PRACTICAL SOLUTIONS
redundant to show CIP, CDD and EDD for
each of your client-types banked. It makes
better sense to consolidate all client-types
into one grouping and risk rate accordingly.
tive survey analysis as well as a quantitative
data review.
When assessing risk and looking at transactions, be sure to understand where the
transactions take place, who has ownership
for control and risk mitigation. This transfer
or shared risk concept includes, but is not
limited to, back office support business units
and business units that serve as product or
service delivery channels. It is important to
accurately and effectively assign and allocate
risk. In many cases, a business unit may own
a customer relationship. However, the transaction or service may be offered or serviced
within another business unit.
Support business units often have client
contact and in many cases transact business
by request of and for the benefit of a client.
Client-owning business units are not always
responsible or aware of products or services
being utilized by their clients because they
are provided by another channel. As a result,
product and service risk must be appropriately assigned to the appropriate delivery
channel responsible for the transaction or
service. This methodology transfers risk
from the business unit owning the client
relationship to the business unit that actually processes a transaction on behalf of or
for the benefit of a client. Within these cases,
risk mitigation belongs to the business unit
responsible for the process.
Phase 2 — Risk mitigation and
control assessment
The second phase of developing a financial institution’s AML risk assessment is
the explanation of risk mitigating controls
to defend against illegal activities. These
controls include policies and procedures,
transaction and account monitoring, investigative units and training programs. Now
is the time to make mention of any controls
the financial institution has put in place to
mitigate its money laundering and terrorist
financing risk. AML and CTF controls are an
important factor to assessing a financial institution’s risk. Although many areas of banking
and financial services may be inherently
risky when speaking of money laundering or
terrorist financing, risk mitigating controls
properly put in place may help to offset such
risk, thus lowering the level of risk within
that area of service.
The risk assessment
is a living and breathing
document. It must be
adaptable to the changes
and complexities of
AML and CTF risk
•
•
•
•
•
Client Identification Program (CIP)
Client Due Diligence (CDD)
Enhanced Due Diligence (EDD)
AML Policy and Program Governance
AML Transaction Monitoring
and Investigation (FIU)
• Country or Region Sanction
Laws and Boycotts (OFAC)
• Regulatory Reporting (SAR) (STR)
• Record Retention and Record Keeping
Figure 1
Mapping Risk Factor to
Risk Component
An effective AML program should include
the following risk response strategie