Organisations encounter an escalating range of money laundering threats, and financial criminals have a range of tools at their disposal to navigate around triggers put in place to stop them.
Compliance obligations on an organisation can cost millions of pounds depending on their size and market presence. Implementing measures such as KYC, CDD and EDD to name a few can ensure regulatory requirements are met, but at what cost?
An effective approach to achieving regulatory requirements is needed to ensure project budgets do not escalate when striving to meet those requirements.
Adopting a risk-based approach to AML compliance would mean tailoring an AML compliance program designed to the organisation’s levels of risk exposure.
FATF 2012 endorsement of the risk-based approach to AML set the global standard and ensured its ongoing use across all FATF member-states. A risk-based approach to AML ensures the organisation is proactive in determining the level of risk each customer presents and applies appropriate measures to manage their risk exposure.
Overall, a risk-based approach can help an organisation to:
- Understand the presence of risk
- Execute tailored risk assessments
- Implement strategies to address AML risks
If implemented effectively, a risk-based approach allows for a balanced integration of human judgement and technology to aid AML compliance programmes.
Risk assessments are central to the risk-based approach and fall into two distinct categories:
- Geographical risk: such as integration of CTRP (Cities, Towns, Regions and Ports) Lists, determination of low, medium high-risk locations; and
- Individual risk: such as inherent risks that organisations face from their clients and their nature of business.
FATF recommends that organisations must implement a risk-based AML program into their compliance framework, below are some examples of how organisations can achieve this.
- Organisations must consider what type of threats the organisation is exposed to and implement controls and measures, any gaps in policy and procedures could result in an AML breach.
- A competent AML compliance framework which adheres to FATF recommendations will use a risk-based approach strategy to accurately identify individual customers and clients, and the nature business in which they are involved.
- Organisations must develop and implement suitable controls for KYC and CDD measures to verify that customers are who they say they are and are able to provide credible information about the business they are engaged in. KYC and CDD are fundamental tools used in risk-based AML programme, highlighting high-risk customers that may be subject to EDD measures.
- The Screening of new and existing customers against up to date sanctions list, Politically Exposed Persons lists, and Adverse Media individuals and entities is now a regulatory requirement.
- Organisations should appoint an AML Compliance Officer or MLRO as a head to have responsibility and oversight of the organisation’s compliance programme.
At SQA Consulting we are happy to assist you in your compliance needs. Please contact us to find out more.