Internal control rules: how to develop and what you need to know about them from 2022

Who are the changes for?

Decree of the Government of the Russian Federation of July 14, 2022 No. 1188 (hereinafter referred to as Decree No. 1188) approved certain requirements for internal control rules that develop:

• lawyers;
• notaries;
• persons providing legal or accounting services;
• audit companies and individual auditors.

These requirements were adopted to comply with the provisions of the Federal Law of August 7, 2001 No. 115-FZ “On combating the legalization (laundering) of proceeds from crime and the financing of terrorism” (hereinafter referred to as Law No. 115-FZ). Namely, according to paragraph 1 of its Art. 7.1, the requirements of this Federal Law regarding the organization of internal control apply to the listed persons.

INTERNAL CONTROL FOR AML/CFT PURPOSES (Federal Law No. 115-FZ dated 07.08.2001)

This article reveals the issues of organizing and implementing internal control in order to combat the legalization (laundering) of proceeds from crime and the financing of terrorism (hereinafter referred to as AML/CFT) in organizations that are subjects of the Federal Law of 07.08.2001 No. 115-FZ “On Combating legalization (laundering) of proceeds from crime and financing of terrorism.”

Internal control for AML/CFT purposes is an integral part of the organization's overall internal control system. The main task of internal control is to monitor compliance with legal requirements, including licensing requirements, when the organization carries out business activities. In addition, internal control is aimed at identifying and preventing violations in the activities of the organization, as well as identifying the causes and culprits of such violations.

The absence of an internal control system or an insufficient level of its effectiveness leads to violations of legal requirements, which inevitably entails bringing the organization and its officials to administrative or criminal liability, regulatory consequences in the form of suspension or revocation of a license, qualification certificates of the organization's officials, exclusion from the relevant registers , as well as reputational risks. It is unlikely that any of the partners or clients will want to cooperate with a company that operates in violation of established legal requirements.

All this speaks to the importance of the internal control system and ensuring a high level of its effectiveness. Internal control in the organization is carried out through:

1. development of internal documents in accordance with current legislation;
2. appointment of persons responsible for compliance with internal documents;
3. Management of risks;
4. establishing personal liability of employees for non-compliance with internal documents;
5. introduction into practice of methods and methods for implementing internal control using a dual control system and specialized software;
6. eliminating conflicts of interest;
7. building effective intracommunication channels of communication between employees, employees and management, the company with the environment represented by third parties (contractors, partners, clients, supervisory authorities);
8. clear division of powers of employees;
9. conducting briefings and training both within the organization and in specialized training centers.

In Western countries, especially in banks and financial companies, the term “compliance control” is often used instead of internal control. Compliance itself (eng. compliance - agreement, correspondence; comes from the verb to comply - correspond) - the Oxford English Dictionary gives the following definition of this term - action in accordance with a request or instruction; obedience. In turn, compliance control is a broader concept that includes not only internal control, but also work with external third parties (counterparties, clients, partners and supervisory authorities) in terms of identification, updating data, and conducting assessment activities and reducing risks in the company's activities. In this case, compliance control is aimed at creating a reliable “foundation” and stable operating conditions for the organization. Increasingly, Russian companies are reconsidering their view of internal control and adopting the practices of Western countries, introducing the principles of compliance control into their activities.

Let us dwell in more detail on the organization and implementation of internal control for AML/CFT purposes. As already noted, this type of control is an integral part of the organization’s overall internal control system.

