Bank of Italy: “The internal control systems for money laundering” (April 30th, 2015)

(Unofficial translation of an extract of “Verso un più efficace sistema di contrasto alla criminalità finanziaria: il ruolo del sistema dei controlli interni e della funzione di Compliance”,  25 June 2014,  available in . The second part is available in

On 25 June 2014 Luigi Mariani, deputy head of Bank of Italy supervision department, gave a speech at the “10th Meeting on Compliance” by AICOM (Associazione Italiana Compliance) about “The internal control systems for money laundering”.
Mariani outlined the key points that financial intermediaries are required to adopt for the prevention and fighting of money laundering, also focusing on the main problems and shortcomings of the Italian  banking anti money-laundering system.

Bankit supervision approach

The Bankit anti money-laundering supervision has changed over time – said Mariani – Initially money-laundering was considered a secondary reputational and legal risk but now money-laundering is defined as an autonomous risk capable of affecting the financial stability of banking system.
This type of risk, in common with other compliance risks, cannot be tolerated even to a minimal degree: it must be eliminated.

Risk-based approach

The Italian anti money-laundering regulation requires that very strict obligations are respected, and also that intermediaries adopt organizational measures proportional to their ML risk exposure.
Following this logic, on March 2011, Bankit issued the “AML measures” a document that requires specific controls on money laundering organizations.
The document requires that the board of directors is responsible AML policy formulation and the definition of appropriate operating procedures and also the importance of the structure of internal controls.

Compliance and Anti Money-Laundering (AML)

In a bank the AML function has a relevant role as “second level” control: it has to assess and mitigate the risk that the financial intermediary could be involved in criminal activities. The ML risk is part of the wider legal and reputational risks that the Compliance function has to oversee.
The Compliance function has the primary responsibility for dealing with these risks, as reiterated by the new supervisory provisions relating to internal controls, which anticipate the implementation of the principles and rules of the EU Directive CRD IV.
The directive extends "to all corporate activities" the scope of Compliance as an independent and permanent function, subject to the principle of proportionality.
So, ultimately, the Compliance function must assessment of the adequacy and appropriateness of the second level controls on anti-money laundering and the effectiveness of the behavior of market participants, as well as the residual risk represented by corporate bodies; these activities must be shared with the anti-money laundering function supplying the appropriate information.

Internal Audit and Anti-Money Laundering

The Internal Audit represents third level of control and is responsible for inspections in order to verify the actual conduct and the continuous compliance with AML obligations; of these obligations the most important are “active and passive collaboration.
Use of inspection is a typical prerogative of the internal audit function while the anti-money laundering function can only carry out spot checks on a sample basis.

AML in Italy series

(image from

Ultimi articoli su Banca d'Italia