Anti-Money Laundering and Risk Assessment (Part 2)

Malta has in the past transposed and is currently transposing the latest EU directives aimed to fight Money Laundering and Terrorism Funding. Acts and regulations, together with guidance from the Financial Intelligence Analysis Unit (FIAU) are designed to assure that funds passing through Maltese entities have not originated from any criminal activities and flag any suspicions to be investigated.

As discussed in a previous article, one of the many facets of Anti-Money Laundering (AML) is the Risk Assessment, whereby we compare its similarities to the (assumingly so) simple action of crossing a street.

In order to fully comprehend how an AML Risk Assessment is carried out, one must first understand what it comprises of. Kyte Consultants will explain further:

Risk-based approach

Each subject person (i.e. companies that have to comply with AML legislation) is required to carry out and keep its Risk Assessment up to date. Moreover, the AML and Customer Acceptance Policy of the subject person should mirror the Risk Assessment. The main aim is for it to be an active document, which should be updated whenever a new product (be it a service line, game or payment method) is launched, and otherwise have control mechanisms for its review. Additionally, this must be presented to the Board of Directors and the regulators may demand to see that the Risk Assessment is being done and reviewed.

The below minimum risk factors must be considered in the risk assessment:

  1. Customer risk (e.g. Type of customers, Politically Exposed Persons etc.)
  2. Product, service or transaction risk – (e.g. service lines, betting products, insurance policy type, funding methods, etc.)
  3. Interface risk – (e.g Non face-to-face business, business networks, etc.)
  4. Geographical risk – (e.g. origin of customers, where they are accessing the service from, funding method origin, etc.)

Customer-specific risk assessment

Once you’ve analysed your business’ money laundering risks, you need to risk assess and monitor your customer base by:

  • Formulating a client expected activity profile
  • Evaluating the possible risks posed by that client depending on the indicators shown on registration
  • Modifying the risk threat level depending on actions taken by the customer
  • Deviations from the profile that may trigger red flags

To assess your customer risk and maintain the ongoing monitoring you must thus work on policies and procedures for due diligence, ongoing monitoring, re-assessment and reporting workflows. This may be the single largest and most subjective task in the AML legislation as it’s not an obligatory task you do once a year, but practically whenever your customer is doing business with you.

Kyte Consultants can support you in developing internal procedures which ensure that you will be compliant with your legislative obligations and keep you informed on the legislative developments in the area. We will gladly assist you in developing procedures depending on your type of operation and risks your organization may be susceptible to.

For more information, contact us today.


AML and Risk Assessment (Part 1)

When we want to cross a road, we look at all possible traffic directions to make sure that we can cross it safely. We assess our risks and then take a decision to act, or not to.

In a similar way, this is what the regulators are asking from every regulated operator. Instead of how to cross the road, however, the aim is for you not to become the vehicle to assist in Money Laundering and Terrorist Funding (ML/TF)

Can I get injured if I stand on the side of the road? Is this car standing there or will it move? Will a car change its course? Is this car driving too fast for me? What are the traffic lights indicating? Red / Amber / Green?

In a similar fashion, are your services vulnerable to ML/TF risk from your customers? Do you know your customer? Is a previously good customer turning bad? Am I allowed to proceed with this transaction or should I flag it to the authorities?

This simple exercise of crossing the road may now be seen as a nightmare in the context of complying with Anti Money Laundering and Combating of Terrorism Funding. Where do we start?

Understand what you want to achieve

Crossing the road implies having a look out there and see what’s around you. Is there a big puddle in front of you that you’d be keen to avoid stepping into it? What route will I take? What is my aim to cross the road? Do I have everything I need with me so that I don’t have to cross the road multiple times? Maybe it’s not the road we want to cross in the first instance! What we are doing is understanding our aim. Our ultimate aim is to do business without falling foul with the regulator.

What can prevent you from achieving your goals?

Do I have a clear plan of how I will cross the road? Is there a barrier in the middle? Do I have a safety stop mid-way so that I split the risks of crossing a four-lane road? May I slip? Are the cars speeding too much? Is it too dark now so they can’t see me? Will the cars respond to the traffic lights?  Different vulnerabilities for your company must be considered, depending on your business model. Shoes can’t come in a one size fits all model.

How can I ensure success?

Are the drivers courteous and polite and will let me cross safely? Can I wave frantically to the cars so that they stop for me to pass? May I choose a better point in the road, use an underground passageway or a pedestrian crossing somewhere?  Doing the necessary checks, put in place policies and procedures and overall monitoring will let us take our journey in a safer and accident free manner.

How can Kyte help you?

Kyte can help you navigate your way by helping you map your route to AML compliance, assist in identifying your risks and vulnerabilities. We can work together to create or refresh your Policies, Procedures and controls to ensure your business’ journey is not affected by the potential bumps and pitfalls on the road.


Anti-Money Laundering: Know Your Customer and keep your eyes peeled

When it comes to Anti-Money Laundering, the main difficulty comes not in the renowned parameters of the law, but in the subjective grey areas, like the Know Your Customer (nowadays more commonly described as Customer Due Diligence – CDD) processes imposed upon compliance authorities and the ongoing monitoring process.

For example, a schoolteacher would have a very different transaction record than, say, Mark Zuckerberg. These are practical obstacles faced by banks in monitoring clientele. This is truly one of the most difficult aspects AML compliance officers must determine. If you do not know your customer, you cannot fulfil this requirement.

Due diligence and Ongoing monitoring are some of the most important – if not the most important – methods to circumvent criminal exposure for your establishment from clients who try to use it as a channel for illegitimate purposes. As daunting a goal as it is, you must work to gain a distinct and succinct understanding of each customer’s practices. Adopting risk based due diligence requirements and ongoing monitoring procedures by financial institutions has proven tremendously effective in detecting suspicious activity by customers of an institution in an opportune manner.

Today, identification and enhanced verification of customers’ identity, where they come from, what business they bring, knowing from where the funds in a transaction originate and ongoing monitoring of customer’s activities in respect to a pre-defined risk profile is not an option. It is a legal obligation.

While certain companies and entities may have more frequent and direct contact with customers than their counterparts in larger or busier institutions, it is obligatory for all institutions to adopt and follow policies commensurate to their size, location and nature of business.

Undoubtedly, due diligence is a starting point in the process of observing the preventative measures required to monitor money laundering techniques used by suspected parties. It involves questions by a banking officer or principal of a firm which allows the authority in question to establish the principal source of funds which are being used to carry out financial transactions.

The Financial Intelligence Analysis Unit (FIAU), is a government agency established under the Prevention of Money Laundering Act (Cap 373 of the Laws of Malta).  It is the unit responsible for the collection, organisation, dispensation, scrutiny, and distribution of information with the intention of combating money laundering and the funding of terrorism. 

The FIAU is also responsible for screening compliance with the relevant legislative provisions for combating money laundering and the funding of terrorism .

Ultimately, the AML rules are in place to mitigate the opportunity for loopholes  and to warrant reporting of suspicious activity regarding financial transactions.

If you would like to know more about AML and how our team at Kyte Consultants can give you all the necessary guidance, contact us today.