LogoRegulatory Alerts
2025-03-31

Discussion Paper on Issues and Practices for Dialogue on Validation of Effectiveness of AML/CFT Frameworks

The Financial Services Agency issued this discussion paper to guide financial institutions on validating the effectiveness of their anti-money laundering and counter-terrorist financing frameworks. It establishes a structured approach for institutions to continuously identify, assess, and mitigate money laundering and terrorist financing risks through regular internal validation and dialogue with regulators. The document outlines specific expectations for board oversight, risk assessment methodologies, and the implementation of mitigation measures to ensure frameworks remain responsive to evolving threats.

Financial Services Agency Japan logo

Japan

Financial Services Agency Japan

Click to view thumbnail

Issues and practices for dialogue on validation of effectiveness of AML/CFT frameworks Version 1 March 31, 2025 Financial Services Agency Discussion Paper [Provisional Translation] The original texts of the Discussion Paper are prepared in Japanese, and this translation is only provisional. The translation is to be used solely as reference material to aid the understanding of the Discussion Paper and is subject to any future changes.

Table of Contents I. Introduction ...........................................................................................................................................................1 II. Purpose and Positioning of This Document ..............................................................................................2

  1. Purpose .........................................................................................................................................................2
  2. Positioning...................................................................................................................................................3 Ⅲ. Validation of Effectiveness at Financial Institutions.............................................................................4
  3. Objectives and Perspectives on Validation of Effectiveness.......................................................5
  4. Expected implementation .......................................................................................................................5 (1) Validation of identification and assessment of ML/FT risks.....................................................6 (2) Validation of mitigation of ML/FT risks..........................................................................................7 (3) Timely validation of effectiveness.................................................................................................. 10 IV. Basic Approach to Dialogue between FIs and FSA............................................................................ 10
  5. Objectives and Perspectives of Dialogue ....................................................................................... 10
  6. Method of dialogue................................................................................................................................ 11 (1) Dialogue on identification and assessment of ML/FT risks ................................................... 12 (2) Dialogue on mitigation of ML/FT risks........................................................................................ 12 (3) Dialogue on timely validation of effectiveness .......................................................................... 13
  7. Points to keep in mind when engaging in dialogue..................................................................... 13
  8. Communicating the authorities' awareness of the issues........................................................... 14
  9. Establishment of Framework for Monitoring................................................................................ 14

1 I. Introduction When financial services are abused to conduct money laundering1 and terrorist financing2 (hereinafter referred to as "ML/TF"), funds may flow to criminals and terrorists, fueling future crime and terrorism, and eventually hindering sound business and civic activities. As the international threat of nuclear weapons, missiles, and terrorism increases, it is imperative for Japan and the international community to work together to cut off funds that are linked to criminals and terrorists. In order to protect people's lives and achieve sound economic development, it is necessary to implement AML/CFT frameworks, particularly at FIs that provide financial services. In addition, if the AML/CFT measures of FIs are vulnerable, they are more likely to be exploited for incidents such as irregular remittances, which may lead to economic losses (costs for responding to incidents, and loss of business opportunities, such as suspension or discontinuation of services due to incidents) and reputational deterioration. Therefore, AML/CFT frameworks are important for FIs to prevent and contain their own economic losses and reputational deterioration. The FSA clarified that AML/CFT frameworks required to FIs by formulating and publishing "Guidelines for Anti-Money Laundering and Combating the Financing of Terrorism (hereinafter referred to as the "AML/CFT guidelines")," which clarified the general concepts of AML/CFT frameworks at FIs in February 2018, and "Frequently Asked Questions Regarding Guidelines for Anti-money Laundering and Combating the Financing of Terrorism (FAQ)" in March 2021. The FSA also requested FIs to complete the development of their AML/CFT frameworks in accordance with "Required Actions" of the AML/CFT guidelines by March 2024, and FIs have been developing the basic framework for ML/FT risk management. The ML/FT risks faced by FIs constantly change depending on the internal environment, such as business strategies, and the external environment, such as financial crime trends. Therefore, FIs need to continuously take effective measures against changing risks. Therefore, it is important for FIs to continuously maintain and enhance their AML/CFT frameworks in accordance with the risks they face, as the risk￾based approach is a central item of the FATF 3 recommendations, which are 1The term "money laundering" refers to an attempt to evade detection and confiscation of proceeds obtained through criminal activity, including proceeds obtained by reselling assets acquired through criminal acts, by concealing the source and ownership of the proceeds. 2The term "terrorist financing" refers to the procurement, transfer, storage, or use of funds, etc., for the purpose of funding the execution of terrorist activities or funding the activities of terrorist organizations. 3FATF is an intergovernmental panel mandated in 1989 as part of the Economic Declaration of the Arch Summit. Delegations from each member jurisdiction analyze the typologies of ML/FT, develop and continuously strengthen international standards (FATF 40 recommendations/interpretive notes) for combating money laundering and terrorist financing, and perform reciprocal evaluation of each member jurisdiction for their implementation (mutual evaluation).

