The RBA (Risk-Based Approach) is a well-known acronym. It is designed to assist those falling under the clutches of money laundering and terrorist financing regulations the ability to prioritise allocation of resources to our high-risk areas.
Identify, understand and mitigate risks with a documented assessment is the familiar pattern we are all aware of. The good news, I think, is that we should be seeing some further guidance to assist us in this process.
New recommendations from the Financial Action Task Force (FATF) are ‘suggesting’ countries complete a national risk assessment of money laundering and terrorst financing vulnerabilities, and that is where PESTEL emerges.
Stressed as non–exhaustive or binding, these headings give the recommended approach for countries to consider in the completion of their risk assessments. FATF also believe this assessment should help guide more focused risk assessments in the various financial sectors in any jurisdiction.
What is interesting is the broad concept of risk defined in the recommendations. Risk is seen as being from three sources – threat, vulnerabilities and consequences:
- The threat from a person, group of persons, object or activity with the potential to cause harm, for example, to the state, society, economy etc
- The vulnerabilities are those things that can be exploited by the threat
- The consequences – What is the potential impact or harm on financial institutions, the economy, the business environment, national or international interests as well as the attractiveness of a country’s financial sector.
FATF’s recommended approach would be for a formal inter-agency working group with round-table discussions, working groups of experts and task forces of relevant agencies and bodies. However FATF also comment that there should be ‘a clear determination and designation of the specific agency, organisation or ‘task force’ in charge of leading and co-ordinating the process’.
So where is this national risk assessment going to sit in your jurisdiction – who is going to be part of the working party? Are compliance teams not already under severe resource pressure? I wonder who will join the party?
What does worry me slightly is that, with the standard non-exhaustive proviso, the proposals list the ML/TF risk factors relating to threats listing threat factors and predicate crimes (Annex 1), the ML/TF Risk factors related to vulnerabilities (Annex II) and examples of existing national level assessments. Will this possibly not lead to a potential ‘tick-box’ mentality which is effectively the exact opposite of a RBA?
Watch this space – who, what, when and how spring to mind, but with the levels of fines now being seen I guess there must be resources somewhere to fund the working groups that appear to be needed in each country? Another need for high quality, well trained and competent AML and Compliance staff.