On-going monitoring
The risk assessment of an obliged entity and the customer's risk classification form the basis for a decision on how the monitoring of money laundering and terrorist financing shall be conducted. On-going monitoring involves monitoring customer information, on the one hand, and their transactions, on the other.
Monitoring of information
Obliged entities shall update customer information on a regular basis and provide additional information as necessity dictates. Changes in customer information, contractual relationships or related individual aspects, as well as the risk assessment of obliged entities may provide grounds to perform new due diligence in light of the changed information. The risk assessment of obliged entities can also give rise to new due diligence being performed on a regular basis.
The documented risk assessment or rules of the obliged entity shall specify the timing of the updated due diligence with regard to the risk classification of individual customers or groups, as applicable.
Obliged entities shall regularly assess whether a customer or beneficial owner is in a risk group, due to being a politically exposed person.
Transaction monitoring
Obliged entities shall regularly monitor contractual relationships with customers and provide adequate information on transactions conducted during the term of the agreement to ensure that their transactions are consistent with available information and risk assessments. The entities must also confirm, as appropriate, the sources of the funds used in the transactions and take appropriate measures to verify the relevant information.
Obliged entities shall ensure that there is increased or systematic monitoring of higher risk transactions and contractual relationships.
Monitoring systems, methods and procedures
In order to carry out periodic inspections, obliged entities shall have automated monitoring systems in place to flag transactions under certain circumstances and/or methods and processes for detecting deviations or suspicious transactions of their customers. Systems and methods shall at least include the following elements:
- that certain transfers or transactions are flagged or examined, based on pre-determined criteria or rules,
- that the relevant transfers or transactions are examined and investigated by the relevant employee of the obliged entity,
- that a position is taken on the transfers or transactions that are flagged, with regard to the available information about the customer and
- to take appropriate measures, such as further investigation of the transactions, if an examination reveals suspicious transactions.
Obliged entities shall also investigate, as far as possible, the background and purpose of all transactions, which at least one of the following conditions applies to:
-
in the case of complex transactions,
-
in the case of unusually high transactions,
-
in the case of unusual business patterns or
-
in the case of transactions that do not appear to have an economic or legal purpose.
All such transactions and related contractual relationships shall be subject to increased scrutiny for the purpose of identifying whether they are suspicious transactions.
Useful links
- Conducting a risk assessment for money laundering and terrorist financing
- Regulation no. 545/2019 on risk assessment (Icelandic)
- Regulation no. 745/2019 on due diligence (Icelandic)
- Due diligence - educational material of the steering group on measures against Money Laundering and Terrorist Financing (Icelandic)