The requirement for a ‘risk-based approach’ has generated probably the most radical overhaul in AML/CFT strategy to have been seen since the inception of global standards shortly after FATF was formed in 1989.
To understand the Risk-Based Approach better we must understand what it comprises? Here are the five most important components of the Risk-Based AML Approach.
Risk-Based Approach
As a cryptocurrency exchange or a financial institution, you always face one question.
How do you decide whether a customer is a high or low risk from a money laundering perspective?
The FATF Recommendations refer to
-
- Customer risk factors
- Country or geographic risk factors
- Product, service, transaction, or delivery channel risk factors
and then go on to list some relevant factors which create ‘potentially higher-risk situations’.
From a practical perspective, a key requirement is a series of questions in relation to a number of important areas. Indiaforensic classified the High-Risk Customers in a very scientific manner.
Now lets us consider different types of customers, businesses, products, and geographies individually.
Classification of Customer
-
-
- Individual or business?
- High income or low income?
- Politically exposed or not?
- Introduced or brand new?
- Resident or Non-resident?
- Corporate asset holding vehicle for an individual?
- Company with bearer shares or nominee shareholders?
- Complex ownership structure?
-
Type of Business
-
-
- Which sector (industrials, trade, import/export, diamonds, arms)?
- Cash intensive?
- Does the business act solely for itself or does it represent others (e.g. investment or professional firms)?
- Type/identity of counterparties – which third parties is the customer doing business with and what is its risk profile?
-
Geography
-
-
- Where is the customer located (a modern, developed country with advanced laws, or a developing country with a developing legal system)?
- Is the customer a non-resident?
- In which additional countries does the customer do business or have contacts?
- Is cash the normal medium of exchange within the country in which the customer is doing business?
- Is it a country known for the production of drugs and also other high levels of criminal activity?
- Additionally is it a country experiencing conflict or high levels of terrorist activity or insurgency?
- Is the country subject to sanctions or identified by credible sources as providing funding or support for terrorist activities?
-
Type of Product
What products is the customer using and how is access to those products being provided?
-
-
- Are those products more attractive or unattractive from a money laundering perspective (e.g. do they provide anonymity, such as with cash)?
- Do the products allow immediate access to funds?
- Do they allow for the instantaneous international transfer of funds (e.g. SWIFT and telegraphic transfers)?
- Do they allow deposits to be made by third parties?
- Does the product facilitate the disguise of customer identity and transaction ownership (e.g. special use accounts, omnibus accounts, bearer instruments, beneficiaries, etc.)?
- Is the product distributed directly to the customer by the financial institution’s branches, or via a network of independent salespeople/intermediaries?
- Does the product attract customers without face-to-face interaction (e.g. via the internet)?
- Does the product provide enhanced levels of discretion and security (e.g. private banking)?
-
Transaction Types
-
-
- Are transactions on the accounts typically in very high amounts?
- Is there an especially high transactional volume?
- Are they ‘payable through’ transactions (i.e. where the account is neither the originator nor the ultimate beneficiary)?
- Are the economic reasons for the transactions clear and justifiable (e.g. bill payment, purchase of goods, etc.)?
-
All the above indicators will affect a particular relationship’s susceptibility to money laundering and terrorist financing. Under the risk-based approach, what financial institutions then need to do after risk analyzing their customer relationships, is to design and implement management and operational controls that are appropriate for and commensurate with the level of risk identified.