2 international standards, as well as the AML/CFT guidelines, etc. In order to maintain and enhance the AML/CFT frameworks, FIs need to validate whether their AML/CFT frameworks are effectively functioning against risks faced by them. The FSA will continue dialogues with FIs to promote the validation of effectiveness of FIs. In light of these circumstances, this paper deals with the general concepts and procedures on validation of effectiveness for AML/CFT measures implemented by FIs, and the general concepts and procedures of dialogue between the FSA and FIs.4 In this document, the term "validation of effectiveness" is used with the following definitions. ・"Validation of effectiveness": An initiative to confirm that FIs "appropriately identify, assess, and mitigate the ML/FT risks they face" in order to establish effective AML/CFT frameworks in response to changes in ML/FT risks. Like the AML/CFT guidelines, this document also applies to firms that fall under the category of the specified business operators as prescribed in Article 2, paragraph 2 of the Act on Prevention of Transfer of Criminal Proceeds and are under the supervision of the FSA (with the exception of the entities listed in item 48 of the same paragraph, and referred to in this document as "financial institutions."). II. Purpose and Positioning of This Document

  1. Purpose As described above, it is important for FIs to validate the effectiveness of their AML/CFT frameworks and make improvements as necessary. In addition, FIs are required to establish a control environment in which the Board responsible for AML/CFT frameworks can explain their AML/CFT frameworks internally and externally. 5 Therefore, the Board6 responsible for AML/CFT frameworks and other 4Based on the "Direction and Issues of Inspection and Supervision Reform" published by the Advisory Council on Financial Monitoring in March 2017, the FSA published the "Concept and Approach to Financial Inspection and Supervision (Basic Guidelines for Inspection and Supervision)" in June 2018 through a public consultation process. The "Concept and Approach to Financial Inspection and Supervision (Basic Guidelines for Inspection and Supervision)" summarizes the basic concepts and approaches common to all areas of inspection and supervision. Based on the Basic Guidelines for Inspection and Supervision, the FSA will present more specific concepts and approaches for each theme and sector in the form of discussion papers. 5As stated in "III-2 Involvement and Understanding of the Board [Required actions]③"of the AML/CFT guidelines. 6 "The Board" in this document is a concept that may include executives who have the right to represent the FIs, as well as executives who are responsible for AML/CFT frameworks including risk management, system investment, and administration, and executives who are responsible for related sales and audit divisions. It is important for FIs to sufficiently discuss and examine the scope and ideal form of the Board under the leadership of the top

