Essentials of an AML Business Risk Assessment
THIS ARTICLE PROVIDES INSIGHT ON HOW TO UNDERTAKE AN AML BUSINESS RISK ASSESSMENT.
The first step in developing an AML/CFT compliance framework is to identify to what extent your business is exposed to the likelihood of facilitating ML/FT.
Globally, governments recognise certain areas within a business increase the risk of ML/FT occurring. These areas include the (a) nature, size and complexity of the business, (b) the types of clients or customers that the business deals with, (c) the products or services that the business provides, (d) the methods used to deliver the products or services, (e) the geographies dealt with and (f) the types of relationships that exist with other businesses.
Any one of these areas can expose a business to unwittingly facilitating ML/FT. When two or more of these areas are found to have higher risk, the risk compounds, increasing the probability of ML/FT occurring.
Let’s now look at each of these areas and the variables that should be included in an AML business risk assessment:
Nature, Size & Complexity
Matters that you should include in an AML business risk assessment when analysing the ‘nature, size and complexity’ include –
Annual Turnover
The annual turnover of a business assists to determine the size of business operations. AML/CFT risks: The exploitation of a business for money laundering or the financing of terrorism is increased if the business has a large turnover – thus reducing the opportunity for money laundering or the financing of terrorism transactions to be identified.
Structure
The greater the number of subsidiaries or branches, the greater the level of controls required to ensure your business policy is applied consistently.
AML/CFT risks: Those seeking to undertake money laundering or the financing of terrorism will target businesses with more than one branch if they are able to identify weaknesses in AML/CFT compliance controls. This will allow the launderer to facilitate the placement and/or layering stages.
Management
Having all management onshore assists to reduce risks due to easier communicating channels. AML/CFT risks: Poor oversight of business operations can provide an avenue through which to exploit practices and procedures directly for the purposes of money laundering and the financing of terrorism.
Size of Client Base
The greater the number of clients the greater the exposure to ML FT. Your business should operate with client risk profiling systems so you know which clients present the highest risk. AML/CFT risks: The ability to hide amongst other clients is a crucial factor for those seeking to undertake money laundering or the financing of terrorism.
Product or Service Diversity
The greater the number of products or services provided, the greater the opportunity for a launderer to use a business to layer their dirty funds and integrate with cleansed funds. AML/CFT risks: Each product and service must be risk profiled against vulnerability for ML/FT. This will allow your business to more readily identify account activity that is posing a higher risk.
Geographic Spread
AML/CFT risks: Placing geographical distance between the client and the client’s funds reduces the risk of detection. Many activities are undertaken by people in or through countries with weak or failed AML/CFT controls.
Business Clients
Front companies, shell companies, trusts and company structures established domestically or offshore are used to launder money. At time of client onboarding your procedures should adequately identify the nature and purpose of each business relationship. AML/CFT risks: Businesses are commonly used to mix illegitimate funds with legal funds.
Cash Propensity
The greater the proportion that your business deals in cash, the greater the likelihood that money laundering will occur. Clients that are cash intensive, such as restaurants, entertainment venues, casinos, etc, should be considered a higher risk. AML/CFT risks: Cash is used in the first stage of money laundering known as the placement stage.
Technology
New and developing technologies and products can present unknown ML/FT risks and vulnerabilities. Your programme should detail the procedures, policies and controls that you will implement for this type of customer and technology.
Products and Services
Anonymity or Opaque Ownership
An AML business risk assessment should always incorporate whether any products offer anonymity or opaque ownership. These attributes are attractive to launderers and require enhanced monitoring. This is because these products conceal ownership or wealth. AML/CFT risks: Opaque ownership provides those seeking to undertake money laundering with an ability to remain unknown to authorities. This provides options for laundering large amounts, sometimes on behalf of others – making it a valuable avenue for ongoing abuse.
Cash Exposure
Your business should measure the proportion of transactions that are linked to physical cash. AML/CFT risks: Cash products have greater vulnerability and exposure to the first stage of the money laundering cycle.
Offshore Links
Accessibility from offshore increases ML risk. This is because money laundering typically involves sending assets or funds offshore for the purpose of distancing the launderer from the value. AML/CFT risks: The ability to complete a financial transaction from offshore is an important consideration for those seeking to undertake money laundering. Dealing with clients who are located offshore brings challenges in identifying the persons involved and the source of funds or wealth. You should also be aware of country ML/FT risk.
