How to conduct a Business and Customer Risk Assessment
How to conduct a Business and Customer Risk Assessment
A business risk assessment provides visibility of the levels of AML risks within your firm to demonstrate the application of a risk-based approach.
The outcome of the BRA is an AML risk rating for you and the organisational chart of business units is differentiated into high, medium or low risk. The BRA evaluates the AML risks faced by the business and demonstrates that it allocates resources according to the risk-based approach.
Remember, under the 2007 AML Regulations, JMLSG Guidance and FSA SYSC Chapters 3 and 6, firms are required to identify their money laundering risk.
Other elements of the BRA include:
- Allowing you to assess whether resources are being allocated appropriately and effectively
Steps you can take
Risk assess each distinct business unit within the organisation according to information that is as objective and quantitative as possible, preferably customer data on:
- Country location
- Entity type
- Industry sector/trading activities
- Products & services
- Distribution channel
Information on particular risks should be sought from each business unit to identify the concentration of specific risks, e.g:
- High volumes of SARs
- High volumes of legal orders/frozen accounts
- High proportion of high risk customers according to the CRA
- High proportion of PEPs in total customer population
- The methodology should be applied as consistently as possible across you in order to ensure the outcomes are accurate and representative of the risk levels
- The methodology should rely on quantitative data. Where this is unavailable, qualitative information that is reasonably reliable can be employed
- Areas of unknown risks, such as data gaps, should be treated as high risk
- The methodology should be aligned with other existing operational and conduct risk methodologies used by you, e.g. thresholds for determining what is high, medium or low risk, controls evaluation criteria, determination of residual risk, etc
Good Risk Assessment Tips
- There is evidence that your risk assessment informs the design of anti-money laundering controls
- You have identified good sources of information on money-laundering risks
- The risk assessment is a continuous process based on information from internal and external sources
Client Risk Assessment
Establishing a client risk assessment ensures you have a thorough understanding of the financial crime risks prevalent to a client. It is important to help your team understand the minimum requirements for calculating financial crime risk rating for customers. The risk rating is determined by evaluating certain customer attributes aligned to the key risk drivers.
The determination of Low, Medium or High is a representation of an institution’s risk appetite towards each customer. The Customer Risk Rating should inform:
- Decisions to initiate, maintain, limit or discontinue particular relationships
- Frequency and level of CDD
- Application of different levels of on-going monitoring
- Triggering of approval
Customer type risk
Certain types of customers have been associated with an increased risk of money laundering:
- Cash Intensive Businesses
- Money Service Businesses
- Casinos and Gambling
- Unregulated Charities
Customer product risk
Certain products and services have been associated with an increased risk of money laundering or terrorist financing because they allow a customer to conduct unusually large or rapid transactions or they allow transactions to occur with relative anonymity:
- Products that allow customers to convert cash to other monetary instruments (such as traveller’s checks, money orders, cashiers checks and bank drafts)
- Products or service that allow customers to readily move value from one jurisdiction to another
- Private banking services
Customer Geography Risk
Certain geographic locations have been associated with an increased risk of money laundering or terrorist financing. The fact that a customer is domiciled in such a location or a transaction is originating or concluding in such a location, may not, in and of itself, signify an increased risk. However, geographic risk, in conjunction with other risk factors, may provide useful information as to the potential money laundering or terrorist financing risks:
- Countries subject to sanctions, embargoes or similar measures issued by governmental bodies and international organisations, such as OFAC, HM Treasury or the United Nations
- Countries identified by the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) as of primary money laundering concern or the subject of FinCEN Advisories
- Countries identified by the Financial Action Task Force (FATF) with strategic AML/CFT deficiencies in the fight against money laundering or the subject of a FATF statement
Related Posts
5 Steps for Conducting Effective Compliance Control Monitoring for Financial Firms
Compliance control monitoring is a crucial aspect of maintaining regulatory compliance for financial firms. The Financial Conduct Authority (FCA) requires firms to have robust controls and monitoring systems in place, and it is up to individual firms to implement these measures effectively. In this article, we will discuss the steps that firms can take to conduct compliance control monitoring.
AML compliance in cryptocurrencies is impacted by the EU's expansion of policies
The European Parliament has decided to approve a set of rules to enhance the EU's anti-money laundering and terrorist financing tools, with a specific focus on the cryptocurrency business. The regulation mandates the implementation of heightened due diligence protocols and identity verifications for customers. Obligatory entities, including cryptocurrency asset managers and institutions, are required to notify Financial Intelligence Units (FIUs) or other competent authorities of any suspicious activities. An elevated degree of due diligence is being applied to the cryptocurrency sector.
Anti Money Laundering warnings
The Financial Conduct Authority (FCA) issued a warning to retail banks in May 2021 (made public on 29 June) over continued weaknesses and failings surrounding their financial crime controls.