Before the AML CFT Act becomes fully implemented, businesses must have completed an AML CFT risk assessment. The assessment of risk is in the context of how a business might most likely facilitate money laundering (ML) or terrorist financing (TF).
When undertaking a risk assessment a business must consider –
The nature, size and complexity of its business;
The types of products and services it offers;
The methods used for delivering the products and services;
Types of customers dealt with;
The countries it deals with;
The types of institutions it deals with.
The risk assessment must be in writing and –
Describe how the business will ensure the assessment remains up-to-date;
Enable the business to determine its obligations under the Act and Regulations.
Once a business has established its ML TF risk profile, it can then determine the most cost effective approach to managing and mitigating the risks. The approach will be detailed in the AML CFT Programme which will describe the systems and controls and the monitoring and reporting processes. Senior management are accountable for ensuring the Programme is adequate.
It is critically important not to take short-cuts in the risk assessment process. An inadequate risk assessment will result in gaps and weaknesses and potential regulatory action and reputational damage.