The basis of the legislation of the Russian Federation in the field of AML/CFT is the Federal Law of August 7, 2001 No. 115-FZ “On Combating the Legalization (Laundering) of Proceeds from Crime and the Financing of Terrorism” (hereinafter referred to as Federal Law No. 115), in accordance with Art. 5 of which organizations that carry out transactions with funds or other property and are obliged to comply with the requirements of legislation in the field of AML/CFT include:

1. credit organizations (CO);
2. leasing companies;
3. organizations of federal postal services;
4. organizations engaged in the purchase, purchase and sale of precious metals and precious stones, jewelry made from them and scrap of such products, with the exception of religious organizations, museums and organizations using precious metals, their chemical compounds, precious stones for medical, scientific research purposes or as part of tools, devices, equipment and products for industrial and technical purposes;
5. organizations that operate sweepstakes and bookmakers, as well as those that organize and conduct lotteries, sweepstakes (mutual betting) and other risk-based games, including in electronic form;
6. organizations providing intermediary services in real estate purchase and sale transactions;
7. payment acceptance operators;
8. commercial organizations entering into financing agreements for the assignment of monetary claims as financial agents (factoring);
9. telecom operators who have the right to independently provide mobile radiotelephone services;
10. individual entrepreneurs (IP) purchasing, purchasing and selling precious metals and precious stones, jewelry made from them and scrap of such products, and individual entrepreneurs (IP) providing intermediary services in real estate purchase and sale transactions;
11. non-credit financial organizations (hereinafter - NFO):
    • professional securities market participants (PSMP);

    insurance organizations (except for medical insurance organizations operating exclusively in the field of compulsory health insurance), insurance brokers;

12. pawnshops;
13. organizations that manage investment funds or non-state pension funds (UC UIF);
14. credit consumer cooperatives (CCC), including agricultural credit consumer cooperatives (ACCC);
15. microfinance organizations (MFOs) in the form of microcredit companies (MCCs) and microfinance companies (MFCs);
16. mutual insurance societies (OVS);
17. non-state pension funds (NPFs) in terms of carrying out activities related to non-state pension provision;
18. individual entrepreneurs (IP) who are insurance brokers.

Internal control for AML/CFT purposes is aimed, first of all, at compliance with the requirements of the legislation of the Russian Federation in the field of AML/CFT. A selection of regulatory legal acts of the Russian Federation in the field of AML/CFT is provided in a separate article on our website.

In accordance with the specified regulatory legal acts of the Russian Federation in the field of AML/CFT, organizations carrying out transactions with funds or other property (hereinafter referred to as supervised organizations) are obliged to:

