accounts operated by ministries, departments and agencies of government at all the three tiers of government should be stated. NON-GOVERNMENTAL ORGANISATIONS/NOT-FOR PROFIT ORGANISATIONS This includes faith based organizations, charities, clubs and societies. NGOs can range from large regional, national or international charities to community-based self-help groups. NGOs may also include research institutes, churches, professional associations and lobby groups. NGOs typically depend (in whole or in part) on charitable donations and voluntary service for support. The total credit balances for these categories of customers’ accounts should be reported here. OIL AND GAS COMPANIES These are clients that are involved in both upstream and downstream sectors of the industry. They are further classified into crude oil drilling; distributor/marketer; importer and by-product vendors. The total credit balances for each of the sub-classifications should be reported here. IMPORTERS AND EXPORTERS (NON-OIL AND GAS) This refers to accounts of clients that are involved in importing and exporting not related to oil and gas. The total credit balances for these categories of customers’ accounts should be reported here.

ML/TF RISK ASSESSMENT FORM: INPUT DATA BY FINANCIAL INSTITUTIONS (CONT’D) 21 NON-RESIDENT LEGAL PERSONS & ARRANGEMENTS NO. NON-RESIDENT LEGAL PERSONS AND ARRANGEMENTS 0 NON-RESIDENT INDIVIDUALS N'M 0 $'000 0 NON-RESIDENT INDIVIDUALS N'M 0 NO. 0 $'000 0 These are accounts operated by Nigerians that are not resident within the country or non-Nigerian citizen who: (i) is not a lawful permanent resident of Nigeria during the calendar year and who does not meet the substantial presence test or (ii) has not been issued an alien registration permit. The total credit balances for these categories of customers’ accounts should be reported here. 0 N'M MONEY SERVICE BUSINESS 0 $'000 This refers to legal persons such as off-shore trusts and special purpose vehicles (SPV) that are not domiciled in Nigeria. The total credit balances for these categories of customers’ accounts should be reported here. MONEY SERVICE BUSINESS (MSB) STORE VALUE CARDS 0 0 NO. 0 N'M 0 $'000 0 This includes prepaid cards and gift card issuers, e-money issuers, e. t. c. The total credit balances for accounts operated by this category of clients should be reported here. 0 $'000 REAL ESTATE BROKERS AND AGENTS NO. N'M LAWYERS, TRUSTEES, ACCOUNTANTS, e. t. c $'000 SECURITIES BROKERS AND AGENTS, MUTUAL FUNDS MANAGERS/ADMINISTRATORS 0 N'M HIGH VALUE BUSINESS N'M This includes bureaux de change, currency dealers; money transmitters; cheque cashers; and issuers of travellers’ cheques, and money orders (such as NIPOST). The total credit balances for accounts operated by this category of clients should be reported here. HIGH VALUE BUSINESS This refers to dealers in jewelry and precious metals, cars and luxury goods, and other related businesses that deal in high value luxury goods. The total credit balances for accounts operated by this category of clients should be reported here. SECURITY BROKERS AND AGENTS, MUTUAL FUND MANAGERS/ADMINISTRATORS Examples include Investment Brokers Deposit Brokers, Funds and Portfolio Manager /administrators Accounts (accounts managed by agents on behalf of underlying parties including omnibus and concentration accounts). The total credit balances for accounts operated by this category of clients should be reported here. LAWYERS, TRUSTEES, ACCOUNTANTS, etc. Clients acting on behalf of others such as Lawyers, Trustees, Accountants and others that are acting on behalf of underlying customers or others. The total credit balances for accounts operated by this category of clients should be reported here. REAL ESTATE BROKERS AND AGENTS

ML/TF RISK ASSESSMENT FORM: INPUT DATA BY FINANCIAL INSTITUTIONS (CONT’D) 22 2. INHERENT RISK: Higher Risk Products and Services 0 CASH SECURED CREDITS INCLUDING CREDIT CARDS NO. 0 N'M 0 $'000 0 NO. 0 1. PRODUCTS AND SERVICES CASH SECURED CREDITS PURCHASE AND SALE OF MONETARY INSTRUMENTS A cash-secured loan is one that has a cash reserve as backing. The total number and naira value of such activities within the concerned period should be indicated. Note that this should also include secured credit cards. PURCHASE AND SALE OF MONETARY INSTRUMENTS N'M 0 CROSS BORDER NO. 0 N'M 0 Total credit transactions of all wire transfers should be reported here based on the following two sub-groups: 0 $'000 WIRE TRANSFERS $'000 0 This covers local and foreign money instruments sold and purchased. WIRE TRANSFERS 1. DOMESTIC Foreign Wire Transfers Domestic Wire Transfers 2. CORRESPONDENT BANKING $'000 NO. 0 CORRESPONDENT BANKING 0 N'M 0 PRIVATE BANKING SERVICE No 0 0 TRUSTS 0 N'M PRIVATE BANKING SERVICES $'000 0 NO. 0 N'M 0 $'000 0 Transactions with correspondent banks, including Payable-Through-Accounts (PTA) should be reported here. A PTA is where a foreign financial institution provides its customers, commonly referred to as “sub account holders, ” with cheques that allow them to draw funds from the foreign financial institutions account from a Nigerian financial institution. Private banking clients including high net worth clients and offshore services should be reported in this category. Private banking account means an account (or any combination of accounts) maintained at a financial institution covered by the regulation that requires a minimum aggregate deposit of funds or other assets of not less than United States $50, 000 or its equivalent. TRUSTS This includes financial institutions acting as trustees and other fiduciary services including custody, portfolio and asset management, etc.

