UNIT 4 - Taking an AML/CFT RBA and Managing the Risks Flashcards
What does a risk-based approach to AML/CFT require firms to do?
FATF Recommendation 1 requires that firms apply a more considered approach to managing their risks, which requires that firms must first identify and assess risks so that these risks can be assessed as being either lower risk (to which simplified due diligence can be applied), standard risk or higher risk (requiring enhanced due diligence). The actual risk assessment process that should be followed is defined as:
(i) Risk identification and assessment – identifying the money laundering risks facing an institution.
(ii) Risk mitigation – identifying and applying measures effectively to mitigate the material risks that have been identified.
(iii) Risk monitoring – putting in place management information systems and keeping up to date with changes to the risk profile.
(iv) Documentation – documenting the risk assessment process and strategy and have documented policies and procedures in place relating to (i) – (iii) above that deliver accountability and which confirm the rationale for decision making.
Within a regulated sector firm, who has overall accountability for money laundering prevention?
Whilst every employee has an important part to play in deterring, detecting and disrupting ML and TF, it is the board and senior management who have overall responsibility for ensuring that the firm has appropriate AML/CFT systems and controls in place. They may however choose to delegate some or all of the day to day responsibilities to an appropriately qualified and senior member of management, typically the Money Laundering Reporting Officer or Money Laundering Compliance Officer.
In some jurisdictions, such as the UK, it is expected that the senior management of a firm will:
- complete a business risk assessment that is fully documented
- appoint a senior officer to be in charge of delivering the risk-based approach and reporting back to the board on its effectiveness;
- appoint a senior person as MLRO with responsibility for developing and documenting the risk-based approach, delivering and monitoring compliance with the firm’s AML/CFT obligations and being the central point of contact for AML/CFT related issues within the firm.
- appoint an official (sometimes called the Nominated Officer) to be responsible for receiving AND investigating internal reports of suspicion (SARs), and to submit external SARs to the local Financial Intelligence Unit, such as the UK NCA, US FINCEN or Australian AUSTRAC.
- require sufficient and regular management information to ensure the AML/CFT risks are being managed appropriately
- ensure that risk-based policies and procedures are effectively documented and communicated throughout the firm .
Describe what is meant by PEP risk.
A PEP is defined in the FATF 40 Recommendations as being someone who is, or who has been, a high ranking public official, as well as their immediate families and close business associates (see FATF Recommendation 12 and interpretative notes).
The risk posed by PEPs, or Politically Exposed Persons, is that a financial institution may be exposed to property that has been generated by corrupt practices. It is recognised that some PEPs have abused their public positions to solicit bribes and to conduct corrupt practises. Historically, it has been identified that these funds are then transferred to trusted members of family or friends in order to disguise the true ownership and source of this illicit finance.
Regardless of any criminal or civil liability which will undoubtedly arise, the high profile of such cases can expose a firm to reputational damage and regulatory enforcement action.
Why is it important to understand the money laundering vulnerabilities of the firm’s products and services?
Understanding the nature of the products and services provided by the organisation enables an individual to be better able to implement cost effective risk based systems to prevent their exploitation and make it easier to evaluate potential suspicious activity.
List some of the core information requirements when conducting a risk assessment.
(i) Assess the probability and impact of different types of money laundering activity that may affect the firm
(ii) Determine the jurisdictional scope of the regulatory and legislative environment in which the firm operates
(iii) Completing a business risk assessment that takes account of the firm’s specific risks relating to customers, products/services, delivery channels and geographic areas of operation.
(iv) Assess the external risks that directly or indirectly affect its business risks, e.g. levels of corruption, organised crime etc.
(v) Ensure that all of the activity that is undertaken by the firm is considered in the assessment, including work undertaken by agents, suppliers and that as been ‘off-shored’ and outsourced.
Describe the FATF 2007 Guidance on the RBA
It sets out a broad framework based on high-level principles and procedures. It advises that adopting a RBA implies the adoption of a risk management process for dealing with ML and TF.
What does FATF R1 require?
It requires all countries to identify, assess and understand ML/TF risks they are face.
List some of the risks associated with corporate and legal entities.
- Complex ownership structures making it difficult identifying the BO.
- companies incorporated in jurisdictions that don’t require the identity of the ultimate underlying principles to be disclosed
- certain forms of trust or foundation
- companies issuing bearer shares.
What does The Wolgsberg Guidance (2006) advise?
That a FI may consider whether a risk assessment should be carried out in respect if existing customers. Circumstances may exist where a FI is satisfied with its existing control measures for particular customers as a result of which additional risk assessment may be unnecessary.
What benefits of a RBA did the UK FCA provide in its guidance from 2007?
- Cost effectiveness
- Proportionality
- Flexibility
What do firms/relevant businesses be able to demonstrate to their supervisor?
- How they have determined the ML/TF risks.
- The steps that have been taken to manage those risks
- That the strategy has been approved by senior management and the board.
In what way does the 4MLD link the RBA to the application of CDD?
- Simplified CDD measures can be used where lower risk are identified.
- Enhanced CDD measures are required in high-risk cases
What are the most important CDD elements in managing and mitigating the residual risk posed by PEPs?
- geography
- SOW
- SOF
- commercial rationale for the relationship
What are the main functions and responsibilities of the MLRO?
- Prevention, risk assessment and monitoring
- Developing, assessing and updating the adequacy of AML systems
- Agreeing the policies with senior management
- Being involved in establishing the basis on which the RBA to the prevention of ML is put into practice.
- Documenting the suspicious reporting and MLRO evaluation process.
- Ensuring that the policies and procedures are drawn together into an AML handbook.
- Monitoring the internal effectiveness of the AML procedures.
- Generating regulat management information (MI) on internal and external suspicion reports.