1. develop Internal Control Rules (ICR) for the purpose of combating the legalization (laundering) of proceeds from crime and the financing of terrorism (hereinafter referred to as the Rules for AML/CFT purposes) and update them in a timely manner, taking into account the latest changes in the current legislation of the Russian Federation;
2. appoint from the staff an employee responsible for the implementation of the Rules for AML/CFT purposes and compliance with the requirements of legislation in the field of AML/CFT, (hereinafter referred to as a special official or SDL) who meets the qualification requirements established by the regulatory legal acts of the Russian Federation in the field of AML/CFT, depending on type of organization (credit organization, non-credit financial organization (NFI) or other organization). For certain categories of NFOs, additionally create a structural unit for AML/CFT, which includes at least 2 (two) employees, one of whom is the SDL;
3. register with Rosfinmonitoring (only for leasing companies, payment acceptance operators, real estate agencies, factoring organizations) or the Assay Chamber of the Russian Federation (only for organizations engaged in the purchase, purchase and sale of precious metals and precious stones, jewelry made from them and scrap of such products, as well as jewelry pawn shops);
4. carry out identification (with assignment of risk level) of clients, client representatives and/or beneficiaries before the start of contractual relations, as well as take reasonable and accessible measures to identify beneficial owners (beneficiaries), as well as regularly update information about clients, client representatives, beneficiaries and beneficiaries, received at the stage of their initial identification;
5. identify, document and submit to Rosfinmonitoring, in the manner and within the time limits established by law, information about customer transactions subject to mandatory control, suspicious (unusual) transactions;
6. provide Rosfinmonitoring, upon request, with information about clients, their transactions and beneficiaries;
7. apply measures to freeze (block) funds or other property of individuals and legal entities associated with the list of organizations and individuals in respect of which there is information about their involvement in extremist activities or terrorism (hereinafter referred to as the List of Terrorists) or the list of organizations and individuals , in respect of which there is information about their involvement in the proliferation of weapons of mass destruction (hereinafter referred to as the List of persons distributing weapons of mass destruction), informing Rosfinmonitoring about the measures taken;
8. on a regular basis, but at least once every 3 (three) months, check the presence among its clients of organizations and individuals in respect of which measures to freeze (block) funds or other property have been applied or should be applied, and inform about the results of such Rosfinmonitoring inspections;
9. suspend transactions with funds or other property of clients or refuse to execute a client’s order to carry out a transaction in cases and in the manner established by the legislation of the Russian Federation in the field of AML/CFT, with mandatory notification of Rosfinmonitoring;
10. pay increased attention to any transactions with funds or other property carried out by individuals or legal entities registered, domiciled or located in a state that does not comply with the recommendations of the Financial Action Task Force on Money Laundering (hereinafter referred to as FATF), or with their participation, or on their behalf or in their interests, as well as using an account in a bank registered in the specified state;
11. take reasonable and accessible measures to identify among its clients individuals and legal entities with a high level of risk, as well as among clients who are individuals, foreign public officials (FPEs) and persons holding government and/or public positions in the Russian Federation, and carry out the measures established by law Russian Federation on AML/CFT necessary measures in relation to these categories of clients;
12. Conduct mandatory internal and external (in specialized training centers) training of employees of the organization in the field of AML/CFT in the form of targeted instruction, advanced training (level of knowledge) and in other forms in the manner and with frequency established by the requirements of regulatory acts of the Russian Federation in the field of AML/CFT depending on the type of organization (credit organization, non-credit financial organization (NFI) or other organization);
13. store documents (at least 5 (five) years from the date of termination of the contractual relationship with the client) related to the implementation of internal control for AML/CFT purposes, and maintain a confidentiality regime with respect to documents and information received during the implementation of the Rules for AML/CFT purposes;
14. regularly conduct internal audits of the implementation of the Rules for AML/CFT purposes with the mandatory preparation of a SAO report based on the results of such audits;
15. To remotely interact with Rosfinmonitoring and submit to Rosfinmonitoring the information required by the legislation of the Russian Federation in the field of AML/CFT, an organization must register on the Rosfinmonitoring Internet portal and gain access to its Personal Account (PA) (this requires obtaining an electronic signature (ES).

The list of transactions subject to mandatory control is established by Federal Law No. 115-FZ, and suspicious transactions include transactions that meet the signs and/or criteria of unusual transactions established by the supervised organization itself in the Rules for AML/CFT purposes, taking into account the requirements of regulatory legal acts of the Russian Federation and specifics (features) of its activities.

To implement effective internal control for AML/CFT purposes, it is also necessary to have the following available:

1. List of terrorists and extremists (regularly updated and posted in your personal account on the Rosfinmonitoring Internet portal);
2. List of persons distributing weapons of mass destruction (regularly updated and posted in your personal account on the Rosfinmonitoring Internet portal);
3. The list of states that do not implement the FATF recommendations, approved by Rosfinmonitoring Order No. 361 dated November 10, 2011 “On determining the list of states (territories) that do not comply with the recommendations of the Financial Action Task Force on Money Laundering (FATF).” It currently includes the Islamic Republic of Iran and the Democratic People's Republic of Korea (DPRK);
4. The list of offshore states was approved by Order of the Ministry of Finance of the Russian Federation dated November 13, 2007 No. 108n “On approval of the List of states and territories that provide preferential tax treatment and (or) do not provide for the disclosure and provision of information when conducting financial transactions (offshore zones).”

The authorized body taking measures to combat the legalization (laundering) of proceeds from crime and the financing of terrorism in accordance with Federal Law No. 115-FZ is the Federal Service for Financial Monitoring (FSFM of Russia or Rosfinmonitoring).

