AML CHALLENGES
Five Point Scoring Scale Example (figure 2)
• May be either Alpha (Low to High),
(Minimal to Extreme) or Numeric (1 – 5)
• Color Coding is also recommended
• Important to include Not Applicable (NA)
as this shows risk was not overlooked
and scored
Figure 2
Risk Rating
Low
Low / Moderate
Moderate
Moderate / High
High
L
1
L/M
2
M
3
M/H
4
H
5
Not Applicable
Putting it all together
Should the risk assessment be conducted at a
business unit level, each business unit should
be assigned the applicable components and
risk assessed accordingly. Alternatively, one
may utilize this same approach at a business
segment level or corporate level, given the
size and complexity of a financial institution.
However, if a financial institution warrants
a business unit or business segment level
assessment, it is recommended to create an
enterprise level view of all business units
assessed with an overall corporate risk
rating. A consolidated view of all business
units assessed affords corporate governance
with an enterprise view of where risks lie.
Additionally, such a view targets business
units with multiple risk factors in relation to
other business units. This may warrant additional focus for those business units.
The AML compliance program and AML
risk assessment should work together.
This is the opportunity to assess a financial
institution’s AML and CTF risk and tighten
controls where needed. The assessment
of these risks becomes the foundation for
establishing a successful AML compliance
program. A financial institution’s AML risk
assessment should serve as an umbrella of
the AML compliance program. Moreover, it
may also be utilized as a reference manual
that quickly identifies a financial institution’s
risk exposure, as well as to serve as a quick
reference to where products and services are
being offered, what business unit are banking
high-risk clients, and what the geographical
PRACTICAL SOLUTIONS
footprint looks like, among other relevant
corporate profile information.
Throughout the AML risk assessment, offer
an explanation of any AML or CTF risks
present and controls put in place mitigating
such risks. A well thought out commentary
and supporting language to address the risks
and controls surrounding those risks helps
regulatory examiners understand the business, the corporation and its AML compliance program initiative. In addition, this
same approach offers a high-level executive
summary for internal executive management as well as the firm’s chief BSA officer
or AML director. Further, reference any materials used in the information gathering stage.
Document what has been found and attach or
footnote reference materials. A clear explanation of risk supported with documentation
of findings makes for an easily understood
document for its readers.
The AML risk assessment should reach a
conclusion. The assessment should identify
the level of AML and CTF risk present within
AML risk assessment
will help drive the AML
compliance program
a financial institution as well as t