Risk-Based Approach To AML

Risk Based Approach AML KYC

A risk-based approach to AML is key to effective compliance programs around the world.

Financial institutions face an expanding spectrum of money laundering threats, and modern financial criminals have a range of tools at their disposal to avoid countermeasures put in place to stop them. Accordingly, to balance efficiency and cost needs with compliance obligations, financial institutions must be able to respond to threats on a contextual basis. The most effective way to achieve that objective is to take a risk-based approach, meaning an AML compliance program tailored to the individual levels of risk exposure that each customer presents.

History of the Risk-Based Approach

Prior to the introduction of risk-based approaches to AML, banks and financial institutions would manage their compliance obligations using a ‘checkbox’ approach – that is, simply fulfilling a standardized list of AML requirements for every customer. While that standardized approach prevailed in the 1990s, the UK’s Financial Services Authority (FSA), first proposed a “risk-based” approach in its 2000 publication A New Regulator for the New Millennium. The concept of risk-based AML was first implemented in 2007 by the Financial Action Task Force and further codified in its 2012 update to the International Standards on Combating Money Laundering and the Financing of Terrorism and Proliferation – also known as the ‘40 Recommendations’. 

The FATF’s 2012 endorsement of the risk-based approach to AML set the global standard and ensured its ongoing use across all FATF member-states.

Principles of the Risk-Based Approach

In principle, the risk-based approach shifts the focus of AML compliance from post-analysis of data, to proactive judgment. Financial institutions must work on an ongoing basis to understand the money laundering threats they face and deploy commensurate measures to manage their risk exposure. 

In practice, this means that customers may be classified individually by their risk exposure – and that ‘higher risk’ customers are under greater levels of AML scrutiny. Broadly, the risk-based approach allows financial institutions to:

  • Recognize the existence of risk
  • Perform assessments of risk
  • Develop and deploy strategies to address risks

Implemented effectively, the risk-based approach allows for a balanced integration of human judgement and smart technology in the AML compliance process.

Performing Risk Assessment

Accurate risk assessment is central to the risk-based approach, there are two distinct categories of risk that inform financial institutions’ compliance efforts. The first is the idea of geographic risk: the vulnerability to money laundering threats that countries face at a national level. The second is the idea of individual risk, the specific risks that financial institutions face from their clients and how their internal AML process manages that risk. In performing risk assessment, financial institutions must take into account:

  • Vulnerability: What money laundering and criminal threats – such as drug trafficking or gambling – is the firm exposed to?
  • Infrastructure: Does the firm have blind-spots or administrative gaps that allow money-launderers to thrive?
  • Regulations: Does the firm properly understand and satisfy its regulatory obligations?

Business Specifics: Are there more specific risks which the firm might be exposed to – for example, those presented by specific customers, products, or geographic location?

How Does the Risk-Based Approach Work?

In compliance with the FATF recommendations, financial institutions must implement a risk-based AML program that includes a number of important measures, each designed to accurately identify individual customers and clients, and the businesses in which they are involved. In more detail, financial institutions must:

  • Develop and implement suitable Know Your Customer (KYC) and Customer Due Diligence (CDD) measures to verify that customers are who they say they are and are being truthful about the business they are engaged in.
    • KYC and CDD are foundational principles of risk-based AML: high-risk customers may be subject to enhanced CDD measures for which more identifying information is required.
  • Screen new and existing customers against domestic and international sanctions lists such as the United States’ Specially Designated Nationals (SDN) List and the United Nations’ consolidated list.
  • Screen against Politically Exposed Persons (PEP) lists: when a client’s political status changes, their money laundering risk profile often also changes.
  • Screen for Adverse Media: if a customer is the subject of negative news, anywhere in the world, their AML risk profile may also change.
  • Appoint an AML Compliance Officer: the individual appointed to this position must hold sufficient authority within the company to be able to identify and act on money laundering threats.

Ongoing Monitoring: The risk-based approach to AML compliance is a process, which means customers should be subject to ongoing monitoring throughout the business relationship. Ongoing monitoring is important because customers’ risk profiles can change over time. Financial institutions must be able to react to new levels of risk exposure to ensure emerging money laundering threats are identified as quickly as possible.

AML Compliance Solutions

Automate onboarding and monitoring processes, whilst minimizing false positives, by utilizing a live global AML database of Sanctions and Watchlists, PEPs and Adverse Media.



Share your thoughts and start a conversation.

Leave a Reply

Related articles:

ultimate beneficial owner
April 4, 2015

Ultimate Beneficial Ownership

What is Ultimate Beneficial Ownership? AML compliance requirements are constantly changing. Firms must keep up with…
Read More
AML Compliance Officer
May 14, 2018

AML Compliance Officer

What Is An AML Compliance Officer? What is an AML Compliance Officer? In order to…
Read More
AML Compliance Program
May 14, 2018

AML Compliance Program

What is AML Compliance Program? In order to combat financial crime, banks, credit unions, and…
Read More
Bank Secrecy Act Officer
May 14, 2018

Bank Secrecy Act Officer

What is a Bank Secrecy Act Officer? What Is A Bank Secrecy Act Officer? A…
Read More
money laundering reporting officer MLRO
May 15, 2018

Money Laundering Reporting Officer

What Is A Money Laundering Reporting Officer (MLRO)? What Is A Money Laundering Reporting Officer (MLRO)?…
Read More
December 4, 2018

AML Compliance Trends for 2019

Anti-Money Laundering Trends for 2019 Two issues shaped AML news in 2018 – huge money…
Read More
AML Checklist Best Practises
June 6, 2019

AML Compliance Best Practices

The Smart AML Compliance Checklist Traditional AML systems are falling behind against evolving threats: a…
Read More
vendor due diligence aml
January 17, 2020

Vendor Due Diligence

Vendor Due Diligence: What You Need To Know Vendor due diligence (VDD) takes place when…
Read More
Malaysian flag on flagpole
January 28, 2020

Anti-Money Laundering in Malaysia

How to Comply With Anti-Money Laundering in Malaysia? Malaysia is a regional and global political…
Read More
aml ctf malaysia framework
February 4, 2020

Malaysia’s 2020 AML/CTF Framework

Malaysia Revises 2020 AML/CFT Framework What is Malaysia's new AML/CFT Framework? In 2019, Malaysia’s central…
Read More
compliance risk management
March 9, 2020

Compliance and Risk Management

Compliance and Risk Management  As financial authorities adapt to evolving criminal threats, risk assessment has become…
Read More
digital banking aml compliance
July 9, 2020

Digital Banking AML Regulatory Compliance

Digital Banking AML Regulatory Compliance As banks and other financial institutions embrace advances in financial…
Read More

To make sure you get a great experience on our website, we use cookies. To confirm you consent to this, please click below. Read more about our Cookie Policy

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.