Risk assessment is an essential component of compliance that provides insight on to what extent a financial institution is exposed to legal/reputational risks. Risk assessment procedure helps in assessing the adherence of the financial institution as a whole towards laws and regulations, internal policies and procedures. AUSTRAC has published a guideline on assessing ml/tf risks that helps in identifying the regulatory requirements as part of the risk assessment framework.
Under Anti Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) it is mandatory to have a AML/CFT program that satisfies the objective of identifying, mitigating and managing money laundering or terrorist financing risks. An elaborate study has to be conducted as it forms the basis for ML/TF framework which involves
- Identification and analysis of the ML / TF risks to which the organisation is being exposed to
- The type of customers, the services being offered by the company , the jurisdictions being dealt with
- Assessing of the inherent risk (Inherent risk is the level of ML/TF risk before application of systems and controls to reduce the risk)
Once the organisation has identified its inherent risk, it should determine the residual risk which is the level of ML/TF risk after application of systems and controls to reduce the risk.
So as to develop and implement appropriate risk based approach in AML/CFT programs, the risk assessment has to be documented. The method used to perform the risk assessment, the risk associated with the customer types including PEP (Politically Exposed Persons), what were the factors considered in assessing the nature, size and complexity of the business, assessing the level of ml/tf risks like low, medium, high are some of the parameters that have to be incorporated in the document. More robust systems and controls need to be implemented in medium or high risk areas.
In addition to performing periodic assessments, a review of ml/tf risk has to be mandated whenever a new product/service or new technology is launched or any other occurrence that could potentially impact the risk of the organisation. Whenever the organisation satisfies itself that it has reduced a particular risk as part of the assessment, the same needs to be documented with sufficient justification and rationale. There are certain circumstances when the organisation identifies unusual patterns in the transactions or in the external environment which triggers a need for conducting the risk assessment and reporting the outcome to the senior management.
Thus through effective application of AML/CFT assessment framework, the organisation safe guards itself from financial crimes and criminal exploitation.
Author: Rajashree, MBA, CAMI
(PonSun AML Academy)