3 executives needs to understand the effectiveness of their AML/CFT frameworks and be able to explain their AML/CFT frameworks internally and externally. 7 To this end, AML/CFT personnel need to explain the results of the validation of effectiveness to the Board in a way that the Board can understand and explain them. The objective of this document is to enable the Board and personnel at FIs to validate the effectiveness of their AML/CFT frameworks, understand the effectiveness of their AML/CFT frameworks, and provide rational and objective explanations. 2. Positioning The AML/CFT guidelines set out "Required Actions" in Chapter II "Risk-based approach" and Chapter III "Evaluation and Review of the ML/FT Risk Control Framework and its Effectiveness," and requires FIs to conduct validation of effectiveness of AML/CFT frameworks in multiple areas. FIs have started validation of effectiveness in response to the "Required Actions" of the AML/CFT guidelines, but the scope and method of validation of effectiveness will be considered by each FI depending on the ML/FT risks they face, and the business and products and services they handle. There is likely to be a wide range of businesses subject to validation of effectiveness and methods that can be used. As of March 2025, many FIs have only recently started validation of effectiveness of AML/CFT frameworks. Therefore, this document provides the FSA's views for FIs to refer to when conducting validation of effectiveness. Furthermore, in order to monitor the effectiveness of AML/CFT frameworks at FIs, the FSA believes it is important to receive explanations from FIs on the effectiveness of their AML/CFT frameworks and confirm the effectiveness through dialogues. Therefore, this document provides the general concepts and procedures for dialogues between the FSA and FIs. Accordingly, this document is intended to serve as a reference for FIs in conducting validation of effectiveness and as a material for dialogue between the FSA and FIs. No particular issues in this document will be applied formally or used as a checklist in the FSA’s monitoring. In any dialogue using this document, the size and characteristics of FIs should be fully taken into account. management. It is desirable to clarify the breakdown of the "the Board" and the allocation of responsibilities through internal rules and other documents. 7For example, from the perspective of customer protection, they may communicate their AML/CFT initiatives to customers so that their customers can use their products and services with confidence. They may also explain their AML/CFT initiatives internally and externally when necessary in order to make certain investments to develop effective AML/CFT measures and to appropriately disclose information on risks and governance.

4 On the following pages, "III. Validation of Effectiveness at FIs" describes the FSA's views on the objectives and perspectives of validation of effectiveness conducted by FIs and the expected implementation, and "IV. Basic Approach to Dialogue between FIs and FSA" describes the FSA's views on the objectives, perspectives, and expected approaches to holding dialogue on validation of effectiveness between FIs and FSA. It is useful for FIs to conduct validation of effectiveness by referring to the concepts described in Chapter III, and explain the effectiveness of their AML/CFT frameworks by referring to the contents of Chapter IV in dialogues on validation of effectiveness with the FSA, instead of using the contents described below as a checklist to confirm their AML/CFT frameworks. Ⅲ. Validation of Effectiveness at Financial Institutions As described above, FIs develop basic AML/CFT frameworks based on the AML/CFT guidelines. On the other hand, even if FIs had developed their AML/CFT frameworks at some point in time in accordance with the "required actions" of the AML/CFT guidelines, they are not considered to have developed effective AML/CFT frameworks in the following cases: ・The identification and assessment of ML/FT risks have not been appropriately reviewed against changing ML/FT risks; ・The mitigation based on the review of the identification and assessment of ML/FT risks has not been conducted appropriately; In order to prevent such cases and ensure that effective AML/CFT frameworks are continuously developed, FIs need to confirm that they are appropriately identifying, assessing, and mitigating the ML/FT risks they face. In addition, if the issues identified as a result of validation are not improved by FIs, it cannot be said that effective AML/CFT frameworks are being developed. Therefore, it is important to take voluntary improvement measures to address such issues. As required by the AML/CFT guidelines, the board of an FI, including the executives responsible for AML/CFT frameworks, not only needs to understand the ML/FT risks faced by the FI and its AML/CFT frameworks, but also needs to develop frameworks for conducting validation of effectiveness, be able to explain for themselves that their AML/CFT frameworks are effective, and be proactively involved in conducting validation of effectiveness and making improvements to address issues identified.

5

  1. Objectives and Perspectives on Validation of Effectiveness Validation of effectiveness is an initiative to confirm that FIs "appropriately identify, assess, and mitigate the ML/FT risks they face" in order to maintain and enhance effective AML/CFT frameworks in response to changes in ML/FT risks. In conducting validation of effectiveness of their AML/CFT frameworks, FIs may validate their AML/CFT frameworks from the following perspectives: 8 (1) Is the identification and assessment of ML/FT risks appropriate? (2) Is the mitigation of ML/FT risks appropriate? In addition, the AML/CFT guidelines require FIs to identify, assess, and mitigate ML/FT risks additionally as necessary when ML/FT risks are identified, such as serious breaches of laws and regulations and frequent cases of ML/FT crime where their products and services are abused. Therefore, it is also important for FIs to conduct validation of effectiveness of their AML/CFT frameworks in light of such events and to make improvements as necessary.
  2. Expected implementation Validation of effectiveness is not a transient effort. It is necessary to continuously conduct validation and make improvements based on the results. Therefore, it is important to create a plan after considering the validation of effectiveness that each FI should conduct, conduct validation according to the plan, and make improvements based on the results of verification, with reference to the following. When preparing the plan on validation of effectiveness, it is possible to select entities for validation of effectiveness, taking into account internal and external information. For example, it is possible to select entities for validation of effectiveness and prepare an annual plan, taking into account the results of identification and assessment of risk, matters pointed out by audits, matters pointed out by the authorities, the status of revision of internal rules and procedures, changes in organizations and systems, changes in products and services handled by FIs, and the results of validation of effectiveness in the past. It is not always necessary to conduct validation of effectiveness of all AML/CFT operations in a single year. For example, there may be operations that conduct validation of effectiveness every year or every few years, depending on the risks. 8The responsible entity of validation does not necessarily have to be independent of the business subject to validation as long as the responsible entity of validation understands their business and has the minimum knowledge necessary to conduct validation of effectiveness.

