Clear policies set out what the organisation’s response to tackling IWT is. These are supported by procedures outlining how the organisation builds these controls into their operating models.
Lines Of Defence
Whilst a policy should work across the whole organisation, we recommend that you create specific procedures for each different business line or grouping within your organisation, including Senior Management, Front-line business teams, Risk & Compliance, Operations, Procurement & HR.
Due Diligence
Mitigate the risk of direct & indirect links to IWT through due diligence on customers, staff, 3rd party suppliers, investments and investors.
Ongoing Monitoring
Firms should screen their business relationships against specific IWT databases to identify any potential links to criminal convictions both at onboarding and on an ongoing basis.
Risk Appetite
Setting out the firm’s response to tackling IWT and related appetite or tolerance for businesses or customers which present the highest risk of links to IWT.
Scope
What does the policy cover and who does it apply to. Consider splitting out your policies for internal staff as well as external stakeholders (eg clients, suppliers and 3rd parties).
Legal Framework
Outlining the relevant local regulatory requirements as well as international standards and best practice (incorporating relevant IWT, Financial Crime and ESG recommendations).
Key Principles
Where are the key risk areas (eg: clients, investments, supply chains, people and or investors) your business is exposed to and via.
Definitions
Key and relevant terms covered by the policy (eg: IWT, Money Laundering and other Serious and Organised Crimes (SOCs).
Systems & Controls
A summary of the risk based approach and key controls employed to detect and report potential linkages to IWT.
Roles & Responsibilities
Across all 3 lines of defence, including a statement of governance & accountability (who is responsible for protecting the firm against IWT risk (typically this is all staff or all front line staff) and who is your nominated accountable executive and reporting officer).
Policy Effective Date
Plus revision history.
Adverse Media Best Practice Guide (Dow Jones & Themis, 2020) best practice guide outlining steps firms can incorporate strong adverse media practices into their systems, tools, policies and procedures.