Organizations supervised by Rosfinmonitoring include:

1. leasing companies;
2. payment acceptance operators;
3. organizations providing intermediary services in real estate purchase and sale transactions;
4. individual entrepreneurs (IP) providing intermediary services in transactions of purchase and sale of real estate;
5. commercial organizations entering into financing agreements for the assignment of monetary claims as financial agents (factoring).

At the same time, control over compliance with the requirements of the legislation of the Russian Federation in the field of AML/CFT in relation to organizations engaged in the purchase, purchase and sale of precious metals and precious stones, jewelry made from them and scrap of such products is carried out by the Assay Chamber of Russia, and in the financial market, in relation to credit institutions and non-credit financial organizations (NFIs), in agreement with Rosfinmonitoring - the Central Bank of the Russian Federation (Bank of Russia).

The Bank of Russia has the right to carry out control measures for AML/CFT purposes in relation to its supervised organizations - subjects of Federal Law No. 115 in the form of:

1. on-site or desk inspections;
2. sending instructions and requests for the submission of individual documents and information;
3. bringing to administrative responsibility under Art. 15.27 of the Code of Administrative Offenses of the Russian Federation (as a rule, in the form of imposing an administrative fine) or transferring inspection materials to law enforcement agencies to consider the issue of initiating a criminal case if there is a crime;
4. in case of repeated violation within 1 (one) year by a financial market participant of the requirements provided for in Art. 6 and 7 (except for paragraph 3 of Article 7) of Federal Law No. 115, make a decision to cancel, suspend a previously issued license or exclude a supervised organization from the relevant state register of organizations (in particular, for microfinance organizations (MFOs).

Administrative liability for all types of organizations - subjects of Federal Law No. 115 for violations of the requirements of the legislation of the Russian Federation in the field of AML/CFT is established by Art. 15.27 Code of Administrative Offenses of the Russian Federation: “1. Failure to comply with legislation regarding the organization and (or) implementation of internal control, which did not result in failure to provide information about transactions subject to mandatory control, or about transactions in respect of which employees of an organization carrying out transactions with funds or other property suspect that they are being carried out for the purpose of legalization (laundering) of proceeds from crime or financing of terrorism, as well as entailing the submission of the said information to the authorized body in violation of the established deadline, except for the cases provided for in Parts 2 - 4 of this article - entails a warning or the imposition of an administrative fine for officials in the amount of 10 thousand to 30 thousand rubles; for legal entities - from 50 thousand to 100 thousand rubles. 2. Actions (inaction) provided for in Part 1 of this article, resulting in failure to submit information about operations subject to mandatory control to the authorized body, and (or) submission to the authorized body of false information about operations subject to mandatory control, as well as failure to provide information about operations in respect of which employees of an organization carrying out transactions with funds or other property suspect that they are carried out for the purpose of legalizing (laundering) proceeds from crime or financing terrorism - entail the imposition of an administrative fine on officials in the amount of 30 thousand to 50 thousand rubles; for legal entities - from 200 thousand to 400 thousand rubles. or administrative suspension of activities for up to 60 days.