ML/TF RISK ASSESSMENT FORM: INPUT DATA BY FINANCIAL INSTITUTIONS (CONT’D) 23 3. INHERENT RISK: Higher Risk on Delivery risk 0 NO. 0 DELIVERY RISK INTERNET/E-BANKING 0 NO. 0 N'M 0 $'000 0 NO. 0 N'M 0 23 $'000 OTHER NON FACE-T 0 -FACE SERVICES (Specify) 0 PHONE AND MOBILE BANKING N'M $'000 0 E-BANKING (INTERNET BANKING) PHONE AND MOBILE BANKING OTHER NON FACE-TO-FACE SERVICES

ML/TF RISK ASSESSMENT FORM: INPUT DATA BY FINANCIAL INSTITUTIONS (CONT’D) 24 (AML/CFT) REPORTS FILED Statistics of AML/CFT Reports filed with the Nigeria Financial Intelligence Unit (NFIU) such as: Ø Currency Transaction Reports (CTRs); Ø Foreign currency Transaction Reports (FTRs); and Ø Suspicious Transaction Reports (STRs) should be reported. FRAUD Statistics of fraud committed by customers and staff of each branch within the time under consideration should be reported. ARMED ROBBERIES Statistics of armed robberies that have occurred involving the branch of the bank within the time under consideration should be reported. AML/CFT PENALTIES IMPOSED Financial institutions that contravene AML/CFT laws and regulations, whether in their home jurisdictions or abroad are penalized. This could be in various forms such as fines, warnings etc.

RISK MITIGANTS 25 1) Financial institutions are expected to put measures in place to mitigate the impact of risks arising from both the structural and inherent risks. Such measures include: Corporate Governance and Control of the Board ü Is there AML/CFT policies in place? ü Has the policies been approved by the Board? ü How often is it reviewed? ü Are the policies adequate? ü Has the Board designate any of its committee to handle AML issues and reports.

RISK MITIGANTS (Cont’d) 26 2) Risk Management ü ü Is there a specialized Risk Management group or unit within the bank? If so, does its function include ML/FT risk? ü 3) Does the risk management function include ML/FT risks Does the bank have a ML/FT risk classification system? AML Policies and Procedures ü Does the bank have written and Board approved policies and procedures for CDD/KYC principles? ü Have the policies and procedures been disseminated to all bank employees and management? How was this dissemination conducted? ü Is there a system for testing compliance with the CDD policies and procedures and the AML/CFT legislation? Who is responsible?

RISK MITIGANTS (Cont’d) 27 4) Monitoring and Suspicious Activity Reporting ü ü Are there specific monitoring systems for terrorism finance? ü What type of customers does the bank refuse to do business with? Why? ü Are there specific monitoring mechanisms for PEPs? ü 5) Does the bank have an internal system for detecting and reporting unusual and suspicious activities? Is it manual or automated? Who analyzes unusual and suspicious activities detected? Internal Controls and Audit functions ü Does the bank have an Internal Audit Department/function? ü Does the Internal Audit review and test the AML/CFT program, CDD/KYC policies and procedures? ü Is there a specific AML/CFT audit plan? ü Does internal audit review the Compliance function? ü When was it last reviewed? ü What were the findings?

RISK MITIGANTS (Cont’d) 28 6) Compliance function ü Has the Board of Directors established a compliance function and approved a compliance policy that covers all significant business lines and processes ü Has the bank appointed an AML/CFT compliance officer? ü If so, provide the name, functions and status within the organization? Is it at managerial level? Is there resource allocation to the compliance function? ü 7) Training ü Is there an AML/CFT training programme in place for employees? ü Is it approved by the Board of Directors? ü What was the AML/CFT training budget for last year? Current year? ü What type of AML/CFT training, if any, does your institution have for its employees? ü When was the last training program delivered? ü What is the frequency of training provided?

