Your compliance regime has to include an assessment and documentation of risks related to money laundering and terrorist financing in a manner that is appropriate to you. This is in addition to your client identification, record keeping and reporting requirements. A risk based approach is a process that allows you to identify potential high risks of money laundering and terrorist financing and develop strategies to mitigate them.
Existing obligations, such as your client identification, will be maintained as a minimum baseline requirement. However, when it comes to situations where enhanced due diligence is appropriate; a principle of the risk based approach is to focus your resources where they are most needed to manage risks within your tolerance level. You have to determine what is acceptable for you, taking into account the nature of each product or service, the geographical regions where you do your business and the relationships you have with your clients.
The approach to the management of risk and risk mitigation requires the leadership and engagement of senior management towards the detection and deterrence of money laundering and terrorist financing. Senior management is ultimately responsible for making management decisions related to policies, procedures and processes that mitigate and control the risks of money laundering and terrorist financing within a business.
What is a risk-based approach?
In the context of money laundering and terrorist financing, a risk-based approach (RBA) is a process that encompasses the following:
- the risk assessment of your business activities using certain factors;
- the risk-mitigation to implement controls to handle identified risks;
- keeping customer identification and, if required for your sector, beneficial ownership information up to date; and
- the ongoing monitoring of financial transactions that pose higher risks