The Risk Based Approached (RBA) is not by any means a new concept though it is fast becoming an increasingly undeniable way for companies to achieve effective AML/ CFT compliance as they grapple with the rising cost of compliance and higher regulatory scrutiny.
The RBA enables them to find the right balance after having given meaningful thought to the priorities of their organization.
Here is Temple Consulting’s snapshot on the latest updates regarding the Risk Based Approach for Supervisors.
FATF Guidance Note for Supervisors
In March 2021, the Financial Action Task Force (“FATF”) released a guidance note entitled “Risk Based Approach for Supervisors” which is aimed to assist regulatory authorities (or “Supervisors”) in their functions. The Guide describes the risk-based approach to supervision enabling supervisory authorities to allocate their resources and attention based on identified risks.
A Holistic Approach
As per the Guide provided, Supervisors should be more proactive in monitoring risks and ensuring that risks are identified and mitigated in a tailored and proportionate way while making optimal use of available resources. Furthermore, it is also stated that Supervisors need to adopt a holistic approach in assessing the adequacy of AML/CFT control measures within entities and which include inter alia:
- oversight by board and senior management
- number of qualified/experienced staff with appropriate authority and resources
- AML/CFT policies and procedures and conflicts with other policies and procedures, e.g., remuneration based on turnover
- risk management function
- compliance function
- internal controls (e.g., CDD, record keeping, transaction monitoring, etc.)
- management of information systems
- independent testing (internal and external audit), and
- training provided to staff on AML/CFT.
The components above should encourage licensees to consider how each of these components would stand up to regulatory scrutiny individually as well as a collective.
“Tick the Box” compliance? Not so much!
The Guide also makes notes for Supervisors to encourage financial institutions to shift from a ‘rule-based approach’ to a risk-based approach and whereby risks are assessed on a case-to case basis.
The Guide also lays out a “system for monitoring” that a spectrum of activities and tools available to supervisors that should be applied in a risk-based manner. It outlines a difference in approach and focus which can lead to a “generally less intrusive” supervision regime, with a greater flexibility to adjust the nature, frequency, intensity and focus of supervision.
Additionally, the Guide provides some insights on the application of a zero-tolerance or zero-failure approach. It states that “A zero-tolerance approach that does not tolerate imperfections, particularly in areas identified to pose lower risks, is counterproductive to an effective AML/CFT
system and for risk-based supervision.”
So Does This Mean That Anything Goes?
Certainly not! Supervisors should invest in the time to should explain the risk-based approach to their regulatory population and clearly explain and provide guidance on how it should be applied. Challenges identified for Supervisors include the need to identify new regulatory populations, and difficulties in identifying entity-level risks beyond what is already identified as sectorial risks.
Companies should therefore also make the effort to demonstrate that they properly understand and are able to manage the AML CFT risks that are inherently a part of their operations. Sectorial risk identification should be mapped from the National Risk Assessment As applicable.
Furthermore, in efforts to identify AML CFT risks, it is also possible for Supervisors to take into account, within reason, the risk assessments conducted by the supervised/monitored entities themselves. If this is not a good motivation for licensees to take their annual Business Risk Assessment[1] seriously, we do not know what is!
Companies should also ensure that they are in a position to actively manage their regulatory relationships, notably leading up to and after inspections by the regulator. The Guide, more topically, also mentions some considerations for Supervisors in the context of COVID-19 disruptions, including applying the risk-based approach to supervision to continue onsite inspections or hybrid or virtual on-sites, prioritising high-risk sectors or entities.
RBA – The Way Forward
It can be seen that the exigencies linked to the monitoring of money laundering, terrorist financing and other forms of illicit activity are unlikely to slow down. All stakeholders, be they supervisory or regulated, are increasingly called upon to rethink the deployment of resources. The risk-based approach remains the way to ensure that your compliance is not only working hard, but more importantly, that it is working smart!
How can Temple Consulting assist you?
Temple Consulting Ltd (‘TCL’) established in 2007, has been assisting financial entities in meeting their regulatory and legal requirements through various compliance exercises, including application of the risk-based approach and support with regulatory inspections.
If any of the issues mentioned in this article are of interest to your organization, get in touch!
We are happy to assist.
[1] S17 FIAMLA 2002 requires financial institutions to carry out an annual “business risk assessment”. TCL has written about Business Risk Assessments in previous articles
Recent Comments