Is your business subject to AML/CFT laws? Must your business undertake a risk-based, firm-wide assessment? Is the risk report required to measure exposures to ML/FT?

This article is for persons who are unfamiliar with the risk management process. In particular, it addresses the topic of anti-money laundering compliance laws. The focus is on firm-wide risk assessments (AML/CFT business risk measurement required by anti-money laundering and countering the financing of terrorism laws.

To identify money laundering risks within a business, it is necessary to examine those areas most likely to contribute to facilitating the flow of illegally obtained funds. These areas include (a) the nature, size and complexity of the business, (b) client types (B2C and B2B), (c ) products and services (measuring individual characteristics), (d) the method of customer onboarding and ongoing method of access/contact, and finally, (e) geographies dealt with.

When examining these vulnerable areas, the most relevant Key Risk Indicators (KRIs) must be identified, and the level of risk exposure must be measured. KRIs represent the drivers that influence risk. Here are some examples of KRI data and risk drivers:

The extent to which the KRI influences the risk needs to be measured. Once measured, the true extent of the exposure is better understood.

To measure risk, there needs to be a range allocated. The risk range could be of 3-levels - Low, Medium, and High. Four levels may look like, Very Low, Low, Medium, Medium-High.

If a risk driver presents a meagre influence upon the KRI, it may be scored 1. If the risk driver strongly influences the KRI, it may be assigned a numerical score of 5. The table below provides further illustration of risk measurement -

All relevant KRIs should be measured. Failing to measure a KRI that influences risk is failing to understand actual risks. The AML360 firm-wide risk assessment measures 50-55 separate risk exposures over each fundamental risk division.