The Evolution of AML Compliance from Checkbox to Risk-based Approach

Financial institutions are exposed to several money laundering threats, as criminals today are well-equipped with various techniques to bypass the safeguards to combat them. Financial firms should promptly respond to threats to balance efficiency, cost and compliance obligations. The most efficient way to accomplish this goal is to adopt a Risk-based Approach (RBA), which entails an AML programme tailored to the levels of risk that a customer poses.

History of the Risk-based Approach

Banks and other financial organisations managed their legal responsibilities with a “checkbox” approach, which involved merely satisfying a set of uniform AML standards for each customer. Although the 1990s saw the dominance of that standardised method, the UK’s Financial Services Authority (FSA) initially put forth a “risk-based” strategy in its publication, “A New Regulator for the New Millennium”. The Financial Action Task Force (FATF) introduced the idea of a risk-based approach in 2007. It was further codified in FATF’s 2012 update to the “International Standards on Combating Money Laundering and the Financing of Terrorism and Proliferation”, or the ‘40 Recommendations’. The risk-based approach to AML was endorsed by the FATF in 2012, setting the global norm and ensuring its continued implementation among all FATF member states.

Principles of the Risk-based Approach to AML

The RBA emphasises AML compliance towards proactive judgement instead of retrospective data analysis. Financial firms must assess the money laundering risk efficiently and implement robust risk management strategies.

In practice, this implies that each customer can be categorised according to risk exposure and that ‘higher risk’ clients are subject to Enhanced Due Diligence (EDD). The risk-based approach to Anti-money Laundering (AML) generally enables financial institutions to:

• Recognise the risk
• Perform risk evaluations
• Develop and implement risk management methods

When adequately applied, the risk-based approach enables a harmonious combination of human judgement and sophisticated technology in the AML process.

Conducting Risk Assessment

The risk-based approach to AML relies on proper risk assessment, and two primary types of risk influence financial organisations’ compliance efforts. The first is geographic risk, a nation’s susceptibility to money laundering issues. The second is a personal risk, which relates to the dangers financial institutions encounter from their customers and how their AML procedure controls those risks.

Financial institutions must consider the following factors when conducting risk assessments:

• Vulnerability: What risk does the company face from money laundering and other criminal activity, such as gambling, drug trafficking, etc.?
• Infrastructure: Does the company have any vulnerabilities or lapses that make it easier for money launderers to succeed?
• Regulations: Is the company adequately aware of and complying with its regulatory obligations?
• Business Specifics: Are there any risks to which the business may be more specifically exposed, such as those posed by specific clients, goods, or geographical areas?

How Does the Risk-based Approach Work?

Financial firms must adopt a risk-based approach to comply with the FATF recommendations. They should:

• Develop and deploy robust Know Your Customer (KYC) and Customer Due Diligence (CDD) procedures. KYC and CDD are crucial to authenticate that clients are who they claim to be and to check whether they are truthful to the business they will engage with.
• KYC and CDD are the basic principles of RBA; high-risk clients may undergo EDD measures in which additional identifying details are required.
• Check current and new clients against national and global sanctions lists, such as the Specially Designated Nationals (SDN) List of the US and the Consolidated List of the UN.
• Screen customers against Politically Exposed Persons (PEPs) lists. The client’s political status and risk of laundering money also change, necessitating firms to conduct PEP screening.
• Screen for adverse media coverage as customers’ AML risk profile might shift when they are the focus of negative media.
• Appoint an AML compliance officer who has enough power within the organisation to be able to recognise and respond to money laundering threats.
• Since the risk-based approach is a process, clients should be under ongoing scrutiny for the business partnership. Because clients’ risk profiles might alter as time passes, ongoing monitoring is crucial. Financial companies must respond to different levels of risk that a client may pose to ensure that financial crimes are promptly uncovered.

Benefits of a Risk-Based Approach to AML

1. 1. Efficient Resource Allocation: Financial organisations can more effectively manage their resources by focusing on clients that pose a high risk. This helps them focus on the riskiest zones whilst lowering the compliance price.
   2. Enhanced Compliance: Financial institutions may ensure they adhere to global regulations with a risk-based approach. It helps them detect and mitigate the risk of money laundering and terrorist financing, which is the primary goal of AML and Countering Terrorist Financing (CTF) rules.

• Improved Decision-making:  With RBA, financial organisations have a better grasp of the risk profiles of their customers. Using this information, they are better equipped to assess the degree of due diligence necessary for each client and take the proper precautions to mitigate any risks.

• Better Customer Experience: Financial organisations can improve the customer experience by adjusting the level of diligence on each risk profile. Low-risk customers undergo simplified due diligence, whilst high-risk clients undergo enhanced due diligence.

How Can Shufti Help?

Shufti’s AML solution helps financial firms minimise false positives by screening customers against 1700+ watchlists. The globally trusted AML solution provider filters risk profiles within seconds, preventing fraud and ensuring businesses comply with global regulations. 

Want to know how an AML solution protects businesses from financial crimes?