AML 4 MSB 4. Risk Assessment
The risk-based approach. In a nutshell, you must assess where your business is most at risk - in order to plan your mitigation.
While some risks are specific to types of business, every business is individual, and so risk assessments will be unique. Put simply, Barclays faces a different suite of risk than a corner bureau de change.
“Your risk assessment is how you identify the risks your business is exposed to. You must be able to understand all the ways that your business could be exposed to money laundering and terrorism financing risks, and design systems to deal with them.”
Guidance in this area is great - and prescriptive.
- Ensure your risk assessment identifies and monitors the risks of money laundering and terrorist financing that are relevant to your business, including those posed by your:
– customers and underlying beneficial owners (see sector guidance on customer due diligence on who is a beneficial owner)– services– financing methods– delivery channels, for example cash over the counter, wire transfer or cheque– geographical areas of operation, including sending money to, from or through high risk third countries, for example countries identified by the EU or Financial Action Task Force (FATF) as having deficient systems to prevent money laundering or terrorist financing”
Every risk assessment that I do, follows the format above. We create sheets on an excel sheet. One for customers, then services, then financing methods…and so on.
Each year, we review the assessment. We print off the “National Risk Assessment”, look at our own year, and amend as necessary.
Helpfully, the guidance contains links to risk-factors associated with specific money service business types.
Risk assessment is where it all starts. Everything flows from here. In many ways, it gives YOU the control. There is no “wrong” risk assessment. The important thing is do one, document it and act accordingly.
Next week, Policies, Controls and Procedures.