Risk assessment is the basis of applying the risk-based approach in any organization. Performing an AML risk assessment enables an organization to understand how, and to what extent, it is vulnerable to money laundering and terrorist financing.
What is Risk Assessment?
It involves identifying the risks associated with any business and evaluating them on the basis of their likelihood and impact. AML risk assessment is the calculation of the possibilities of a money laundering event taking place.
Usually, the AML risk assessment results in the categorization of risk. This helps the organizations to determine the level of anti-money laundering resources necessary to mitigate that risk. Documentation is necessary to store the results. Additionally, communication with relevant personnel within a given organization is also essential.
An organization’s risk assessment does not necessarily have to be overly complex. But it should be in line with the nature and size of the organization, business model, and related products.
For smaller or less complex organization or small financial institutions and banks a simple risk assessment is sufficient. Typically, when the bank’s customers have similar profiles or where the bank offers limited range of products risk assessment structures are not complex.
On the other hand, where the bank’s products and services are more complex risk assessment is challenging. When there are multiple subsidiaries, branches, products, or their customer base is more diverse, then risk assessment structure is complex.
Factors for the risk assessment
For identifying and assessing the money laundering risk to which organizations are exposed, banks should consider a range of factors which should include the following:
- The nature, scale, diversity and complexity of their business
- An organization’s target markets
- The number of customers already identified as high risk
- The jurisdictions of the organization
- Either through its own activities
- or the activities of customers, especially in jurisdictions with relatively higher levels of corruption or organized crime,
- or deficient country-level anti-money laundering measures
- The distribution channels, the extent of dealing directly with the customer or the extent to which it relies on third parties to perform AML measures.
- The internal audit and regulatory findings
- The volume of business activities like transactions, considering the usual activity of the organization and the profile of its customers.
Risk Based Approach to AML
An organization’s biggest compliance risks will cause the most disruption in terms of time spent on investigations, money spent on regulatory settlements, negative media coverage, negative impact on business partnerships and so forth. In such scenario, Risk Based Approach to Money Laundering becomes crucial to tackle the risk. Additionally, a Certification in Risk Based Money Laundering plays an important role in creating awareness among the compliance staff.
During the risk-based approach organisation identifies the highest compliance risks; and make them the priority for controls, policies, and procedures. Once the organization’s AML compliance program reduces those highest risks to acceptable levels, they move on to the next lower risks.
Organizations should complement this information with information obtained from relevant internal and external sources. Heads of business, relationship managers are primary sources about the customers.
Additionally, national risk assessments, lists issued by inter-governmental organisations and national governments also form a part of risk assessment methods. Organizations also review their assessments periodically. Sometimes on an annual basis, and in any case when their circumstances change, or relevant new threats emerge.
The risk assessment should be approved by senior management and form the basis for the development of policies and procedures to mitigate the money laundering risk, reflecting the risk appetite of the organization and stating the risk level deemed acceptable. In this regard, and organization should also make sure that, policies, procedures, measures and controls to mitigate the money laundering risks should be consistent with the risk assessment.
Examples of Risk
Let’s make a few money laundering risk examples in the financial services industry, which refers to banks and financial institutions in particular.
Retail Banking
In retail banking, the main areas of the money laundering risk lie in the provision of services to cash-intensive businesses. The volume of transactions and high-value transactions, and the diversity of services.
Wealth Management
In risk management, the main area of the money laundering risk lies in the culture of confidentiality. The difficulty in identifying beneficial owners and concealment through offshore trusts are high-risk areas. Additionally, Banking secrecy, the complexity of financial services and products, and high-value transactions also increase risk.
Correspondent Banking
Last but not least, in correspondent banking, the main areas of risk lie in high-value transactions. Within limited information about the remitter and source of funds, especially when executing transactions with a bank located in a high-risk jurisdiction that does not comply or with international standards.