6 In order to ensure the effectiveness of AML/CFT frameworks, FIs are required to develop effective AML/CFT frameworks by formulating their policies, procedures, and programs, and implementing them consistently throughout the organization with the involvement of the Board. 9 This is also the case with validation of effectiveness. It is important for the Board to take responsibility for defining the roles and responsibilities of the business divisions, control and audit divisions in the fight against ML/FT, and implement measures in a coordinated manner. Therefore, it is also important for management to take the initiative in allocating appropriate resources to conduct validation of effectiveness, and for each division to cooperate in accordance with their roles and responsibilities.10 (1) Validation of identification and assessment of ML/FT risks In developing AML/CFT frameworks, it is important to conduct a risk-based approach. Risk identification is the starting point of a risk-based approach, and risk assessment serves as the basis for specific actions, such as mitigation measures. Therefore, if risk identification and assessment are not appropriate, the basis of AML/CFT frameworks as a whole will be undermined. Therefore, it is important to confirm whether risk identification and assessment are appropriately conducted in validation of effectiveness. Based on the AML/CFT guidelines and other rules, FIs prepare risk assessment documents as a result of identification and assessment of the ML/FT risks they face. Therefore, in order to validate the identification and assessment of ML/FT risks, FIs may need to assess the appropriateness of their processes for preparing risk assessment documents. When the ML/FT risks faced by FIs are identified and assessed based on sufficient information, and are updated in a timely manner in response to changes in risks, the identification and assessment of ML/FT risks are considered to be valid. Specifically, it can be possible to conduct validation from the following perspectives with reference to the AML/CFT guidelines, etc.: ✓ Are internal and external information sufficient to conduct comprehensive and specific validation in identifying risks by FIs? 9The same content is included in the chapter of the AML/CFT guidelines titled "III. Evaluation and Review of the ML/FT Risk Control Framework and its Effectiveness." 10The FSA believes that it is also necessary for the internal audit division to independently confirm the appropriateness of plans, implementation, and improvement with regard to validation of effectiveness.

7 ✓ Are all identified risks assessed by FIs? ✓ Has sufficient information been used in the risk assessment by FIs (whether the risk assessment is also conducted based on an analysis of the status of STR)? ✓ Whether the frequency with which the risk assessment is periodically reviewed and updated on an ad hoc basis is appropriate? (2) Validation of mitigation of ML/FT risks In order to maintain and enhance effective AML/CFT frameworks in response to changes in ML/FT risks, FIs need to appropriately mitigate ML/FT risks based on the identification and assessment of ML/FT risks they face. Therefore, FIs need to confirm whether mitigation measures have been appropriately developed based on the identification and assessment of ML/FT risks and whether mitigation measures have been conducted in accordance with the content of such development in the validation of effectiveness. In order to mitigate ML/FT risks, FIs are responding to the requirements specified in the sections titled "Customer due diligence (CDD)," "Transaction monitoring and screening," "Record keeping," "Suspicious transaction reporting," "IT systems," "Data governance," and "Considerations when making cross-border transfers and similar transactions" in the AML/CFT guidelines. In particular, for businesses for which it is considered important to validate effectiveness, the AML/CFT guidelines already state that effectiveness should be validated. However, it is necessary to validate the effectiveness of the businesses related to risk mitigation described above, including businesses for which "Required Actions" do not explicitly state that effectiveness should be validated, and to constantly review them.11 Therefore, it is possible for FIs to validate qualitatively and quantitatively whether mitigation measures are appropriately developed and whether mitigation measures are conducted in accordance with the measures developed, taking into account the ML/FT risks they face as well as their size and characteristics, and referring to the following perspectives for each of the aforementioned operations to mitigate ML/FT risks. In conducting quantitative validation, FIs may use indicators, such as the number and ratio of STR (e.g., number of customers subject to STR/total number of customers), the number and ratio of cases voluntary restraint of transactions based 11As stated in "III-1 Formulation, implementation, evaluation, and review of AML/CFT policies, procedures and programs (PDCA)" of the AML/CFT guidelines.

