The business risks associated with money laundering and terrorist financing (ML/TF) are constantly changing. You need to undertake and maintain a robust ML/TF risk assessment and conduct reviews of new and emerging risks to mitigate and manage them effectively. Failure to do so could lead to multiple breaches of anti-money laundering and counter-terrorist financing (AML/CTF) compliance and business risk management.
Risk assessments are the foundation of your AML/CTF program. A business risk assessment allows you to identify, assess and understand all the risks in the business. Once these risks are properly understood, you can apply AML/CFT measures that correspond to the level of risk, in other words: the risk-based approach (RBA). The risk-based approach enables you to prioritise your resources and allocate them efficiently.
Figure: Overview of the ML/TF Assessment Process
Managing risk does not mean operating in a completely risk-free environment – this is not realistic. Risk management and assessment is rather an ongoing obligation due to the dynamic industry landscape. If you have the above three stages assessed, there is a last and essential stage to maintain your ongoing due diligence – monitoring and reviewing effectiveness.
Regularly reviewing your business risk assessments will ensure you can identify and manage emerging ML/TF risks. This will help you identify and strengthen controls that not only mitigate and manage your risks but also protect you against non-compliance.
Example: Effective Money Laundering and Terrorism Financing risk assessments in action
BusinessCO receives a notification from AUSTRAC about new and emerging crime trends and the risks these could pose to businesses in its sector. The notification includes a range of indicators that businesses should closely monitor to prevent exploitation. The notification is relevant to BusinessCO’s products and services, so a comprehensive assessment of BusinessCO’s ML/TF risks is conducted to understand the likelihood and impacts these crime trends may have on the business. The risk assessment reveals several new circumstances that pose a high ML/TF risk to BusinessCO. Business CO immediately updates its existing systems and controls. Changes include introducing new transaction limits and due diligence checks for transactions to specific jurisdictions and updating risk awareness training so that staff knows of the emerging crime trends, the risks they pose, and what systems and controls are to change. The risk assessment is thoroughly documented, and the necessary changes are made to the AML/CTF program. Throughout the process, senior management and the board are kept informed of developments, including the outcomes of the updated risk assessment. The board approves changes to the AML/CTF program.