Risk Assessment Flashcards
What is Risk Assessment section in AML/CFT Act 2009?
Section 58
What does it mean under ‘inherent risks’?
ML/FT risks business reasonably expects to face BEFORE applying any controls or mitigation.
Does the Risk Assessment need to be done in writing? (Yes/No)
Yes
Why conduct Risk Assessment at all?
Because the AML/CFT system takes risk based approach, hence a business would also need to take a risk based approach.
Does high risk areas or customers stop a business from conducting transactions/business activities with that business/area? (Yes/No)
No
What must be considered in the Risk Assessment under the Act (s.58)?
- Nature, Size and Complexity of its business (NSC).
- Products and Services offered (PS).
- Methods by which the products/services delivery to its customers.
- Types of customers deals with.
- Institutions deals with.
- Countries deals with.
Other than ‘must consider factors’ under s.58, what are other things a business should consider for their Risk Assessment?
Wider context, such as NZ’s ML/FT risks (see National Risk Assessment) AND the business sector ML/FT risks (see Your Sector Risk Assessment).
Does the business’ AML/CFT Program needs to be based on the initial Risk Assessment? (Yes/No)
Yes
What is it mean under ‘Nature’?
What business sector you are in.
- Are you a ‘gatekeeper’ ?
- Are you a financial institution?
What does it mean under ‘Size and Complexity’?
Are you operating complex and a large business or is it a fairly minor enterprise? (see Sector Risk Assessment for business size guide)
The Risk Assessment must be independently auditer every … years (fill the gap).
3 years
Does the Risk Assessment needs to be updated by the reporting entity? (Yes/No)
Yes. The Risk Assessment needs to describe how it will be kept up to date.
What is ‘Residual’ risk?
Identified risks after the initial controls and mitigations have been put in place.
What does it mean under ‘Products and Services’?
Could your products and/or services be exploited for ML/FT purpose.
Eg.
- Offer Anonymity?
- Disguise/conceal the beneficiary?
- Conceal course of wealth/funds?
- Across boarder transactions?
What does it mean when we say ‘Delivery of Products and Services’?
Is there a risk of ML/FT on how your business on-boards customers and delivers your product/services.
Eg.
- Non face to face customers (email only)?
- Internet main platform for delivering services?
- Indirect relationships (via intermediaries)?