Third Party Payments
The ability to move funds or receive funds to 3rd parties assists in the layering cycle. Ensure to understand the nature and purpose of 3rd party payments. AML/CFT risks: Moving funds to third parties is used in the layering cycle. The 3rd party may be a cover to make the transaction appear legitimate. Recent prosecutions have shown false invoicing and false loans being used to transact illicit funds between 3rd parties.
High Velocity
When a product can be accessed or liquified within 48 hours, this increases exposure to ML/FT. Ensure customer verification is complete before distribution. If it is a high value product, consider verifying source of wealth or funds.
High Value
High value products or services increase the risk of money laundering occurring. Enhanced due diligence should be considered for high value products by verifying the source of funds or wealth of the customer. AML/CFT risks: High value products or services offer those seeking to undertake money laundering and the financing of terrorism the opportunity to move illicit funds in large amounts with limited exposure.
High Volume
Know your products or services that may be low value but high frequency. AML/CFT risks: The ability to hide amongst other transactions and conduct frequent transactions is a key factor for those seeking to undertake money laundering or the financing of terrorism.
Commission Basis
Products and/or services on a commission basis can lead to conflicts of interest with AML CFT compliance. AML/CFT risks: If staff or 3rd parties receive commission bonus for sale of products or services, this may lead to turning a blind eye to AML/CFT compliance.
Ensure all staff in AML/CFT related roles understand the risks that your
products and services present. This includes senior managers and
Board members.
Customers and Institutions
Customers and institutions is another mandatory consideration when undertaking an AML business risk assessment. If your customer has no intention to use their account for facilitating money laundering, then the overall risk is significantly reduced, however not eliminated.
Business to Business
When considering the businesses that you have a business relationship with, you should include banking relationships and other 3rd party arrangements that are providing a service. Whether they are regulated under AML/CFT laws is relevant to your risk exposure. For clients that operate a business, you need to understand their nature and purpose of account activity. You should also have an understanding of your customer’s customers. Therefore for businesses you should understand their products/services and customer types.
It is essential to profile client relationships. By knowing your higher risk customers you are able to more readily demonstrate an effective risk based approach to managing money laundering risks.
Applying profiling will allow you to identify your higher risk clients. If your higher risk clients also access higher risk products/services, the risk compounds. These clients should therefore receive enhanced ongoing due diligence. AML/CFT risks: Opportunities to complicate processes as well as exploit services are known practices. You should carry out adverse media checks from trusted sources on all client relationships.
Private Individuals
Private individuals will generally be using their account for day-to-day living expenses. This presents less risk to ML/FT. Systems should be able to detect when account activity for private individuals appear business based or unusual. If it is being used for business, you are required to identify and verify the business and understand the nature and purpose of the business activity. AML/CFT risks: Launderers attempt to hide amongst other transactions wherever viable. This approach reduces the risks of being red flagged by AML/CFT systems and controls.
Domestic Businesses
Aspects of a business that creates greater risk includes the products and services that are traded, their geographic reach and their underlying customer types. AML/CFT risks: Those seeking to undertake money laundering and the financing of terrorism will form business entities to allow transactions to appear business related. This approach reduces the risks of being identified by AML/CFT systems and controls.
Offshore Businesses
Offshore transactions increase ML risk. The product and customer types of an offshore business increase ML FT risk. Geography risk for place of incorporation and operations should also be examined. AML/CFT risks: Those seeking to undertake money laundering and the financing of terrorism can form offshore business entities to allow transactions to appear business related. This approach reduces the risks of being identified by AML/CFT systems and controls and limits the ability to fully establish legitimacy of the business.
Trusts
Trusts are a common typology for disguising ultimate beneficiaries and/or hiding assets Trustees, Settlors and Beneficiaries should be verified. AML/CFT risks: Trusts provide a solution to those seeking to undertake money laundering and the financing of terrorism as they can facilitate the creation of false paper trails, hide transactions and maintain secrecy of beneficial ownership.
Charities
Charities are a common typology for enabling terrorism financing as they assist to move funds into war-torn and higher risk countries. AML/CFT risks: Charities provide a solution to those seeking to undertake money laundering and the financing of terrorism as there are multiple ways in which non-profit entities may be misused. For example, misuse through:assets, funding and name, and status.
