What is a ‘risk-based approach’ and how does it affect my business?

Whether you operate as a sole trader or as part of a multinational corporation, all businesses covered by money laundering regulations are responsible for having correct and proportionate anti-money laundering (AML) procedures in place.

Of course, the risks of money laundering posed by criminal activities and terrorist groups do not affect all businesses in the same way. There are businesses and professions that are considered more high risk, such as real estate, casinos, and luxury goods, as well as professions such as lawyers and accountancy providers who may be used to facilitate the movement of illicit funds.

Additionally, individuals or businesses with weak anti-money laundering (AML) controls or those that conduct a high volume of financial transactions may also be at a higher risk of money laundering.

In practice, countering money laundering is about having a proportionate, ‘risk-based approach’ to managing the risks to your organisation. So, what is a risk-based approach?

A risk-based approach, for AML purposes, is a methodology that focuses on identifying, assessing and mitigating the specific money laundering and terrorist financing risks faced by an organisation. It is a flexible and adaptive approach that allows organisations to tailor their AML efforts to the specific risks they face, rather than applying a one-size-fits-all approach.

The risk-based approach consists of several key steps:

  • Risk assessment: This step involves identifying and assessing the specific money laundering and terrorist financing risks faced by the organisation. This includes assessing the risks of different types of customers, products and services, as well as the risks associated with different geographic locations and business sectors.
  • Risk management: Once the specific money laundering and terrorist financing risks have been identified and assessed, the organisation can implement measures to mitigate and manage these risks. This may include implementing enhanced due diligence measures for high-risk customers or developing and implementing policies and procedures to detect and report suspicious activity.
  • Risk monitoring and reporting: The organisation should regularly monitor and assess the effectiveness of its AML efforts and make any necessary adjustments to its risk management strategy. The organisation should also be prepared to report any suspicious activity or suspicious transactions to the relevant authorities.

‘The risk-based approach recognises that the risks posed by MLTF (money laundering and terrorist financing) activity will not be the same in every case and so it allows the business to tailor its response in proportion to its perceptions of risk,’ says the Consultative Committee of Accountancy Bodies (CCAB) in latest guidance.

‘The risk-based approach requires evidence-based decision-making to better target risks,’ the CCAB says.

Is my business vulnerable?

All money services businesses, or those handling significant financial transactions, are potential targets for money launderers. The vulnerability of these organisations depends on whether effective AML controls are in place to diminish the risk.

Target industries include:

  • Banking and financial services
  • Real estate
  • Casinos
  • Luxury goods
  • Professional services, such as law firms and accounting firms
  • International trade and import/export businesses
  • Art and antiques

You can find out more about protecting yourself and what policies might work for your business, by giving Compliance and Privacy Solutions (CaPS) a call on 0330 2020 601.

The external threats

It is important to note that risk is not solely determined by industry, and a risk-based approach to AML should also encompass proportionate measures to address the threat posed by business customers. A customer’s geographic location, job, criminal record, method of communicating and their preferred form of payment can all be causes for concern.

Due diligence on customers and their background must therefore form a substantial part of your AML practice, and there are various ‘red flags’ to look out for. These include where a customer is:

  • never available in person
  • prefers to pay in cash or by a complex route of transfer
  • seems unnecessarily guarded
  • is based abroad
  • is transferring major sums of money electronically

Updates to AML regulations and advice

The UK Government’s updated AML regulations came into force in March 2022 and specified some new ‘watch out’ factors that are now also considered high risk. Identified, alongside the risks above, are:

  • situations where electronic money is untraceable, or its origins are unclear
  • where the customer is in line to receive a life insurance pay-out
  • any transaction that involves the purchase of oil, weapons, a protected species, ivory, precious metals, any object or historical, religious or cultural significance

For more information on new risk factors, or further updates of March 2022, please visit legislation.gov.uk

Navigating updates can be a minefield for a busy firm. For support or advice on how to tackle your AML policies and ensure that your risk-based approach is both robust and comprehensive, please get in touch.

Specialising in advice for the at-risk financial sector, CaPS can help you find the best solutions for your business.