RISK ASSESSMENT TOOLS FOR BANK EXAMINERS 29 (a) ML/FT Risk Assessment Matrix (b) Control Function/Mitigants (c) Risk Assessment Summary

KEY 30

31 PARAMETERS THE SCALE OF RISK Above Overage 2 High Category: 1 Moderate Low 3 4 Score: I. STRUCTURAL RISK Low Moderate Above Overage High From To More than To Data Input Gross Total Structural Risk N'bn 1. Total Asset Size - 2. Ownership structure a. PEP Ownership: or, i) PEP shareholders (10% or more participation) ii) No PEPs % b. Local/ Foreign Ownership: i) Domestic ii) Foreign (10% or more participation) % - 3. Year of establishment a. >= 5 years, or b. < 5 years Years -

INHERENT RISK Higher Risk Customers, Products, Services, Geographic Zones and Delivery Channels Low 1. Customer From Moderate To From Above Overage To From High To More than a. PEPS (national and foreign, including embassies and consulates) Data Input Total Inherent Risk (Customers) Weight NO. 0 - 0% 0% N'M - 1, 234, 20, 39, 1, 234, 20, 39 $'000 - 0% 0% b. Public sector clients (central, state, local, gov't owned companies and institutions, etc. ) NO. N'M - $'000 - 0% c. NGOs/NPOs (including charities and religious organisations) NO. N'M - 0% $'000 - 0% d. Oil and gas companies Crude Oil Drilling NO. - 0% N'M - 0% $'000 - 0% - - 0% Distributor/Marketer NO. N'M $'000 Importer NO. - N'M $'000 - 0% - - 0% By-Product Vendor NO. N'M $'000 - 0% e. Importers & Exporters: non-oil and gas NO. N'M - 0% $'000 - 0% - 0% - 0% f. Non-resident: Legal persons and arrangements 1, 234, 44, 39, 1, 234, 44, 39 1, 234, 45, 39, 1, 234, 45, 39 g. Non-resident individuals NO. N'M $'000 NO. - N'M - 0% $'000 - 0% - h. Money service business (including money remitters, bureau de change(incl. foreign exchange operations of hotels) NO. - 0% N'M - 0% $'000 - 0% i. Stored value/pre-paid card/e-money issuers. NO. $'000 - 0% N'M - 0% j. High value business (e. g. car dealers, others ) NO. N'M - 0% $'000 - - 0% - 0% 0% k. Securities brokers and agents, mutual fund managers/administrators. NO. N'M $'000 l. Lawyers, trustees, accountants and other clients acting on behalf of others. NO. - N'M 32 m. Real estate brokers and agents - - 0% $'000 NO. N'M - 0% $'000 - 0%

Low Moderate Above Average High 2. Products and Services From To N'M $'000 c. Wire transfers: (a) cross border transfers & (b) purely domestic transfers. 0 Domestic $'000 d. Correspondent banking ( including payable through accounts) 0% - - 0% - 0% NO. $'000 N'M - 0% - 0% Cross Border Weight NO. N'M NO. b. Purchase and sale of monetary instruments Total Inherent Risk (Products and Services) More than a. Cash secured credits (back-to-back loans, including credit cards) Data Input NO. - 0% - 0% - 0% NO. N'M e. Private banking (including high net worth clients ) $'000 NO. N'M f. Trust (bank as trustee) and other fiduciary services (including custody, portfolio and asset management, etc. ) 33 $'000 - - 0% - - 0% - - 0% NO. N'M $'000 - - 0%

Low Moderate Above Overage High 3. Delivery risk Data Input From To Total Inherent Risk (Delivery Risk) More than Weight NO. a. Ebanking (internet banking) 0% - 0% $'000 - N'M 0 - 0% NO. b. Phone and mobile banking N'M 0% - $'000 - 0% NO. c. Other Non face-to-face services (specify) 0% - $'000 - N'M 0% 0 - 0% 34 -

Low Moderate Above Overage High 4. Geographic and country risk Total Inherent Risk (Geographic Zone) Data Input From To More than Weight a. Local b. Foreign Risk Band High 4 #DIV/0! #DIV/0! 35

CONSOLIDATED SCALE & WEIGHT 36

37 APPLICATION OF RISK CONTROL/MITIGANTS

CONTROL/MITIGANTS QUESTIONNAIRE 38 The rating given to each of the seven components identified (governance, risk management systems, policies and procedures, internal controls, compliance, reporting and training) is used as data-input to the matrix (mitigants part) to profile each bank’s net risk. Rating: Use a scale of 1 (Strong) through 4 (weak/non existence). When assigning a rating, the Supervisor must take into account the balance between policy, procedures and their implementation. Assessment of implementation will largely be conducted during onsite inspections.

1. Corporate governance/ board of directors 1 # Needs Improvement 3 Weak # Needs Improvement 5. Compliance # 3 Weak 4. Internal control # 4 Weak 3. Policies and procedures # 4 Needs Improvement 2. Risk management # 4 Strong 3 # 6. Monitoring and reporting (STRs) 39 7. Training

ML/FT RISK MATRIX: SUMMARY 40

INSTITUTIONAL RISK PROFILE: ANALYSIS 41

SECTORAL RISK MAPPING: INDIVIDUAL FI NET RISK RATINGS 42

SECTORAL RISK MAPPING: SUPERVISION STRATEGY, SCOPE AND FREQUENCY OF ONSITE INSPECTIONS 43

Questions? 44