14.3. Group policies
14.3.1. Group policy compliance
A Relevant Person which is part of a Group must ensure that it:
- (a) includes the provisions in policies and procedures of the Group concerning information sharing between Group entities on the Group’s compliance, audit and AML functions. The information that is being shared should include CDD information that had been reviewed for money laundering risk mitigation purposes and analysis (if any) of transactions or activities which appear unusual;
- (a-a) understands the policies and procedures covering the sharing of information between Group entities, particularly when sharing CDD information;
- (b) has in place adequate safeguards on the prevention of tipping-off and the confidentiality and use of information exchanged between Group entities;
- (c) remains aware of the money laundering risks of the Group as a whole and of its exposure to the Group and takes active steps to mitigate such risks;
- (d) contributes to a Group-wide risk assessment to identify and assess money laundering risks for the Group;
- (e) provides its Group-wide compliance, audit and AML functions with customer account and transaction information from branches and subsidiaries for AML purposes; and
- (f) ensures that its branches and majority-owned subsidiaries in host countries implement the requirements of the AIFC, to the extent that host country laws and regulations permit. If the host country does not permit the proper implementation of the measures above, financial groups should apply appropriate additional measures to manage the money laundering risks, and inform the AFSA of such measures.