Politically Exposed Persons
PEPs have greater exposure to acts of corruption, especially from countries with high levels of corruption. Confirm source of funds, maintain a PEP register and increase transaction monitoring.
High Net-Worth Clients
High net worth customers pose a higher risk due to the larger amounts they have available to deposit or invest and the ease of fund movement through private banking type facilities. AML/CFT risks: The ability to deposit and invest large sums provides a viable option to those seeking to undertake money laundering and the financing of terrorism under the disguise of a high net worth individual.
3rd Party Agents
3rd party agents are a common typology and are known as gatekeepers for those that wish to have obscurity to account ownership. Verify the identity of 3rd party agents and the underlying customer(s).
Method of Delivery
Controls during on-boarding are a key consideration when conducting an AML business risk assessment.
Non face-to-face
How your business delivers products or services is a key component to measuring risk. This includes not only at time of client onboarding but also throughout the client’s relationship with your business. Should a client use your service for the placement stage of the laundering cycle, without detection, it becomes a lot harder to detect the ongoing activity as unusual or suspicious. This is why it is important to have very good controls for client identity and verification, as well as understanding the nature and purpose of the client’s relationship with your business.
Ongoing face-to-face
Once your clients are onboarded there should be controls in place to ensure the customer who was verified continues to operate the account.
Reliance on Intermediaries
The use of intermediaries may result in the client’s identity, beneficial owner or effective controller not being transparent to your business. Ensure you have written agreements in place clearly describing each party’s responsibilities. Have procedures in place tonmonitor level of compliance of the intermediary.
Method of Delivery
Understand the communication channels that present higher risk. A verified landline is less risk than communications through the internet.
Geography Risks
Your business is exposed to country risk through a variety of ways including where your clients are domiciled or hold citizenship, where your transactions or activities are originating from or being sent to and for clients that operate as businesses, where their business operations stretch and/or jurisdictions representing their customer base. There are many reputable country risk indexes available that provide information on the risks that a country presents. These include Basel, KnowYourCountry, Transparency International and the Financial Secrecy Index. Though the Financial Action Task Force does not provide an overall risk country score, it does provide valuable information on the strengths and weaknesses of a country’s implementation of ML/FT laws and government oversight.
Risks that a country presents can arise from various circumstances including (a) high corruption, (b) lack of law and order, (c) lack of adequate ML/FT legislation, (d) insufficient government oversight of AML laws, (e) countries known to harbour terrorists, (f) countries known for producing narcotics and/or distribution and/or trans-shipment, (g) provision of financial secrecy. Your AML compliance officer must have knowledge of those countries that your business has direct or indirect relationships with and ensure that systems are in place so that front office staff can detect when a situation presents a higher risk.
Number of International Countries
Money laundering typologies typically move funds offshore at some stage of the cycle. The greater the number of countries of trade, the greater the risk. Have knowledge of countries with higher corruption and lack of AML CFT controls. AML/CFT risks: If a country is known to have weak or non-existent laws to prevent ML/FT and/or a country is known to harbour terrorists, any transaction or activity with those countries must be treated with caution. The preference is for senior managers and/or the AML compliance officer to provide authorisation for such transactions or activity to proceed.
International Transactions
The greater the volume of International transactions the greater the exposure to ML FT occurring. AML/CFT risks: International transactions provide those seeking to undertake money laundering and the financing of terrorism with opportunities to move illicit funds into safer jurisdictions making it harder to recover and associate with the predicate offence. International transactions are also used to distance the launderer from the proximity of their illicit funds.
Sanctions
Sanctions can apply against a private individual, business, company or country. It is important that your business has knowledge of sanctions when dealing with international trade. Sanctions also apply when dealing with currency alone. Therefore if your business provide currency exchange, you must comply with the sanctions distributed by the country in which the currency originates. For the USD the sanctions are known as OFAC. For all countries that are part of the EU, the EU sanctions apply and for all countries that are part of the United Nations, the UN Sanctions apply. Breaching sanctions can result in very high financial penalties.
Primary Countries of Trade
Your business should know the top three countries of trade in volume and value of transactions. Knowledge of the risks those countries present should be outlined in your AML/CFT policy with relevant procedures and controls to mitigate, monitor and manage such risks.
