Risk-Based Anti-Money Laundering Approach

A risk-based approach to anti-money laundering is essential for effective compliance programs worldwide.

Financial institutions face an increasing array of money laundering threats, and modern financial criminals have a range of tools to evade the countermeasures put in place to stop them. Therefore, to balance the needs of efficiency, cost and compliance obligations, financial institutions must be able to respond to threats on a contextual basis. The most effective way to achieve this objective is to adopt a risk-based approach, ie an AML compliance program tailored to the individual levels of risk exposure that each client presents.

History of the risk-based approach

Prior to the introduction of risk-based approaches to anti-money laundering, banks and financial institutions managed their compliance obligations using a « tick box » approach, i.e. completing simply a standardized list of anti-money laundering requirements for each customer. While this standardized approach prevailed in the 1990s, the UK’s Financial Services Authority (FSA) first proposed a « risk-based » approach in its 2000 publication A New Regulator for the New Millennium . The concept of risk- based anti -money launderingwas first implemented in 2007 by the Financial Action Task Force and codified in its 2012 update of the international standards on combating money laundering and the financing of terrorism and proliferation – also known as the « 40 Recommendations ».

FATF’s 2012 endorsement of the risk-based approach to anti-money laundering set the global standard and ensured its continued use in all FATF member states.

Principles of the risk-based approach

In principle, the risk-based approach shifts the focus of anti-money laundering compliance from data analysis to proactive judgment. Financial institutions must continuously work to understand the money laundering threats they face and deploy proportionate measures to manage their risk exposure.

In practice, this means that customers can be categorized individually based on their risk exposure – and “high risk” customers are subject to increased anti-money laundering scrutiny. In general, the risk-based approach allows financial institutions to

• Recognize the existence of a risk
• Perform risk assessments
• Develop and deploy strategies to address risks

Implemented effectively, the risk-based approach allows for a balanced integration of human judgment and smart technology into the AML compliance process.

Carrying out the risk assessment

Accurate risk assessment is at the heart of the risk-based approach. There are two distinct categories of risk that guide the compliance efforts of financial institutions. The first is the idea of ​​geographic risk: the vulnerability to money laundering threats that countries face domestically. The second is the idea of ​​individual risk, meaning the specific risks that financial institutions face from their customers and how their internal anti-money laundering process manages that risk. Financial institutions should consider these risks when assessing them:

• Vulnerability: What money laundering and crime threats – like drug trafficking or gambling – is the business exposed to?
• Infrastructure: Does the business have any blind spots or administrative gaps that allow money launderers to thrive?
• Regulations: Does the company understand and properly meet its regulatory obligations?

Business specifics: Can the business be exposed to more specific risks – for example, those presented by particular customers, products, or geographic location?

How does the risk-based approach work?

In accordance with FATF recommendations, financial institutions must implement a risk-based anti-money laundering program that includes a number of important measures, each of which is designed to accurately identify individual customers. and the businesses in which they are involved. In more detail, financial institutions should:

• Develop and implement appropriate Know Your Customer (KYC) and Customer Due Diligence (CDD) measures to verify that customers are who they say they are and are telling the truth about the business in which they are engaged.
  • KYC and CDD are fundamental principles of risk-based anti-money laundering: high-risk customers may be subject to enhanced CDD measures for which more identifying information is required.
• Screen new and existing customers against national and international sanctions lists such as the United States Specially Designated Nationals ( SDN) List and the United Nations Consolidated List .
• Politically Exposed Person ( PEP) Screening Lists : As a customer’s political status changes, their money laundering risk profile changes as often.
• Screening for unwanted media : If a customer is the subject of negative news, anywhere in the world, their AML risk profile may also change.
• Appoint an AML Compliance Officer : The person appointed to this position should have sufficient authority within the business to be able to identify money laundering threats and act accordingly.

Continuous monitoring: The risk-based approach to compliance with anti-money laundering legislation is a process, which means that customers must be subject to continuous monitoring throughout the business relationship. Ongoing monitoring is important because the risk profile of clients can change over time. Financial institutions need to be able to react to new levels of risk exposure to ensure that new money laundering threats are identified as quickly as possible.