Business Risk Assessment
A business risk assessment provides visibility of the levels of AML risks within your firm to demonstrate the application of a risk-based approach.
The outcome of the BRA is an AML risk rating for you and the organisational chart of business units is differentiated into high, medium or low risk. The BRA evaluates the AML risks faced by the business and demonstrates that it allocates resources according to the risk-based approach.
Remember, under the 2007 AML Regulations, JMLSG Guidance and FSA SYSC Chapters 3 and 6, firms are required to identify their money laundering risk.
Other elements of the BRA include:
Allowing you to assess whether resources are being allocated appropriately and effectively
Steps you can take
Risk assess each distinct business unit within the organisation according to information that is as objective and quantitative as possible, preferably customer data on:
Country location
Entity type
Industry sector/trading activities
Products & services
Distribution channel
Information on particular risks should be sought from each business unit to identify the concentration of specific risks, e.g:
High volumes of SARs
High volumes of legal orders/frozen accounts
High proportion of high risk customers according to the CRA
High proportion of PEPs in total customer population
The methodology should be applied as consistently as possible across you in order to ensure the outcomes are accurate and representative of the risk levels
The methodology should rely on quantitative data. Where this is unavailable, qualitative information that is reasonably reliable can be employed
Areas of unknown risks, such as data gaps, should be treated as high risk
The methodology should be aligned with other existing operational and conduct risk methodologies used by you, e.g. thresholds for determining what is high, medium or low risk, controls evaluation criteria, determination of residual risk, etc
Good Risk Assessment Tips
There is evidence that your risk assessment informs the design of anti-money laundering controls
You have identified good sources of information on money-laundering risks
The risk assessment is a continuous process based on information from internal and external sources
Client Risk Assessment
Establishing a client risk assessment ensures you have a thorough understanding of the financial crime risks prevalent to a client. It is important to help your team understand the minimum requirements for calculating financial crime risk rating for customers. The risk rating is determined by evaluating certain customer attributes aligned to the key risk drivers.
The determination of Low, Medium or High is a representation of an institution’s risk appetite towards each customer. The Customer Risk Rating should inform:
Decisions to initiate, maintain, limit or discontinue particular relationships
Frequency and level of CDD
Application of different levels of on-going monitoring
Triggering of approval
Customer type risk
Certain types of customers have been associated with an increased risk of money laundering:
Cash Intensive Businesses
Money Service Businesses
Casinos and Gambling
Unregulated Charities
Customer product risk
Certain products and services have been associated with an increased risk of money laundering or terrorist financing because they allow a customer to conduct unusually large or rapid transactions or they allow transactions to occur with relative anonymity:
Products that allow customers to convert cash to other monetary instruments (such as traveller’s checks, money orders, cashiers checks and bank drafts)
Products or service that allow customers to readily move value from one jurisdiction to another
Private banking services
Customer Geography Risk
Certain geographic locations have been associated with an increased risk of money laundering or terrorist financing. The fact that a customer is domiciled in such a location or a transaction is originating or concluding in such a location, may not, in and of itself, signify an increased risk. However, geographic risk, in conjunction with other risk factors, may provide useful information as to the potential money laundering or terrorist financing risks:
Countries subject to sanctions, embargoes or similar measures issued by governmental bodies and international organisations, such as OFAC, HM Treasury or the United Nations
Countries identified by the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) as of primary money laundering concern or the subject of FinCEN Advisories
Countries identified by the Financial Action Task Force (FATF) with strategic AML/CFT deficiencies in the fight against money laundering or the subject of a FATF statement
