A Guide to Anti-Money Laundering for Crypto Firms

Top Risk Management Strategies for Australian FinTechs

AML Compliance Knowledge & Training

Being aware of the conditions that increase the likelihood of a customer’s involvement in money laundering (ML) or terrorist financing (TF) is a responsibility that financial institutions cannot take lightly. The absence or inadequacy of robust ML/TF risk management programs exposes FinTechs to serious reputational and compliance risks that can result in heavy fines and enforcement actions by regulators. 

But what risk management strategies can Australian firms employ to best fulfill their gatekeeping responsibilities?

1. Integrating the risk-based approach

The risk-based approach is vital to the Financial Action Task Force (FATF) and regulators such as AUSTRAC. If firms target suitable financial crime risks, select the right tools to do so, and use those tools precisely, there is a much better chance of disrupting criminal activity. 

However, there is still a danger that the phrase “risk-based approach” has become empty with over-use and is implemented in anti-money laundering and combatting terrorist financing (AML/CTF) neither as widely nor as deeply as it might. So how can FinTechs internalize the risk-based philosophy across the range of their AML/CTF activities? 

  • Target real risks: Many risk assessments can be rather basic, discussing exposure to generic risks such as money laundering, terrorist financing, sanctions evasion, etc., rather than drilling down into more detailed categories such as the predicate crimes of money laundering. An instrumental Money Laundering / Terrorist Financing (ML/TF) Risk Assessment will be more than a decoration and have enough detail to ensure that it can be a valuable tool when shaping specific elements of a firm’s AML/CTF program.
  • Select risk-focused tools: When hiring AML/CTF compliance staff, firms should ask themselves whether the candidate knows the rules and regulations and whether they have a risk-focused mindset. Firms should also deploy tools with a track record in finding more real risks – keeping down false positives – amongst all the other criteria, such as cost and technical issues.

2. Conducting an EWRA

As firms grow and mature, many begin crafting their ML/TF Risk Assessment within a broader risk assessment framework, which helps identify inherent financial crime risks and provides a structured process for evaluating where AML/CTF frameworks need to change. This is often called an “Enterprise Wide Risk Assessment” (EWRA).

In EWRAs, there are three key concepts:

  • Inherent Risk: The level of financial crime and linked risks the firm’s type of business poses.
  • Control Effectiveness: The mitigating impact that financial crime policies, processes, and procedures have on those inherent risks; and
  • Residual Risk: What risk is left, leading to the questions of what actions might be taken to accept or mitigate them further.

A firm’s first EWRA is likely to be basic, given a lack of experience and data. The real value comes when it is applied regularly. The question that arises, therefore, is how often firms should refresh their EWRA. There is no rule, but most mature firms that use the framework will schedule a “full-dress” process yearly. However, firms should also be prepared to undertake event-driven reviews when it is significant enough of a trigger, external or internal. An economic downturn, a war, or a significant public health event like the pandemic are likely to act as a ready prompt to refresh an EWRA, as are the introduction of a new product, a market expansion, or change in delivery channels, etc. 

3. Understanding current risks

In this broader discussion of the importance of factoring risk-based thinking deeply into a firm’s processes, it is worth highlighting some of the primary AML/CTF risks that Australian firms should consider as they craft their risk assessments. In its 2021-2025 Corporate Plan and other statements, AUSTRAC has prioritized several strategic risks:

  • Money laundering driven by Transnational Serious and Organised Crime (TSOC) generates funds through major forms of illicit trades such as drugs trafficking, human trafficking, illegal immigration, weapons trafficking, the illegal wildlife trade, etc. 
  • Terrorist and extremist financing by Islamists and extreme right-wing individuals and networks 
  • The growth of cyber criminality, especially ransomware that extorts funds from individuals and businesses
  • The abuse of the gambling and gaming sectors for money laundering by TSOC 
  • An increase in frauds and scams around the pandemic, including increased abuse of emergency payments and health insurance

To help financial institutions stay abreast of emerging typologies, AUSTRAC regularly issues guidance resources, which include information on crime-specific indicators to help with detection. These resources include guidance on:

Not all guidance reports will directly apply to a firm’s individual risk environment and profile. However, it is essential to stay abreast of developments, and AUSTRAC is regularly added to its body of documents every few months. Firms should visit the AUSTRAC website to collate and review the new material.

A Guide to AML for Australian FinTechs

Uncover the core compliance responsibilities that arise from Australia’s AML/CTF regime and how FinTechs should respond using a risk-based approach.

