What is an AML business risk assessment?
A money laundering risk assessment is an analytical process applied to a business to measure the likelihood or probability that the business will unwittingly engage in money laundering or financing of terrorism.
The risk assessment does this by identifying those aspects of a business that are most likely to attract money launderers or those wishing to finance a terrorist act. These known vulnerabilities are often referred to as Key Risk Indicators (KRIs).
What are the key risk indicators for money laundering?
Globally governments have narrowed key risk indicators for a money laundering risk assessment to five primary divisions of (1) Nature, size and complexity of a business, (2) Customer types including B2B and B2C, (3) the types of products and services provided to customers, (4) method of on-boarding new customers and ongoing communications with existing customers and finally, (5) Geography risks.
For each of the five above elements, there are a number of risk drivers that influence the KRIs. The influence will either increase or decrease the risk.
Where the risk driver increases the risk, the risk range or rating will be higher. Conversely, where the measurement of a risk driver is low, the risk rating will decrease. An assessment therefore needs to have a risk range.
To summarise the above points, a money laundering risk assessment requires the identification of Key Risk Indicators, the measurement of risk drivers and the allocation of the findings into a risk range.
A risk range can be a simple rating of Low, Medium and High. An alternative range is to use a 5-level rating of Very Low, Low, Medium, High and Very high.
Individual and Aggregate Risk Levels
The findings of a money laundering risk assessment will result in individual risk scores for each KRI, as well as an aggregate risk score which is the compounded or overall risk that the business presents.
An initial money laundering risk assessment will measure the inherent risk. Inherent risk is the risk that exists without any controls in place.
When the risk assessment includes the inherent risk and measures the strength of controls, this results in a finding of the residual risk. Therefore the ‘real’ risk that the business presents to unwittingly facilitating money laundering or financing of terrorism.
Once the residual risk is calculated, a business will then have an obligation to ensure ongoing identification, management, monitoring and reporting of ML/FT risks.
Money Laundering Risk Assessment
AML360 provides a money laundering risk assessment that follows each of the above mentioned processes.
Money Laundering Risk Assessment Guideline
Go to this link to get a copy of a free money laundering risk assessment guideline.
Examples of Key Risk Drivers
Below are some examples of key risk drivers. These are not exhaustive and are provided solely for demonstration purposes:
Offshore transactions increase ML risk. The product and customer types of an offshore business increase ML FT risk.Geography risk for place of incorporation and operations should also be examined.AML/CFT risks: Those seeking to undertake money laundering and the financing of terrorism can form offshore business entities to allow transactions to appear business related. This approach reduces the risks of being identified byAML/CFT systems and controls and limits the ability to fully establish legitimacy of the business.
Trusts are a common typology for disguising ultimate beneficiaries and/or hiding assets Trustees, Settlors and Beneficiaries should be verified.AML/CFT risks: Trusts provide a solution to those seeking to undertake money laundering and the financing of terrorism as they can facilitate the creation of false paper trails, hide transactions and maintain secrecy of beneficial ownership.
Business to Business Relationships
A money laundering risk assessment should consider the businesses that you have a business relationship with. You should include banking relationships and other 3rd party arrangements that are providing a service. Whether they are regulated under AML/CFT laws is relevant to your risk exposure. For clients that operate a business, you need to understand their nature and purpose of account activity. You should also have an understanding of your customer’s customers. Therefore for businesses you should understand their products/services and customer types.
Applying profiling will allow you to identify your higher risk clients. If your higher risk clients also access higher risk products/services, the risk compounds. These clients should therefore receive enhanced ongoing due diligence.
AML/CFT risks: Opportunities to complicate processes as well as exploit services are known practices. You should carry out adverse media checks from trusted sources on all client relationships and private Individuals.
Private individuals will generally be using their account for day-to-day living expenses. This presents less risk to ML/FT. Systems should be able to detect when account activity for private individuals appear business based or unusual. If it is being used for business, you are required to identify and verify the business and understand the nature and purpose of the business activity. AML/CFT risks: Launderers attempt to hide amongst other transactions wherever viable. This approach reduces the risks of being red flagged by AML/CFT systems and controls.
Products and/or services on a commission basis can lead to conflicts of interest with AML CFT compliance. AML/CFT risks: If staff or 3rd parties receive commission bonus for sale of products or services, this may lead to turning a blind eye to AML/CFT compliance.
High value products or services increase the risk of money laundering occurring.Enhanced due diligence should be considered for high value products by verifying the source of funds or wealth of the customer.AML/CFT risks: High value products or services offer those seeking to undertake money laundering and the financing of terrorism the opportunity to move illicit funds in large amounts with limited exposure.
Your business should measure the proportion of transactions that are linked to physical cash.AML/CFT risks: Cash products have greater vulnerability and exposure to the first stage of the money laundering cycle.
Third Party Payments
The ability to move funds or receive funds to 3rd parties assists in the layering cycle.Ensure to understand the nature and purpose of 3rd party payments. AML/CFT risks: Moving funds to third parties is used in the layering cycle. The3rd party may be a cover to make the transaction appear legitimate. Recent prosecutions have shown false invoicing and false loans being used to transact illicit funds between 3rd parties.
Intermediaries can offer ownership obscurity. Your business should determine if the intermediary is regulated under AML/CFT laws. AML/CFT risks: The use of a professional provides a veneer of legitimacy to criminal activity and a buffer between criminals and their financial activities and assets.
The greater the number of employees the greater the need to adequately manage communication of the programme and training. AML/CFT risks: The less staff understand compliance obligations and associated risks – the less likelihood of suspicious activities being identified. It also means your business is more likely to be targeted by criminals. For every transaction that a criminal undertakes with your business, the greater the likelihood of regulatory penalty and reputational harm to your brand.
It takes time for a new staff member to learn policies, procedures and controls.High staff turnover increases compliance risk due to loss of knowledge and may also indicate problematic areas within senior management.AML/CFT risks: Inexperienced staff without sufficient knowledge of AML/CFT requirements can support those undertaking money laundering and the financing of terrorism by providing the opportunity to successfully exploit the services and products provided by a business with weak detection capability.
Product or Service Diversity
The greater the number of products or services provided, the greater the opportunity for a launderer to use a business to layer their dirty funds and integrate with cleansed funds.AML/CFT risks: Each product and service must be risk profiled against vulnerability for ML/FT. This will allow your business to more readily identify account activity that is posing a higher risk.
Size of Client Base
The greater the number of clients the greater the exposure to ML FT. Your business should operate with client risk profiling systems so you know which clients present the highest risk.AML/CFT risks: The ability to hide amongst other clients is a crucial factor for those seeking to undertake money laundering or the financing of terrorism.
The greater the number of subsidiaries or branches, the greater the level of controls required to ensure your business policy is applied consistently.AML/CFT risks: Those seeking to undertake money laundering or the financing of terrorism will target businesses with more than one branch if hey are able to identify weaknesses in AML/CFT compliance controls. This will allow the launderer to facilitate the placement and/or layering stages.