Identifying Your Institution's Risks

Anti-money laundering (AML) and countering the financing of terrorism (CFT) are crucial concepts in the discussion of financial crime risk. Here we outline key areas to explore when building your AML/CFT, sanctions, and suspicious activity risk assessment frameworks, and explain why they are important for you to factor into your institution’s risk mitigation program.

AML Risk Assessment

As recommended by global authoritative bodies and sources such as the Financial Action Task Force (FATF), a risk-based approach should be the cornerstone of an effective AML/CFT system and is essential to properly identifying and managing risks.  Financial institutions’ risk assessment processes should, in turn, incorporate the identification of money laundering risk across the following three main areas:

The use of technology in building risk assessment methodologies and processes assists financial institutions in complying with the latest AML/CFT regulations. That includes compliance with the implementation of adequate internal preventative and detective control standards, and a proper self-evaluation surrounding the effectiveness of these controls.

ACAMS Risk Assessment uses technology to enable AML risk assessment processes. Our methodology provides the basis to better understand the potential inherent money laundering risks that may arise within an institution’s wide range of products and services, customer types, and geographies. Institutions then have the opportunity to develop and implement appropriate preventative and detective controls, to arrive at a final residual risk score.

Sanctions Risk Assessment

When looking to establish a sound sanctions program framework, best practices call for measuring both the quantity of sanctions risk related to a financial institution, and its corresponding sanction control program.

As the Federal Financial Institutions Examination Council (FFIEC) explains, assessing a bank’s risk of encountering an OFAC/sanctions issue should include an understanding of areas of risk related to sanctions, such as:

The ACAMS Risk Assessment sanctions methodology is designed to respond to current regulatory environments and recent requirements. The methodology provides financial institutions with an industry standard to assess the broad range of sanctions risks, and manage those risks through best practices in preventative and detective controls.

ACAMS Risk Assessment enables financial institutions to benefit from objective and verifiable guidance, as provided by global authoritative sources on sanctions risk management.

Suspicious Activity Risk Assessment

A fundamental component of a country’s AML/CFT program is a robust suspicious activity reporting regime. As a result, financial institutions are expected to have their own programs to meet their country’s AML/CFT laws and regulatory requirements to identify and report suspicious activity.

The authoritative source regarding CFT and AML suspicious activity reporting comes from FATF’s “40 Recommendations”, specifically “Recommendation 20 – Reporting of suspicious transactions.” This recommendation states:

“If a financial institution suspects or has reasonable grounds to suspect that funds are the proceeds of a criminal activity, or are related to terrorist financing, it should be required, by law, to report promptly its suspicions to the financial intelligence unit (FIU).”

In response to FATF Recommendation 20, most of the world’s jurisdictions, including all of the major banking nations, have adopted rigorous suspicious activity reporting regimes. Regulatory oversight across various jurisdictions includes examinations to assure compliance with the laws and regulations governing suspicious activity reporting.

The objective of the ACAMS Risk Assessment tool’s “Suspicious Activity Reporting Program Risk Module” is to provide institutions with the ability to evaluate and report on their residual risk as it relates to their suspicious activity reporting (SAR) programs. These programs are known by various other names (e.g., SMR, STR), but all are focused on the reporting of unusual/suspicious financial activity to competent authorities in a country.