2.1. Failure to comply with the legislation regarding the blocking (freezing) of funds or other property or the suspension of transactions with funds or other property - entails the imposition of an administrative fine on officials in the amount of 30 thousand to 40 thousand rubles; for legal entities - from 300 thousand to 500 thousand rubles. or administrative suspension of activities for up to 60 days. 2.2. Failure to submit to the authorized body information about cases of refusal, on the grounds specified in Federal Law No. 115-FZ, to conclude (execute) bank account (deposit) agreements with clients and (or) to carry out transactions - entails the imposition of an administrative fine on officials in the amount from 30 thousand to 40 thousand rubles; for legal entities - from 300 thousand to 500 thousand rubles. or administrative suspension of activities for up to 60 days. 2.3. Failure to submit to the authorized body, at its request, the information available to an organization carrying out transactions with funds or other property about the transactions of clients and about the beneficial owners of clients or information about the movement of funds through the accounts (deposits) of its clients - entails the imposition of an administrative fine on legal entities in in the amount of 300 thousand to 500 thousand rubles. 3. Obstruction by an organization carrying out transactions with funds or other property from carrying out inspections by an authorized or relevant supervisory body or failure to comply with orders issued by these bodies in order to combat the legalization (laundering) of proceeds from crime and the financing of terrorism - shall entail the imposition of an administrative fine. for officials in the amount of 30 thousand to 50 thousand rubles. or disqualification for a period of 1 to 2 years; for legal entities - from 700 thousand to 1 million rubles. or administrative suspension of activities for up to 90 days. 4. Failure of an organization carrying out transactions with funds or other property, or its official, to comply with the legislation on combating the legalization (laundering) of proceeds from crime and the financing of terrorism, which resulted in the legalization (laundering) of proceeds established by a court verdict that has entered into legal force by criminal means, or financing of terrorism, if these actions (inaction) do not contain a criminal offense - entails the imposition of an administrative fine on officials in the amount of 30 thousand to 50 thousand rubles. or disqualification for a period of 1 to 3 years; for legal entities - from 500 thousand to 1 million rubles. or administrative suspension of activities for up to 90 days. Notes: 1. For administrative offenses provided for in this article, persons carrying out entrepreneurial activities without forming a legal entity bear administrative liability as legal entities. 2. For administrative offenses provided for in Parts 1 and 2 of this article, employees of an organization carrying out transactions with funds or other property, whose duties include identifying and (or) providing information about transactions subject to mandatory control, or about transactions, in in relation to which there are suspicions that they are carried out for the purpose of legalizing (laundering) proceeds from crime or financing terrorism, bear responsibility as officials.”

At the same time, cases of administrative offenses in the field of AML/CFT committed by supervised organizations of the Bank of Russia (NFOs and credit organizations) are considered directly by the Bank of Russia itself.

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —

As part of fulfilling the requirements of the legislation of the Russian Federation in the field of AML/CFT, Law Firm "DEKART" provides the following services to supervised organizations (subjects of Federal Law No. 115):

1. development of a full package of internal documents in the field of AML/CFT, including Rules for AML/CFT purposes, as well as preparation of detailed instructions (recommendations) on organizing special internal control in the field of AML/CFT “from scratch”, implementation of the Rules for AML/CFT purposes TF, compliance with the requirements of the legislation of the Russian Federation in the field of AML/CFT and passing the inspection of the supervisory authority in terms of AML/CFT;
2. audit of the Internal Control Rules (ICR) for AML/CFT purposes for their compliance with the requirements of the current legislation of the Russian Federation in the field of AML/CFT;
3. updating the Rules for AML/CFT purposes (amending) taking into account the requirements of the legislation of the Russian Federation in the field of AML/CFT;
4. comprehensive legal support - performing the functions of a responsible officer in the field of AML/CFT (special officer - SDL);
5. selection of a special official (SDL) who meets the qualification requirements established by law;
6. organization of special internal control in order for the organization to comply with the requirements of legislation in the field of AML/CFT from scratch and on a turnkey basis, including the development of a full package of internal documents for AML/CFT purposes, employee training, etc.;
7. support of inspections of Rosfinmonitoring, the Bank of Russia, the Prosecutor's Office of the Russian Federation, the Assay Chamber of the Russian Federation in the field of AML/CFT;
8. administrative paperwork, representation of the organization’s interests in Rosfinmonitoring and the Bank of Russia;
9. conducting training in the field of AML/CFT in the form of targeted instruction and increasing the level of knowledge (qualifications) in an educational institution accredited by Rosfinmonitoring, with a discount of up to 15%.

You can get acquainted with the cost in the field of AML/CFT in the section “AML/CFT Services” or by contacting our employees at the contacts listed on the website.

