Although UK credit unions are different from their Australian counterparts, the UK Financial Services Authority has published a report on its review on AML/CTF compliance by 32 UK credit unions which is of interest.
Some key points:
- staff were not clear about who was responsible for what AML issues;
- staff often relied on trust and personal knowledge rather than formal policies and procedures;
- In some cases the credit unions used formal money laundering reporting forms to update the MLRO, others used informal notes;
- some credit unions still rely on personal knowledge of new members and do not make adequate identity checks. Checks on junior savers were inadequate in a number of cases. Some credit unions did not perform any checks at all on juniors;
- training in all aspects of anti money laundering controls and financial crime
prevention was weak;
- data security varied: "For example, paper files should be locked in secured cabinets with the keys locked in a safe or other secure place; we did see instances where keys were simply left on top of the cabinet…We saw examples during visits where passwords were shared..Some credit unions visited did not know what levels of access had been agreed for third parties needing to interrogate customer records, be it paper or IT based. ..In some instances credit unions had not considered the secure disposal of electronic data and the need to review systems regularly to dispose of records that are no longer relevant."
The FSA also has examples of good and poor AML practice.