Download the guide
Being aware of the conditions that increase the likelihood of a customer's involvement in money laundering (ML) or terrorist financing (TF) is a responsibility that financial institutions cannot take lightly. The absence or inadequacy of robust ML/TF risk management programs exposes FinTechs to serious reputational and compliance risks that can result in heavy fines and enforcement actions by regulators.  But what risk management strategies can Australian firms employ to best fulfill their gatekeeping responsibilities?

1. Integrating the risk-based approach

The risk-based approach is vital to the Financial Action Task Force (FATF) and regulators such as AUSTRAC. If firms target suitable financial crime risks, select the right tools to do so, and use those tools precisely, there is a much better chance of disrupting criminal activity.  However, there is still a danger that the phrase "risk-based approach" has become empty with over-use and is implemented in anti-money laundering and combatting terrorist financing (AML/CTF) neither as widely nor as deeply as it might. So how can FinTechs internalize the risk-based philosophy across the range of their AML/CTF activities? 
  • Target real risks: Many risk assessments can be rather basic, discussing exposure to generic risks such as money laundering, terrorist financing, sanctions evasion, etc., rather than drilling down into more detailed categories such as the predicate crimes of money laundering. An instrumental Money Laundering / Terrorist Financing (ML/TF) Risk Assessment will be more than a decoration and have enough detail to ensure that it can be a valuable tool when shaping specific elements of a firm’s AML/CTF program.
  • Select risk-focused tools: When hiring AML/CTF compliance staff, firms should ask themselves whether the candidate knows the rules and regulations and whether they have a risk-focused mindset. Firms should also deploy tools with a track record in finding more real risks - keeping down false positives - amongst all the other criteria, such as cost and technical issues.

2. Conducting an EWRA

As firms grow and mature, many begin crafting their ML/TF Risk Assessment within a broader risk assessment framework, which helps identify inherent financial crime risks and provides a structured process for evaluating where AML/CTF frameworks need to change. This is often called an "Enterprise Wide Risk Assessment" (EWRA). In EWRAs, there are three key concepts:
  • Inherent Risk: The level of financial crime and linked risks the firm's type of business poses.
  • Control Effectiveness: The mitigating impact that financial crime policies, processes, and procedures have on those inherent risks; and
  • Residual Risk: What risk is left, leading to the questions of what actions might be taken to accept or mitigate them further.
A firm’s first EWRA is likely to be basic, given a lack of experience and data. The real value comes when it is applied regularly. The question that arises, therefore, is how often firms should refresh their EWRA. There is no rule, but most mature firms that use the framework will schedule a "full-dress" process yearly. However, firms should also be prepared to undertake event-driven reviews when it is significant enough of a trigger, external or internal. An economic downturn, a war, or a significant public health event like the pandemic are likely to act as a ready prompt to refresh an EWRA, as are the introduction of a new product, a market expansion, or change in delivery channels, etc. 

3. Understanding current risks

In this broader discussion of the importance of factoring risk-based thinking deeply into a firm’s processes, it is worth highlighting some of the primary AML/CTF risks that Australian firms should consider as they craft their risk assessments. In its 2021-2025 Corporate Plan and other statements, AUSTRAC has prioritized several strategic risks:
  • Money laundering driven by Transnational Serious and Organised Crime (TSOC) generates funds through major forms of illicit trades such as drugs trafficking, human trafficking, illegal immigration, weapons trafficking, the illegal wildlife trade, etc. 
  • Terrorist and extremist financing by Islamists and extreme right-wing individuals and networks 
  • The growth of cyber criminality, especially ransomware that extorts funds from individuals and businesses
  • The abuse of the gambling and gaming sectors for money laundering by TSOC 
  • An increase in frauds and scams around the pandemic, including increased abuse of emergency payments and health insurance
To help financial institutions stay abreast of emerging typologies, AUSTRAC regularly issues guidance resources, which include information on crime-specific indicators to help with detection. These resources include guidance on: Not all guidance reports will directly apply to a firm’s individual risk environment and profile. However, it is essential to stay abreast of developments, and AUSTRAC is regularly added to its body of documents every few months. Firms should visit the AUSTRAC website to collate and review the new material. [cta_card title="A Guide to AML for Australian FinTechs" cta_img="" category="" bodytext="Uncover the core compliance responsibilities that arise from Australia’s AML/CTF regime and how FinTechs should respond using a risk-based approach." cta_text="Download the guide" cta_url="https://complyadvantage.com/insights/aml-guide-for-australian-fintechs/"]

Originally published September 16, 2022, updated September 16, 2022

Disclaimer: This is for general information only. The information presented does not constitute legal advice. ComplyAdvantage accepts no responsibility for any information contained herein and disclaims and excludes any liability in respect of the contents or for action taken based on this information.

Copyright © 2022 IVXS UK Limited (trading as ComplyAdvantage).