Compliance and risk management 

As financial authorities adapt to evolving criminal threats, risk assessment has become a foundation of AML/CFT compliance worldwide . Banks and financial institutions need to understand how to effectively manage the money laundering and terrorist financing risks they face, so that they also meet their compliance obligations.

Finding an appropriate balance between compliance and risk management is difficult: as a result, financial institutions need to understand their risk management compliance obligations, relevant best practices and how to assess risks when onboarding or controlling clients.

What is Compliance Risk Management?

While traditional AML/CFT strategies were based on post-hoc analysis of money laundering and terrorist financing incidents, financial crime has evolved as money launderers become more sophisticated and exploit emerging technologies. In response to this development, authorities now require financial institutions to be proactive in the face of criminal threats by assessing the level of risk posed by their customers, geographic locations or industry sectors in which they operate, and adjusting their AML/CFT measures.

The principle of « risk-based » money laundering was introduced in 2009 by the UK Financial Services Agency ( FSA ) and taken up by the Financial Action Task Force ( FATF) in 2012. The FATF introduced a requirement risk-based anti-money laundering strategy in its 40 Recommendations , codifying a compliance obligation for companies to assess the risk of money laundering and terrorist financing.

The risk-based approach to anti-money laundering is less about eliminating money laundering threats and more about ensuring that financial institutions have safeguards in place to detect and report them. Similarly, risk management is a way for companies to balance their compliance obligations with their budget and resources, organically integrating risk control mechanisms without compromising business and customer service objectives.

Good risk management practices

Consistency: A consistent understanding of risk management should underpin the financial institution’s risk culture and compliance attitude. To this end, financial institutions should implement a consistent risk management framework in each location, industry and country in which they operate. The operating model should be formally defined in writing and facilitate forums for senior management to review and discuss risk assessment procedures and their results.

Data and technology:AML risk assessment relies on the collection and analysis of large amounts of customer data. Businesses can manage these processes more efficiently through technology, automating data flows to gather customer risk information, including negative news stories or changes in political exposure. Automation not only reduces the need for ad hoc data collection and the possibility of human error, but it adds accuracy and efficiency to the risk assessment process itself. Data technology is also extremely useful in analyzing and plotting risk trends over time and helping companies better implement risk compliance measures.

Knowledge and Expertise: While software and automation can dramatically improve risk management capabilities, the importance of human expertise should not be underestimated. Effective risk assessment requires input from a range of subject matter experts with direct experience and involvement in the risks facing the business. The knowledge and expertise of employees should be taken into account both in the development of the compliance risk management methodology and in the risk assessment process itself.

External input: The AML/CFT risk landscape is constantly changing and, by necessity, risk assessment relies on knowledge of emerging threats and new regulations. These emerging risk factors may not be known to a company’s internal compliance employees or may not be detectable by its risk management framework. With this in mind, companies should not only seek to update their internal risk management framework on a regular basis, but also do so by drawing on information from external sources to ensure a sufficiently deep and detailed understanding of emerging compliance issues. .

Risk standards:Effective risk management involves measuring the effectiveness of risk assessment and risk mediation measures. This means companies must create standards for risk materiality, including a definition of risk and formalized levels of risk tolerance. The standards should also be applied to the risk mediation process to ensure that companies are not constantly addressing the « symptoms » of risk, such as a high volume of hostile media, but identifying the root causes of compliance issues, such as business relationships in a particularly poorly regulated country. Finally, standards should be established for training and incentivizing employees who work in a compliance function, to inform and

Risk assessments

 Compliance risk management policies should take into account both the individual risk posed by customers due to their personal liability and the geographic risk posed by the location of a business. Practical risk assessment measures should reflect this combined threat and inform the company’s ongoing AML/CFT approach. Consequently, to ensure compliance with the regulations, the risk assessment must include the following measures:

• Customer Due Diligence: As the foundation of the risk-based approach to AML/CFT, Customer Due Diligence (CDD) measures should enable businesses to verify the identity of their customers and the nature of their activities, and in doing so, to accurately establish the level of money laundering risk they present.
• Sanctions Screening: Customers should be screened against international sanctions lists High-risk customers may require further investigation to resolve ambiguous naming conventions or the use of pseudonyms.
• Filtering Negative Media Information : Customers whose media is negative about them may be at higher risk for money laundering. Companies need to be able to collect and analyze this negative information as it arises.
• Screening of politically exposed persons: When clients assume certain political roles, a change in status increases their risk of money laundering. Accordingly, risk assessments should address changes in the status of Politically Exposed Persons (PEPs).

AML Compliance Solution

Use real-time financial crime information to comply with anti-money laundering legislation and keep pace with regulations.

Learn more