AML: Risk Assessment

The Financial Action Task Force (FATF) has issued guidelines stating that a risk-based approach ensures that measures to prevent or mitigate money laundering and terrorist financing are “commensurate” to the risks identified. Indeed, adopting a risk-based approach enables a designated person to appreciate the scope of their transactions and highlights the resources which should be directed in accordance with priority areas. The Central Bank of Ireland (CBI) has taken a proactive approach with respect to inspections. In 2017 alone, the CBI carried out 77 inspections and issued a total of 309 risk evaluation questionnaires across various institutions.

Using the results of the questionnaires, it produced a summary of its findings highlighting low, medium and high-level risk ratings in the financial sector. Specifically, it identified “high risk” facilities as including bureaux de change, e-money institutions, payment institutions and retail banks. Areas of medium risk include fund administration, investment firms and non-retail banks, whereas areas of lower concern include retail intermediaries and trust or company service providers. Section 30A of the 2010 Act, as inserted by s.10 of the 2018 Act, places a mandatory obligation on designated *87 persons to carry out a risk assessment which identifies and assesses the risks of money laundering and terrorist financing involved in the carrying out of business activities. Such risk assessments should take into account various factors, including type of customer, products and services offered, types of transaction, etc. Designated persons must also consider guidance issued by competent authorities and where the business is a credit or financial institution they must have regard to guidance issued by the European Banking Authority, the European Securities and Markets Authority and the European Insurance and Occupational Pensions Authority. The Joint Committee of the European Supervisory Authorities released risk-based supervision guidelines in 2017 which describe a risk-based approach as being an approach whereby competent authorities identify, assess and understand the money laundering and terrorist financing risks to which subjects of assessment are exposed and take measures which are proportionate to those risks.

Some commentators have opined that AMLD4 encourages more rigour by adopting a risk-based approach. Taken at face value, there are already some potential deficiencies arising from s.30A—specifically, the lack of guidance in relation to addressing the appropriate information which ought to be considered when conducting a risk assessment. Another observation in respect of the section is that it gives rise to a greater need for more specialised, expert personnel. This places quite a significant burden on financial institutions to provide specialist, bespoke training to those at the coalface of the business. Indeed, the CBI has previously commented that it found “material gaps” in the provision of anti-money laundering training to all relevant staff in firms. 17As part of the CBI’s guidelines, it recommends that policies and procedures should be implemented for risk assessments, including the identification and categorisation of risk, mitigating and managing those risks in an effective, proportionate manner, whilst maintaining proper records of implemented decisions.

Leave a Reply