Compliance and Risk Management 

compliance risk management

As financial authorities adapt to evolving criminal threats, risk assessment has become a foundation of AML/CFT compliance around the world. Banks and financial institutions must understand how to efficiently manage the money laundering and terrorism financing risks they face in a manner that also fulfills their compliance obligations. 

Achieving an appropriate balance between compliance and risk management is challenging: accordingly, financial institutions should understand their risk management compliance obligations, relevant best practices, and how to conduct risk assessments when onboarding or screening customers.

What is Compliance Risk Management?

While traditional AML/CFT strategies were built on the post-analysis of money laundering and terrorism financing incidents, financial crime has evolved, with money launderers becoming more sophisticated and exploiting emerging technologies. As a response, authorities now require financial institutions to be proactive about criminal threats by assessing the level of risk that their customers, geographic locations, or industrial sectors in which they operate, pose and adjusting their AML/CFT measures proportionately. 

The principle of ‘risk based’ money laundering was introduced in 2009 by the British Financial Services Agency (FSA) and taken up by the Financial Action Task Force (FATF) in 2012. The FATF introduced a requirement for risk based AML in its 40 Recommendations, codifying a compliance obligation for firms to assess money laundering and terrorism financing risk. 

The risk-based approach to AML is less focused on the elimination of money laundering threats than it is ensuring that financial institutions implement safeguards to detect and report them. Similarly, risk management is a way for firms to balance their compliance obligations with their budget and resources, organically integrating risk control mechanisms without compromising business and customer service objectives.

Risk Management Best Practices

Consistency: A consistent understanding of risk-management should serve as the foundation for a financial institution’s risk culture and attitude towards compliance. With that in mind, financial institutions should implement a consistent risk-management framework across every location, line of business, and country in which they operate. The operating model should be formally defined in writing and facilitate forums for senior management to review and discuss risk assessment procedures and outcomes. 

Data and technology: AML risk assessment relies on the collection and analysis of large amounts of customer data. Firms can manage those processes more efficiently with technology, automating data feeds to gather risk-related information on customers including adverse media stories or changes to political exposure. Automation not only reduces the need for ad hoc data collection and the possibility of human error but adds accuracy and efficiency to the risk assessment process itself. Data technology is also extremely useful for analyzing and plotting risk trends over time and helping firms better implement risk compliance measures.

Knowledge and expertise: While software and automation can enhance risk management capabilities significantly, the importance of human expertise shouldn’t be underestimated. Effective risk assessments require input from a range of subject matter specialists with direct experience of and engagement with the risks to which the firm is exposed. The knowledge and expertise of employees should be a consideration in both the development of the compliance risk management methodology and the risk assessment process itself.

External input: The AML/CFT risk landscape changes constantly and by necessity risk assessments rely on a knowledge of emerging threats and new regulations. These emergent risk factors may not be known to a firms’ internal compliance employees or detectable by its risk management framework. With that in mind, firms should not only seek to update their internal risk management framework regularly but do so with insight from external sources to ensure sufficient depth and detail in their understanding of emerging compliance issues.  

Standards of risk: Effective risk management involves gauging the effectiveness of risk assessment and mediation measures. This means that firms should create standards of risk materiality, including a definition of risk and formalized levels of risk tolerance. Standards should also be applied to the risk mediation process to ensure that firms are not constantly addressing risk ‘symptoms’ such as a high volume of adverse media, but identifying the root causes of compliance issues, such as business relationships in a particularly poorly regulated country. Finally, standards should be established for training and incentivizing employees that work in a compliance function as a way to inform and enhance compliance performance. 

Conducting Risk Assessments

Compliance risk management policies should take into account both the individual risk that customers present because of personal liability and the geographic risk presented by the location in which a firm operates. Practical risk assessment measures should reflect that combined threat and inform a firm’s ongoing AML/CFT approach. Accordingly, to ensure regulatory compliance, a risk assessment should involve the following measures:

  • Customer due diligence: A foundation of the risk-based approach to AML/CFT, customer due diligence measures (CDD) should enable firms to verify their customers’ identities and the nature of their business, and in doing so accurately establish the level of money laundering risk they present.
  • Sanctions screening: Customers should be screened against relevant international sanctions lists. Higher risk customers may require closer scrutiny in order to resolve ambiguous naming conventions or the use of pseudonyms.
  • Adverse media screening: Customers with negative news media against them may present a higher risk of money laundering. Firms must be able to collect and analyze those negative stories as they emerge.
  • Politically exposed person screening: When customers take on certain political roles that change in status raises their risk of money laundering. Accordingly, risk assessments should pick up on changes to the status of politically exposed persons (PEP).

AML Compliance Solution

Use real-time financial crime insight to stay in control of your AML compliance and keep pace with regulation.



Share your thoughts and start a conversation.

Leave a Reply

Related articles:

ultimate beneficial owner
April 4, 2015

Ultimate Beneficial Ownership

What is Ultimate Beneficial Ownership? AML compliance requirements are constantly changing. Firms must keep up with…
Read More
AML Compliance Officer
May 14, 2018

AML Compliance Officer

What Is An AML Compliance Officer? What is an AML Compliance Officer? In order to…
Read More
AML Compliance Program
May 14, 2018

AML Compliance Program

What is AML Compliance Program? In order to combat financial crime, banks, credit unions, and…
Read More
Bank Secrecy Act Officer
May 14, 2018

Bank Secrecy Act Officer

What is a Bank Secrecy Act Officer? What Is A Bank Secrecy Act Officer? A…
Read More
money laundering reporting officer MLRO
May 15, 2018

Money Laundering Reporting Officer

What Is A Money Laundering Reporting Officer (MLRO)? What Is A Money Laundering Reporting Officer (MLRO)?…
Read More
December 4, 2018

AML Compliance Trends for 2019

Anti-Money Laundering Trends for 2019 Two issues shaped AML news in 2018 – huge money…
Read More
AML Checklist Best Practises
June 6, 2019

AML Compliance Best Practices

The Smart AML Compliance Checklist Traditional AML systems are falling behind against evolving threats: a…
Read More
Risk Based Approach AML KYC
August 16, 2019

Risk-Based Approach To AML

Risk-Based Approach To AML A risk-based approach to AML is key to effective compliance programs…
Read More
vendor due diligence aml
January 17, 2020

Vendor Due Diligence

Vendor Due Diligence: What You Need To Know Vendor due diligence (VDD) takes place when…
Read More
Malaysian flag on flagpole
January 28, 2020

Anti-Money Laundering in Malaysia

How to Comply With Anti-Money Laundering in Malaysia? Malaysia is a regional and global political…
Read More
aml ctf malaysia framework
February 4, 2020

Malaysia’s 2020 AML/CTF Framework

Malaysia Revises 2020 AML/CFT Framework What is Malaysia's new AML/CFT Framework? In 2019, Malaysia’s central…
Read More
digital banking aml compliance
July 9, 2020

Digital Banking AML Regulatory Compliance

Digital Banking AML Regulatory Compliance As banks and other financial institutions embrace advances in financial…
Read More

To make sure you get a great experience on our website, we use cookies. To confirm you consent to this, please click below. Read more about our Cookie Policy

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.