Taking responsibility

David Cafferty explores the risk-based approach to anti-money laundering (AML) and counter financing of terrorism (CFT) – Part 1


In February 2012, the Financial Action Task Force (FATF) issued its revised “International Standards on Combating Money Laundering and the Financing of Terrorism and Proliferation” (the Recommendations) with an emphasis on a risk-based approach (RBA). This approach has been designed to allow financial institutions and other designated sectors to apply their AML / CFT resources more efficiently and effectively to reduce the threats to their organizations. The Recommendations have been adopted by over 180 countries with subsequent changes to national legislation and regulations.

In the Dubai International Financial Centre (DIFC), the regulator – the Dubai Financial Services Authority (DFSA) – responded to the changes in standards by amending its own regulations and in July 2013 issued a revised version of the “Anti-Money Laundering, Counter-Terrorist Financing and Sanctions Module” of its Rulebook to reflect the new emphasis on a RBA. Of particular note is the increased emphasis on senior management’s responsibility for establishing an effective AML / CFT and sanctions culture within their organizations and the intention that regulated entities should move away from a tick-box approach to AML / CFT and sanctions compliance thus applying the Rulebook in a more business-friendly manner.

The DFSA have provided detailed guidance for firms and money laundering reporting officers including, for the first time, diagrams and a detailed explanation on how the regulator expects the RBA to be applied. They expect regulated entities to conduct a detailed, and documented, risk-assessment of its business and its clients, and to develop a proportionate response to mitigate those risks identified. The idea being that the regulated entity will develop policies / procedures / systems, which will allow the firm to manage its affairs in line with the associated risk.