Maria Konstantinou
Head of Compliance · CJ Solutions
The moment your firm receives its regulatory licence, your AML obligations are live. Regulators expect newly licensed firms to have a fully operational compliance framework from day one — not a work in progress. This checklist covers the essential elements you need to have in place before you onboard your first client.
11. Appoint a Qualified MLRO
Every regulated firm must appoint a Money Laundering Reporting Officer (MLRO) who is approved by the regulator. The MLRO must have sufficient seniority, independence, and resources to carry out their responsibilities effectively. They are personally responsible for receiving and evaluating internal suspicious activity reports and making external disclosures to the Financial Intelligence Unit.
22. Establish Your AML/CFT Policies and Procedures
Your AML/CFT policy manual must cover: customer risk assessment methodology; customer due diligence (CDD) and enhanced due diligence (EDD) procedures; transaction monitoring rules and thresholds; suspicious activity reporting procedures; record-keeping requirements; and staff training obligations. Policies must be reviewed and updated at least annually.
33. Implement a Customer Risk Assessment
Before onboarding any client, you must assess their risk level based on factors including country of residence, business type, source of funds, and PEP/sanctions status. Your risk assessment methodology must be documented and consistently applied. High-risk clients require EDD and senior management sign-off before onboarding.
44. Set Up Transaction Monitoring
You must have a system in place to monitor customer transactions for unusual patterns. This can be a dedicated software solution or, for smaller firms, a manual process with documented rules and thresholds. All alerts must be investigated and documented, and suspicious transactions must be reported to the MLRO within 24 hours of detection.
55. Train Your Staff
All staff who deal with customers or handle transactions must receive AML training before they begin their duties and at least annually thereafter. Training must cover the firm's AML policies, how to identify red flags, and how to make an internal suspicious activity report. Training records must be maintained for at least five years.
AML compliance is not a one-time project — it is an ongoing programme that must evolve as your business grows and the regulatory landscape changes. CJ Solutions offers AML compliance outsourcing services, including MLRO-as-a-service, policy drafting, and staff training, to help newly licensed firms hit the ground running.