In the last issue, David Cafferty outlined the risk-based approach of the FATF’s AML recommendations. In this issue, he delves further into the detail.
Recommendation 1 of the revised FATF recommendations, ‘Assessing risks and applying a risk-based approach’, states: “countries should identify, assess, and understand the money laundering and terrorist financing risks for the country, and should take action… to coordinate actions to assess risks, and apply resources, aimed at ensuring the risks are mitigated effectively.” It continues: “countries should require financial institutions and designated non-financial businesses and professions (DNFBPs)” – such as Kane LPI Solutions (MENA) Limited – “to identify, assess and take effective action to mitigate their money laundering and terrorist financing risks.”
The interpretive note to Recommendation 1 goes on to state that by adopting a risk-based approach, financial institutions and DNFBPs can ensure that measures to prevent or mitigate money laundering and terrorist financing are commensurate with the risks identified, enabling them to make decisions and allocate resources in the most effective way. The note recommends that financial institutions and DNFBPs “should have in place processes to identify, assess, monitor, manage and mitigate money laundering and terrorist financing risks.”
Financial institutions are expected to assess the risks for customers, countries or geographic areas, products, services, transactions or delivery channels. Regulators expect firms to document their assessments to demonstrate their process, keep them up-to-date and be able to demonstrate their risk assessment processes and provide related information to the relevant authorities.
Firms are also required to have risk management and mitigation frameworks, approved by senior management, in place with these encompassing policies, controls, procedures that enable firms to manage and mitigate effectively such risks as have been identified. Effective monitoring is also required to identify any subsequent weakness, or opportunities to enhance mitigation measures. The risk framework should also be capable of managing, mitigating and monitoring both higher risks and lower risks, and allowing for enhanced or simplified counter-measures as appropriate.
When assessing risks arising from money laundering and terrorist financing, firms are expected to consider all relevant risk factors before determining an overall level of risk for the firm, applying an appropriate level of mitigation, or for individual clients. This then allows the firm to differentiate risk mitigation strategies on a case by case basis.