8 on suspicion of ML/FT (including financial crime) (e.g., number of customers subject to restraint/total number of customers), the number and ratio of inquiriesfrom investigative authorities/requests of freezing (e.g., number of customers subject to such events/total number of customers), false positive detection rate of transaction monitoring, false positive hit rate of transaction filtering, number of days from detection to STR, response rate to periodic requests for information update in ongoing CDD, and the number of failures to respond to AML/CFT procedures (breaches of procedures, etc.) developed by FIs, referring to FATF documents. ① Validation of development of ML/FT risk mitigation measures Based on the AML/CFT guidelines, FIs have developed mitigation measures, such as rules (policies, procedures, and programs), systems (scenarios, detection standards, logic, etc.), and management systems (organization, allocation of human resources, training, etc.) for ML/FT risk mitigation. In order to maintain and enhance effective AML/CFT frameworks in response to changes in risks, FIs need to confirm whether mitigation measures are appropriately developed and reviewed based on the results of identification and assessment. Based on the premise that ML/FT risk identification and assessment are appropriately conducted, if mitigation measures are developed for all identified risk areas and the mitigation measures are proportionate to the degree of risk assessment, it can be said that mitigation measures, such as rules, systems, and management systems, are appropriately developed. In addition, if the scope and content of rules, systems, and management systems are appropriately reviewed based on the results of identification and assessment when risk identification and assessment are conducted regularly or as needed, it can be said that mitigation measures are appropriately reviewed. In addition to reviewing rules, systems, and management systems from the viewpoint of whether they are sufficiently developed against risks, it also includes suspending, deleting, or redesigning existing rules, systems, and management systems when it is determined that they are no longer necessary due to changes in the external environment. Specifically, validation may be conducted from the following perspectives with reference to the AML/CFT guidelines, etc. ✓ Are there rules, systems, and management systems to mitigate all identified ML/FT risks? ✓ Are rules, systems, management systems, etc. appropriate for the assessment

9 of ML/FT risks? ✓ Whether the scope and content of the rules, systems, and management systems are appropriately reviewed, based on the results of regular or ad hoc risk identification and assessment (for example, if it is found that a detection scenario for transaction monitoring that was initially effective has become an unnecessary scenario due to changes in the external environment, etc., FIs delete the scenario and devote the resources allocated to responding to alerts generated by the scenario to other areas). ② Validation of conducting of ML/FT risk mitigation measures In order to maintain and enhance effective AML/CFT frameworks in response to changes in risks, it is necessary not only to develop mitigation measures but also to confirm that mitigation measures are conducted in accordance with the developed mitigation measures. Based on the premise that appropriate ML/FT risk mitigation measures are developed, if it can be confirmed through sample checks that business are conducted in accordance with rules, that the IT system is operating as designed, and that the management system is effective, it can be said that mitigation measures have been conducted in accordance with mitigation measures. Specifically, validation may be conducted from the following perspectives with reference to the AML/CFT guidelines, etc. ✓ Are practical measures taken for rules, etc. in accordance with developed rules? ✓ Are systems operating according to designed specifications? ✓ Whether the management system is operated as designed (for example, from the following perspectives).

  • Whether each division fulfills its responsibilities in accordance with the duties of division.
  • Are human and other resources allocated as planned?
  • Are established meetings and project teams operated in accordance with their established objectives?
  • Is training conducted as planned?

