Risk Factors that Shape Effective Business-Wide Risk Assessments
Risk Factors that Shape Effective Business-Wide Risk Assessments
For ‘Relevant Persons’ covered under UK’s Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017), conducting a Business-Wide Risk Assessment (BWRA) is mandatory. This risk assessment is also known as Firm-Wide Risk assessment, Company-Wide Risk Assessment, Enterprise-Wide Risk Assessment, ML/TF/PF Risk Assessment, or Business Risk Assessment.
Risk assessment is the foundation of an efficient risk management or risk mitigation system. Assessing the Money Laundering (ML), Terrorist Financing (TF), or Proliferation Financing (PF) risks helps entities formulate the right systems, procedures and controls to effectively combat the assessed threats and comply with their obligations under UK’s Anti-Money Laundering (AML), Combating the Financing of Terrorism (CFT), and Counter Proliferation Financing (CPF) regulatory regime. Here is the list of Relevant Persons obligated to conduct Business-Wide Risk Assessment:
- Financial Institutions
- Credit Institutions
- Auditors, Insolvency Practitioners, External Accountants and Tax Advisers
- Independent Legal Professionals
- Trust or Company Service Providers
- Estate Agents and Letting Agents
- High-Value Dealers
- Money Service Businesses
- Casinos
- Art Market Participants
- Cryptoasset Exchange Providers
- Custodian Wallet Providers
AML/CFT/CPF Business-Wide Risk Assessment is aimed at ensuring that the above entities are not used as conduits of ML/TF and PF. MLR 2017 lists five risks that should be assessed. These are enumerated below.
1. Customer Risks
To understand customer risks, entities need to understand the type of customers they serve, where such customers are based (locally or abroad), their behaviour, what type of transactions they undertake, their ownership structure, their turnover and business model, if the customer is a politically exposed person, or from a higher risk sector such as unregulated charities or gambling, etc.
2. Geographic Risks
Entities should consider whether their clients are from a high-risk country, such as countries that are sanctioned, are known tax havens, or have transaction history with persons or organisations operating in such jurisdictions.
3. Product/Services Risks
While conducting risk assessment related to their product or services, the entities should understand the vulnerabilities in their products that could be exploited to move or transfer illicit funds, allows the disguising of ownership of assets or identity of the customer, etc.
4. Transactions Risks
Entities need to assess if their clients operate a cash-intensive business or they undertake large and high value transactions, conduct transactions through third-parties, their source of funds is unexplained or ambiguous, the transactions are complex, etc
5. Delivery Channel Risks
Firms need to consider the channel of interaction with the client, whether the client instructions were channelled through a third party, whether the interaction with the customer face to face or non-face-to-face, etc.
Conclusion
The BWRA must be recorded and kept up to date, so that it can be provided to the AML/CFT/CPF supervisory authority whenever requested. This is the core principle of the risk-based approach required to be adopted by the Relevant Persons under the UK’s AML/CFT/CPF regulatory framework. The steps to be undertaken after conducting the AML/CFT/CPF risk assessment must be on the basis of the size and nature of its business and includes devising policies to mitigate the risks assessed.
