AMLComplianceFinancial Industry

How To Develop A Risk Based Approach

How to develop a risk based approach

This post has already been read 460 times!

How To Develop A Risk Based Approach

How to develop a risk based approach
How to develop a risk based approach

FATF advocate a risk based approach to manage Money Laundering and Terrorist Financing. But how do you develop a risk based approach and what does the term mean? Read on for a guide.

Assessing Risk and Developing a Risk Scoring Model

  • Risk-based AML controls are key and required in many countries
  • Increases the chances of avoiding criminals and government sanctions and penalties
  • Risk-Based Approach – RBA – A risk-based approach requires institutions to have systems and controls that are commensurate with the specific risks of money laundering and terrorist financing. Assessing these risks is, therefore, one of the most important steps in creating a good AML/CFT compliance program.

Levels of Risk

Prohibited Company will not tolerate any dealings of any kind. Examples: Prohibited transactions: Involving countries subject to sanctions. Prohibited customers: shell banks.

High Risk The risks are significant, but not necessarily prohibited. To manage the heightened risk, the firm should apply more stringent controls. Examples: PEPs, correspondent banking, private banking

Retail Banking

How to Investigate Money Laundering

By Andy / 17 November 2019 / 0 Comments
AML suspicious activity

Money Laundering Red Flags

By Andy / 27 May 2019 / 0 Comments

Cyber Money Laundering 101

By Andy / 10 June 2019 / 0 Comments
Money Laundering Definition

What are the best Money Laundering Schemes?

By Andy / 19 November 2019 / 0 Comments

What is a Politically Exposed Person?

By Andy / 13 November 2019 / 0 Comments

CUM_EX DIVIDEND FRAUD EXPLAINED

By Andy / 29 September 2019 / 0 Comments
Money Laundering Compliance

Preventing Money Laundering 101

By Andy / 22 June 2019 / 0 Comments
How to Assess and Manage Risk

Anti Money Laundering Warning Signs

By Andy / 6 July 2019 / 0 Comments
CDD - KYC - EDD

AML Compliance Vacancies

By Andy / 1 June 2019 / 0 Comments

Medium Risk Medium risks are more than a low or standard risk of money laundering, and merit additional scrutiny, but do not rise to the level of high-risk. Examples: Local company exporting some goods to Canada

Low Risk Baseline risk of money laundering; normal business rules apply. FATF member countries and domestic retail customers are frequently, but not always, considered to be standard- or low-risk. Examples: School teacher

Risk Types

Risk
Risk

Below the three main risk types there are structural risks.

Summary Risk Factors

Geographical Risk. Sanctions are frequently enforced against countries lacking adequate AML/CFT controls, terrorist funding countries, corruption, etc. They are more so now, enforced against sectors and even individuals.

Customer Risk. Casinos, offshore corporations, banks located in tax havens, leather good stores, currency exchange houses, money remitters, check cashers, car/boat/plane dealers, travel agencies, gem dealers, import/export, cash intensive businesses, etc.

Product Risk. PEPs, Private banking, offshore international activity, deposit-taking facilities, wire transfer and cash management functions, transactions in which beneficiary is undisclosed, traveller checks, money orders, etc.

FATF: CDD and Risk-Based Approach

  • USA Patriot Act Section 319:
    • CDD measures:
      • Identifying customer and verifying identity
      • Identifying beneficial owner, and verifying identity
      • Obtaining information on business relationship
      • Conducting ongoing due diligence on business relationship and scrutiny of transactions

The Financial Institution should determine the extent of such measures on a risk sensitive basis depending on the type of customer, business relationship or transaction.

Risk Assessment Links to the AML Management Program

Internal risk divergence
Internal risk divergence

How law enforcement may see negligence with a risk based approach. When obvious errors are missed or indeed deliberately and willfully ignored. The blue route suggests criminal insiders.

Policies and Procedures

  • Must be in writing
  • Endorsement of management
  • Overview of laws and regulations
  • What constitutes suspicious activity and how to deal with it
  • Procedures when reporting suspicious activity
  • How to deal with regulatory or law enforcement requests
  • While policies and procedures provide important guidance, the AML/CFT Program also relies on a variety of internal controls, including management reports, and other built-in safeguards that keep the program working.
    • Should include:
      • Identify high risk operations
      • Make sure board or committee of the board/senior management is informed of compliance initiatives, corrective actions, suspicious activity
      • Assign clear accountability to persons for performance of duties
      • Provide for program continuity
      • Meet regulatory requirements
      • Provide for periodic review
  • Use a risk-based approach
  • Provide sufficient controls and monitoring systems for timely detection of suspicious activity/large currency transactions
  • Provide for dual controls and segregation of duties
  • Comply with all record keeping requirements
  • Adequate supervision of employees who handle large currency transactions, complete records, grant exemptions
  • Train employees to be aware of their responsibilities
  • Implement screening programs to ensure high standards when hiring employees
  • Test effectiveness of the program
  • Use a risk-based approach
  • Provide sufficient controls and monitoring systems for timely detection of suspicious activity/large currency transactions
  • Provide for dual controls and segregation of duties
  • Comply with all record keeping requirements
  • Adequate supervision of employees who handle large currency transactions, complete records, grant exemptions
  • Train employees to be aware of their responsibilities
  • Implement screening programs to ensure high standards when hiring employees
  • Test effectiveness of the program.

