Anti-Money Laundering and Risk Assessment (Part 2)
Malta has in the past transposed and is currently transposing the latest EU directives aimed to fight Money Laundering and Terrorism Funding. Acts and regulations, together with guidance from the Financial Intelligence Analysis Unit (FIAU) are designed to assure that funds passing through Maltese entities have not originated from any criminal activities and flag any suspicions to be investigated.
As discussed in a previous article, one of the many facets of Anti-Money Laundering (AML) is the Risk Assessment, whereby we compare its similarities to the (assumingly so) simple action of crossing a street.
In order to fully comprehend how an AML Risk Assessment is carried out, one must first understand what it comprises of. Kyte Consultants will explain further:
Each subject person (i.e. companies that have to comply with AML legislation) is required to carry out and keep its Risk Assessment up to date. Moreover, the AML and Customer Acceptance Policy of the subject person should mirror the Risk Assessment. The main aim is for it to be an active document, which should be updated whenever a new product (be it a service line, game or payment method) is launched, and otherwise have control mechanisms for its review. Additionally, this must be presented to the Board of Directors and the regulators may demand to see that the Risk Assessment is being done and reviewed.
The below minimum risk factors must be considered in the risk assessment:
- Customer risk (e.g. Type of customers, Politically Exposed Persons etc.)
- Product, service or transaction risk – (e.g. service lines, betting products, insurance policy type, funding methods, etc.)
- Interface risk – (e.g Non face-to-face business, business networks, etc.)
- Geographical risk – (e.g. origin of customers, where they are accessing the service from, funding method origin, etc.)
Customer-specific risk assessment
Once you’ve analysed your business’ money laundering risks, you need to risk assess and monitor your customer base by:
- Formulating a client expected activity profile
- Evaluating the possible risks posed by that client depending on the indicators shown on registration
- Modifying the risk threat level depending on actions taken by the customer
- Deviations from the profile that may trigger red flags
To assess your customer risk and maintain the ongoing monitoring you must thus work on policies and procedures for due diligence, ongoing monitoring, re-assessment and reporting workflows. This may be the single largest and most subjective task in the AML legislation as it’s not an obligatory task you do once a year, but practically whenever your customer is doing business with you.
Kyte Consultants can support you in developing internal procedures which ensure that you will be compliant with your legislative obligations and keep you informed on the legislative developments in the area. We will gladly assist you in developing procedures depending on your type of operation and risks your organization may be susceptible to.
For more information, contact us today.