Anti-money laundering regulations are commonly required to follow the risk-based approach. The risk-based approach was first coined by the United Kingdom's Financial Services Authority in 2005. Often referred to simply as RBA, this was a new style of regulating the financial markets.
The RBA style sought to eliminate a tick-box exercise of meeting regulatory objectives and instead required businesses to establish policies, procedures and controls that were aligned to the regulatory risks they faced. In doing so, small and medium sized businesses were more readily able to compete on an even playing field. These small and medium sized businesses no longer had to have the same sophisticated systems as a large financial institution when the regulatory risks they faced were significantly less. The risk-based approach was a rebirth of the financial services industry.
Prior to the adoption of the RBA, the style of regulating the financial services industry was described as arbitrary which allowed businesses to purport they were meeting regulatory obligations by following the letter of the law but not the spirit of the law. This style failed the government's regulatory objectives and it also failed to protect consumers from bad business practice.
The RBA style is often referred to as meeting regulatory objectives through principles based outcomes. The outcome is the focus and not so much the means to achieve the outcome. This created innovation which favoured small and medium sized businesses.
Under RBA principles, businesses were required to substantiate that their approach to meeting compliance was reasonably and objectively sound. In other words, the outcome was required to be 'evidence-based'. What this means in practice is that a business must be able to produce policies and procedures that when scrutinised and challenged, the outcome of those policies and procedures can objectively substantiate compliance has been met.
Without the ability to substantiate evidence-based compliance, a business will remain vulnerable to regulatory action.
To an AML Supervisor or AML auditor, if compliance is not recorded or the theory is misunderstood, compliance has not been met.
Get in touch with AML360 and discover why we are a leader in anti-money laundering regulatory technology.