Risk assessment is the basis of applying the risk-based approach in any organization. Performing an AML risk assessment enables an organization to understand how, and to what extent, it is vulnerable to money laundering and terrorist financing.
What is Risk Assessment ?
It involves identifying the risks associated with any business and evaluating them on the basis of their likelihood and impact. AML risk assessment is calculation of the possibilities of money laundering event taking place.
Usually, the AML risk assessment results in categorization of risk. This helps the organizations to determine the level of anti-money laundering resources necessary to mitigate that risk. Documentation is necessary to store the results. Additionally, communication with relevant personnel within a given organization is also essential.
An organization’s risk assessment does not necessarily have to be overly complex. But it should be in line with the nature and size of the organization, business model, and related products.
For smaller or less complex organization or small financial institutions and banks a simple risk assessment is sufficient. Typically, when the bank’s customers have similar profiles or where the bank offers limited range of products risk assessment structures are not complex.
On the other hand, where the bank’s products and services are more complex risk assessment is challenging. When there are multiple subsidiaries, branches, products, or their customer base is more diverse, then risk assessment structure is complex.
Factors for the risk assessment
For identifying and assessing the money laundering risk to which organizations are exposed, banks should consider a range of factors which should include the following:
- The nature, scale, diversity and complexity of their business
- An organizations target markets
- The number of customers already identified as high risk
- The jurisdictions of organization
- Either through its own activities
- or the activities of customers, especially jurisdictions with relatively higher levels of corruption or organised crime,
- or deficient country-level anti-money laundering measures
- The distribution channels, the extent of dealing directly with the customer or the extent to which it relies on third parties to perform AML measures.
- The internal audit and regulatory findings
- The volume of business activities like transactions, considering the usual activity of the organization and the profile of its customers.
Risk Based Approach to AML
An organization’s biggest compliance risks will cause the most disruption in terms of time spent on investigations, money spent on regulatory settlements, negative media coverage, negative impact on business partnerships and so forth. In such scenario, Risk Based Approach to Money Laundering becomes crucial to tackle the risk. Additionally, a Certification in Risk Based Money Laundering plays an important role in creating awareness among the compliance staff.
During the risk-based approach organisation identifies the highest compliance risks; and make them the priority for controls, policies, and procedures. Once the organization’s AML compliance program reduces those highest risks to acceptable levels, they move on to the next lower risks.
Organizations should complement this information with information obtained from relevant internal and external sources. Heads of business, relationship managers are primary sources about the customers.
Additionally, national risk assessments, lists issued by inter-governmental organisations and national governments also form a part of risk assessment methods. Organizations also review their assessments periodically. Sometimes on an annual basis, and in any case when their circumstances change, or relevant new threats emerge.
The risk assessment should be approved by senior management and form the basis for the development of policies and procedures to mitigate the money laundering risk, reflecting the risk appetite of the organization and stating the risk level deemed acceptable. In this regard, and organization should also make sure that, policies, procedures, measures and controls to mitigate the money laundering risks should be consistent with the risk assessment.
Examples of Risk
Let’s make a few money laundering risk examples in the financial services industry, which refers to banks and financial institutions in particular.
In retail banking, main areas of the money laundering risk lies in the provision of services to cash-intensive businesses. The volume of transactions and high-value transactions, and in the diversity of services.
In wealth management, main areas of the money laundering risk lies in the culture of confidentiality. The difficulty to identify beneficial owners and concealment through offshore trusts are high risk areas. Additionally, Banking secrecy, the complexity of financial services and products, and high value transactions also increases risk.
Last but not least, in correspondent banking, the main areas of the risk lies in high value transactions. Within limited information about the remitter and source of funds, especially when executing transactions with a bank located in high risk jurisdiction that does not comply or with international standards.