The compliance officer should be responsible for designing and implementing the program, making necessary changes and disseminating the information about the program’s success and failures to key staff members, constructing AML/CFT related content for staff training programs and staying current on legal and regulatory developments in the field.

Role of Compliance

  1. Designing and supporting a regulatory risk framework for the business
  2. Supporting and challenging business line management on the completeness and accuracy of compliance risk management activities
  3. Advice to business units on regulatory obligations/expectations and the creation and implementation of compliance policies
  4. Monitoring and reporting
    The role of compliance should be to take the lead in identifying and managing the significant regulatory and reputational risks to which the business is exposed
Retail Banking

How to Investigate Money Laundering

By Andy / 17 November 2019 / 0 Comments
AML suspicious activity

Money Laundering Red Flags

By Andy / 27 May 2019 / 0 Comments

Cyber Money Laundering 101

By Andy / 10 June 2019 / 0 Comments
Money Laundering Definition

What are the best Money Laundering Schemes?

By Andy / 19 November 2019 / 0 Comments

What is a Politically Exposed Person?

By Andy / 13 November 2019 / 0 Comments

CUM_EX DIVIDEND FRAUD EXPLAINED

By Andy / 29 September 2019 / 0 Comments
Money Laundering Compliance

Preventing Money Laundering 101

By Andy / 22 June 2019 / 0 Comments
How to Assess and Manage Risk

Anti Money Laundering Warning Signs

By Andy / 6 July 2019 / 0 Comments
CDD - KYC - EDD

AML Compliance Vacancies

By Andy / 1 June 2019 / 0 Comments

Key Questions to Consider

  1. Do you have a formally stated, clearly articulated vision/role for compliance?
  2. Has the board approved the strategy for compliance to meet its objectives and does it have an adequate budget?
  3. Does the business have clear mechanisms for measuring the performance of compliance versus strategy?
  4. Is there a clear allocation of responsibilities between the first line and compliance. Is this understood?
  5. Does it work?

AML/CFT Training

  • Document all training, even informal training at staff meetings, etc.
  • Ensure training is appropriate for target audience.
  • Provide training for the AML/CFT officer and staff conducting independent audit and testing.
  • Train senior management and board of directors on AML/CFT risks to the institution.
  • Maintain detailed records of attendance and publish metrics.
  • Why, who, how, where, when and what needs training.

Contact us to design a training package.

Effective Program Management

  • AML/CFT compliance programs are not static
  • Policies and procedures and internal controls need to evolve
  • Systems and procedures need to be tested, tuned and refined
  • Risk assessments need to be reevaluated
  • Senior management needs to be knowledgeable about the changes to the AML/CFT Program and approve them periodically
  • Audit and regulatory findings should be tracked and reported to senior management

Independent Review

  • Are proper records being maintained?
  • Are SARs/STRs properly filled out and filed in a timely fashion?
  • Is proper identification being requested from customers and verified?
  • Are “high risk” accounts being reviewed regularly?
  • Is the program being followed?
  • Do all employees understand the program?
  • Are the proper procedures in place?
  • Are employees of the institution using the procedures as required?
  • Are customers subjected to sanctions screening?
  • What processes are used for transaction monitoring?
  • Are employees being trained adequately?

Contact us for an independent review of your systems.

We can tress test your provision.

Compliance Culture

  • Embedding a compliance culture into the overall institutional culture is key to an effective AML/CFT program
  • Strong Culture of Compliance – Setting the Tone at the Top Guides and reinforces employees as they make decisions and choices each day. Raising awareness, to the point where everyone in the organization feels compelled to deter and detect money laundering, is vital.

FINCEN, the US FIU, issued an advisory on how financial institutions can ensure they maintain a culture of compliance:

  1. Leadership actively supports compliance
  2. Mitigation of AML/CFT risk is not compromised by revenue interests
  3. Internal information sharing
  4. Adequate resources for the AML/CFT program
  5. Independent testing by competent party
  6. Understand how STR reporting is used

Board Responsibility

  • Ultimate responsibility for the AML/CFT program rests with the board of directors
  • Reviewing and approving the overall AML/CFT program and ensuring that there is on-going oversight.
  • Make sure the program is adequately implemented and maintained by staff.
  • Responsibility Does not mean that board members are expected to become AML/CFT experts themselves, or that they are responsible for day-today program management.

Board Responsibility – During Audit/Exam

  • The board’s oversight role also extends to the supervisor’s examination process:
    • Examiners/auditors interview board and management to gauge the board’s commitment to compliance, its understanding of the law, and knowledge of how the institution operates
    • Ensure that any necessary corrective action is taken in respect of deficiencies found during the audit process. Specific duties can be delegated, but the board will be responsible if problems, cited by the examiner or the auditor, are not corrected

Board of Directors – Showing Commitment

  • Establishing a strong compliance plan that is approved by the board of directors and is fully implemented
  • Insisting that it be kept informed of compliance efforts, audit reports and any compliance failures, with corrective measures instituted
  • Communicating compliance expectations to the institution personnel
  • Employment is conditional on regulatory compliance

Independence of AML/CFT Compliance Team

  • Compliance staff should generally also be sufficiently independent of the line of business they support so that potential conflicts of interest are minimized.
  • No incentive based on the profitability of the line of business they support, to avoid a conflict of interest.
  • Compliance staff may sit within the line of business and report to line management, but it should have the ability to escalate issues without fear of recrimination to a compliance or risk management function outside the line of business.

Register for our newsletter today

close

Register for our newsletter today