All UK businesses have a responsibility to prevent money laundering and other forms of financial crime. This means it has to have comprehensive aml risk assessment systems.
Risk assessments are a key component of any firm's anti-money laundering (AML) tool kit and can help businesses to measure the likelihood that they will inadvertently support or engage in criminal behaviour.
The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) made it a legal requirement for UK businesses in the regulated sector to adopt a risk based approach to their anti-money laundering efforts. This not only helps reduce the damage done by money laundering to the UK economy but gives companies flexibility in how they design and deploy their anti-money laundering procedures; as such risk assessments can vary between companies and sectors.
This guide explains what risk assessments are, and how any business can apply them to combat money laundering while meeting their regulatory compliance obligations.
AML risk assessment is a process that analyses a business's risk of exposure to financial crime. The process aims to identify which aspects of the business put it at risk of exposure to money laundering or terrorist financing. AML risk assessment achieves this by monitoring and assessing known vulnerabilities, also commonly referred to as Key Risk Indicators (KRIs).
Anti-money laundering (AML) risk assessments form part of the required risk based approach. They should form part of, and tie into, a company’s overarching strategy to avoid facilitating the laundering of illicit funds.
There are two types of risk assessments required as part of a risk based approach. These are a companywide risk assessment and risk assessments of individual transactions.
A company-wide risk assessment is a floor to ceiling review of a business to identify what external risks of money laundering they face and where in their business is at risk of being exploited by criminals seeking to launder illicit funds. Once this is done it is used as the foundation for a company to design their risk assessment and anti-money laundering processes.
After identifying and highlighting the money laundering risks their company is facing, directors then must design an appropriate risk assessment procedure to ensure they identify any potential transaction that is part of a money laundering scheme.
Certain businesses are required to conduct anti-money laundering risk assessments under Regulation 18 of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017).
On a practical level, a risk assessment could help a business to:
Ultimately, an AML risk assessment can help businesses to reduce the risk of money laundering and terrorist financing. These measures are an essential part of any anti-money laundering compliance program, and can help organisations to stay on the right side of the law
Businesses can conduct a money laundering risk assessment by monitoring key risk indicators. International authorities generally apply five primary categories of risk indicator that businesses should assess:
By assessing these individual factors, businesses can allocate a risk rating to a transaction or customer relationship. Ratings of low, medium, and high can be used when applying a simple risk range, whereas more advanced risk ranges extend to very low and very high ratings.
The first step of AML risk assessment is for directors and employees to work together to identify how their business could be used to facilitate money laundering and how likely this is to happen. It is important to note that UK regulation requires that staff have sufficient training to be able to spot these risks. There is no set way that this assessment has to be carried out but it must review every aspect of the business. Once this has been done sufficient procedures should be designed and put in place to negate these risks.
It is important that this process be well documented; as a company may be asked to prove it is compliant with UK anti-money laundering regulations, especially if it has been implicated in a money laundering scheme.
Things to consider in a companywide AML risk assessment are:
This process should be reviewed every 12 to 18 months, or if a business undergoes any significant changes, and any necessary changes to internal procedures made.
An anti-money laundering risk assessment’s purpose is to gauge if a transaction, and any individual involved in it, is possibly involved in money laundering and if any anti-money laundering checks need to be carried out or even if the transaction should not be performed at all.
The companywide AML risk assessment will have highlighted the greatest areas of risk and in these cases thorough anti-money laundering checks should be performed as a matter of course. Risk assessments should still be applied to transactions that were decided to be low risk in the companywide risk assessment.
AML risk assessment is largely based on intuition and knowledge of how criminals exploit the private sector to launder money as well as proscribed business processes. It is therefore imperative, and a company’s responsibility, that the staff performing these assessments have the adequate training and tools to perform them.
There are some general key risk drivers that should be considered in each risk assessment:
If the risk assessment finds any of these key risk drivers, any other risk drivers specific to a business as found in its companywide aml risk assessment or has any concerns then the company’s anti-money laundering check procedures should be followed.
Regardless of whether a risk is found or not, the findings of and methods applied in the AML risk assessment should be recorded.
Businesses must pay particular attention to any high-risk activities when conducting AML risk assessment. Each year, the UK government publishes a National Risk Assessment (NRA) that outlines the latest trends in money laundering and terrorist financing. This can help when prioritising certain activities as part of a risk-based approach to compliance.
In the UK's 2020 NRA, the following activities were identified as high-risk:
Businesses should carefully consider whether their compliance framework does enough to identify and address these risks.
At the same time, organisations must pay close attention to the warning signs of money laundering and adjust their policies, controls, and procedures accordingly. This is especially true when dealing with customers and transactions that involve jurisdictions classified as high-risk by the Financial Action Task Force (FATF).
A risk assessment can form a substantial part of the customer onboarding process. This opportunity should be used to conduct thorough due diligence before forming closer ties with an individual or organisation.
As part of an onboarding AML risk assessment, customers should be vetted for money laundering and terrorist financing risk factors. This process should include screening for adverse media, sanctions, and politically exposed persons (PEPs).
In addition to the above, businesses ought to be cautious when dealing with customers that perform actions that are at odds with their profile. This might happen if a customer suddenly attempts to enter into a high-value transaction, pay via a previously unrelated entity, or engage in a transaction that makes no commercial sense.
If AML risk assessment flags any of these factors it may be necessary to ask further questions of a potential customer, or even to file a suspicious activity report (SAR).
Risk assessments are essential for businesses that need to comply with anti-money laundering regulations. Not only can they help to protect the economy from the threat of financial crime, but they can also prevent financial and reputational damage to the organisations involved.
Red Flag Alert can improve your risk assessment process by providing your business with fast access to reliable data on over 6.5 million businesses. With over 100,000 updates every day, users can trust this data to vet potential customers and verify any claims they make. Credit check any company and conduct AML checks efficiently with one easy-to-use platform.
To discuss how Red Flag Alert can help to streamline your approach to risk assessments, get a free trial today
or see our guide on how to perform an AML risk assessment.