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —

SPECIAL OFFER AVAILABLE!

When you enroll in AML/CFT training (Federal Law No. 115) at DECARTE Law Firm, you receive:

1. Audit (verification) of the Internal Control Rules (ICR) in order to combat the legalization (laundering) of proceeds from crime and the financing of terrorism (AML/CFT) for their compliance with the requirements of the current legislation in the field of AML/CFT FREE OF CHARGE.
2. Development of Internal Control Rules for AML/CFT purposes (ICC) with a DISCOUNT (from RUB 8,500 instead of RUB 8,900).
3. Consultation via email [email protected] on compliance with AML/CFT legislation within the hotline is FREE.
4. ADDITIONAL DISCOUNT on all training programs, including seminars (webinars) in the field of AML/CFT, UP TO 15% of the base cost. Thus, taking into account the discount, a webinar on AML/CFT will cost from 2,800 rubles, and a seminar from 4,250 rubles.

To register for training in the field of AML/CFT and receive a discount, just leave a request on the website or contact the employees of Law Firm "DEKART" ( [email protected] or tel. 8 (812) 926-77-95).

What changes to consider

The internal control rules regulate the procedures for the actions of the above-listed persons for anti-money laundering purposes. They are prepared in paper or electronic form. In the latter case, the listed persons certify them with their enhanced qualified electronic signature (for example, the head of a law firm, lawyer or notary). Until January 13, 2022, these rules are drawn up on paper.

Internal control rules drawn up on paper can be stored as an electronic image of the document.

There are fewer mandatory programs that need to be included in the internal control rules. This applies to:

• documenting information;
• suspension of operations;
• actions in case of refusal to execute the client’s order to perform a transaction.

General requirements for the form, structure and content of the ICR for AML/CFT

AML/CFT ICR form

The AML/CFT ICR is a document drawn up on paper.

Supervisory authorities often request the AML/CFT ICR in electronic form. And not scanned copies, but an electronic file in *.doc or *.docx format.

Such requirements, as a rule, are presented by employees of the Bank of Russia and the Prosecutor's Office of the Russian Federation, although current legislation does not provide for the obligation to store an electronic file with the text of the AML/CFT ICR. It’s simply more convenient for inspectors to check the AML/CFT ICR electronically rather than leaf through the paper version.

If violations are detected, you will be required to provide a certified copy of the AML/CFT ICR on paper in order to attach it to the administrative case materials.

Structure and content of the ICR on AML/CFT

ICR for AML/CFT consists of sections - programs for implementing internal control.

What should programs included in the AML/CFT ICR contain?

Each program regulates the performance of specific duties, for example: identification, detection of transactions, freezing (blocking), etc.

Also, the content of the ICR for AML/CFT may include attachments - reference and auxiliary information, forms of questionnaires for identification, various acts, journals and other documents necessary in everyday activities.

From the point of view of ease of use and updating, it is inappropriate to greatly “inflate” the list of applications in the ICR for AML/CFT.

At the same time, there are forms whose presence in the AML/CFT ICR is strictly mandatory. For example, an internal message form (transaction message).

The structure of the ICR for AML/CFT is determined by regulations and differs significantly for NFOs and non-NFFOs.

Important

The requirements of the Bank of Russia for the content of the AML/CFT ICR are much more detailed, which in practice often leads to subjectivity on the part of inspectors.

Which operations are subject to the new requirements?

The new requirements are related to the development of internal control rules for the following transactions with funds or other property carried out by these persons:

• real estate transactions;
• management of funds, securities or other property of the client;
• management of bank or securities accounts;
• raising money to create organizations, ensure their activities or manage them;
• creation of legal entities and foreign structures without forming a legal entity, ensuring their activities or managing them, as well as the purchase and sale of legal entities and foreign structures without forming a legal entity.

But we’ll talk about how tax authorities control your company and what to do if they call you to talk about problematic counterparties in a free webinar tomorrow. Sign up.