10 (3) Timely validation of effectiveness As required by the AML/CFT guidelines, when ML/FT risks have actualized, such as serious breaches of laws and regulations and frequent cases of ML/FT crime where their products and services are abused, it is necessary to re-identify, assess, and mitigate the risks in response to the event. If such events occur due to a lack of conventional risk identification, assessment, and mitigation, the AML/CFT frameworks are not effective. Therefore, in order to maintain and enhance the effective AML/CFT frameworks in response to changes in risks, it is necessary to conduct validation of effectiveness from the perspective of whether the conventional risk identification, assessment, and mitigation were appropriate when the event occurred. In addition, when issues are found as a result of validation, it is important not only to make improvements, but also to analyze why similar issues were not found in the conventional validation of effectiveness and improve the efforts of validation of effectiveness as necessary. IV. Basic Approach to Dialogue between FIs and FSA

  1. Objectives and Perspectives of Dialogue The FSA considers that it is important to support FIs' proactive maintenance and enhancement of their AML/CFT frameworks. Therefore, the FSA confirms through dialogues with FIs that their ML/FT risk identification, assessment, and mitigation are appropriate, without formally applying individual issues in this document or using them as a checklist. As mentioned above, the validation of effectiveness is not a transient effort. FIs need to conduct the validation of effectiveness continuously and make improvements based on the results of the validation. Therefore, the FSA places the highest priority on confirming that FIs prepare plans for the validation of effectiveness, conduct the validation in accordance with the plans, and make improvements based on the results of the validation, in the dialogue with FIs. In particular, based on the roles required of the board of an FI for AML/CFT measures, the FSA will hold dialogues with the board focusing on adequate allocation of resources, establishment of programs for coordination between the executives and divisions, and leading involvement. In addition, when holding dialogue with the division in charge of validation of effectiveness and other related divisions, the FSA seeks to gain in-depth understanding

11 of ML/FT risks in FIs by receiving explanations that the ML/FT risk identification, assessment, and mitigation are conducted appropriately and by holding dialogue with FIs, based on the results of validation of effectiveness conducted by referring to the descriptions in Chapter III above. The FSA seeks to receive explanations from FIs and hold dialogues with them from the following perspectives, as is the case with the validation of effectiveness at FIs mentioned in Chapter III. (1) Whether the identification and assessment of ML/FT risks at FIs are appropriate; (2) Whether the development and conducting of ML/FT risk mitigation measures at FIs are appropriate. In addition, the FSA receives explanations from the Internal Audit Division mainly on the status of conducting of internal audits related to validation of effectiveness and the results, and holds dialogue with them. When ML/FT risks have actualized, such as serious breaches of laws and regulations and frequent cases of ML/FT crime where their products and services are abused, the FSA will receive explanations from FIs regarding their efforts on validation of effectiveness in a timely manner, and hold dialogues with them. If the FSA discovers issues, such as insufficient risk identification, assessment, and mitigation, or insufficient validation of effectiveness in the dialogue, it is assumed that FIs identify the causes and make improvements after sharing the understanding with FIs. In order to explain the effectiveness of their AML/CFT frameworks reasonably and objectively in the dialogue, it is useful for FIs to utilize the results of qualitative and quantitative validation. 2. Method of dialogue As mentioned above, the FSA expects to hold dialogues with the boards of FIs, the divisionsin charge of validation of effectiveness and other related divisions (not limited to the 2nd line), and internal audit divisions, from perspectives that are suited to the roles they play. The FSA will hold dialogue with the board of an FI based on the content required by the AML/CFT guidelines, focusing on whether the board allocates appropriate resources for planning, conducting, and improvement, whether the board establishes programs to conduct validation of effectiveness through coordination between the executives and divisions, and whether the board takes the initiative by identifying and

12 discussing the status of validation of effectiveness and giving instructions for additional measures as necessary. The FSA will receive explanations focusing on the status and results of audits conducted independently on the appropriateness of planning, conducting, and improvement related to the validation of effectiveness from the internal audit division, and hold dialogue with them focusing on whether the framework for conducting the validation of effectiveness is appropriate. When holding dialogue with the division in charge of validation of effectiveness and other related divisions, regarding "ML/FT risk identification and assessment," "ML/FT risk mitigation," and "timely validation of effectiveness," based on the results of validation of effectiveness, the FSA will pay attention to the following (1) to (3). (1) Dialogue on identification and assessment of ML/FT risks FIs prepare risk assessment documents as a result of identifying and assessing ML/FT risks. Therefore, before holding a dialogue, the FSA will first understand the latest risk assessment documents submitted by the FI. The FSA will then receive an explanation from the FI on why they consider the risk assessment document to be appropriate (i.e., the results of validation of effectiveness on risk identification and assessment). The FSA then will confirm through dialogue whether the risk identification and assessment conducted by the FI are appropriate, based on the risk assessment documents and the explanation from FIs. In order to conduct in-depth confirmation during dialogue, the FSA believes it is important to have at hand hypotheses on the results of identification and assessment of ML/FT risks faced by FIs, and hold dialogues with FIs based on the hypotheses for confirmation and agreement with each other. The FSA will make the hypotheses based on information on risk identification and assessment, including ML/FT risk amounts reported by FIs every year. The FSA does not impose or induce hypotheses, but listens carefully to the explanations and assertions from FIs and holds dialogues based on their rationality and objectivity. (2) Dialogue on mitigation of ML/FT risks FIs mitigate ML/FT risks by developing and conducting risk mitigation measures based on the identification and assessment of ML/FT risks. Therefore, the FSA confirms through dialogues that FIs appropriately develop risk mitigation measures

13 and conduct risk mitigation measures based on risk mitigation measures. The FSA will receive explanations regarding validation of effectiveness on their risk mitigation measures and the results from FIs, and then hold dialogues with them while confirming the results of qualitative and quantitative validation. (3) Dialogue on timely validation of effectiveness In cases where ML/FT risks have actualized, such as serious breaches of laws and regulations and frequent cases of ML/FT crime where their products and services are abused (in the last year or so), the FSA will hold dialogues with the FIs regarding timely validation of effectiveness, including the background to each event and actions to be taken. With regard to timely validation of effectiveness, since the details of conducting validation varies depending on the event that occurred, the perspectives of explanation and dialogue are also likely to vary depending on the event. Therefore, the FSA will receive explanations mainly on the following points from FIs and hold dialogue with them based on the explanations. ➢ Background to the occurrence of each event and details of risk identification, assessment, and mitigation after the event occurred ➢ Results of analysis of causes of each event ➢ Issues and improvements in risk identification, assessment, and mitigation based on cause analysis ➢ Issues and improvements in validation of effectiveness based on cause analysis 3. Points to keep in mind when engaging in dialogue As described above, the FSA believe that it is important for FIs to validate the effectiveness of their AML/CFT frameworks themselves in order to maintain and enhance their AML/CFT frameworks for effective measures in response to changes in risks. Therefore, FIs' own decisions need to be respected, since their actions should be considered in accordance with the ML/FT risks they face. In holding dialogue, the FSA needs to take care not to impose excessive burdens on FIs. With regard to the collection of information from FIs, it is important to make the best use of regularly collected information and collect and discuss truly necessary information. It is also important to review the content and frequency of regularly

14 collected information as appropriate. If the FSA identifies regulatory or supervisory issues or concerns of FIs through dialogues, it is necessary to provide support, such as clarification of the interpretation of laws and regulations. 4. Communicating the authorities' awareness of the issues The FSA will share useful insights and perceptions gained through dialogues (including lessons learned from incidents and cases of advanced practices) with other parties through financial reports and exchanges of views with industry associations, in addition to providing feedback to the FIs that participated in the dialogues. The FSA will also publish the results of specific issues that were intensively monitored, as well as future issues and viewpoints, as necessary. Furthermore, in the event that issues requiring consideration, such as changes to laws and regulations, are identified, the FSA will share information and exchange opinions with relevant departments and agencies. 5. Establishment of Framework for Monitoring In order to conduct effective monitoring, it is necessary to develop frameworks on the part of the authorities that conduct such monitoring. It is important to develop and hire human resources who have not only expertise in AML/CFT frameworks but also the ability to identify potential risks and issues of FIs by collecting and analyzing diverse and wide-ranging information, the ability to determine the relative importance of matters, and the ability to hold dialogues with the boards of FIs. At the same time, it is important for the FSA as a whole to maintain a high level of knowledge about FIs and their business types as well as knowledge and experience regarding AML/CFT frameworks, and to develop an organizational framework and culture that enables full utilization of such knowledge and experience. For example, it is possible to compile case studies of significant domestic and international problems to deepen the concept of AML/CFT. It is also possible to develop frameworks in which various information obtained in the monitoring process can be accumulated appropriately and effectively used in future monitoring. or more

Share