Obligated institutions are entities obliged to fulfil AML obligations. They should know what the impact and importance of a money laundering risk assessment is, how to carry out a money laundering risk assessment and what are the mandatory elements of a risk assessment document. In this article, we will try to provide some insight into these issues.
Identification and risk assessment
The assessment of the risks associated with the activities of an obliged institution is a key obligation. It materialises in the form of a specific document. Its role it to determine the activities that the obligated institution undertakes in the field of AML. It is the starting point for building internal AML processes.
Above all, it is crucial that the assessment made is materialised in the form of a document. The document should contain i.e. the inclusion of risk factors with their respective weights.
The identification of risks includes, in particular identification of:
- obligated institution’s customers;
- countries or geographical areas of operation, e.g. where the obligated institution originates, where it operates, where it offers products, services and carries out transactions;
- products or services and types of transactions offered by the obligated institution.
determination of risk levels
The obliged institution should then, taking into account the factors indicated above, develop a scoring system appropriate to itself. For example, this system can be presented in the form of a point scale. The lower the score the lower the risk, respectively the higher the score the higher the risk. For the purposes of the risk assessment document to be drawn up, we can assume several degrees of risk. Those degrees can be define as: low, normal, medium, high.
At this stage we assess the impact of the identified risks on the obliged institution concerned. That is, we assess what is the likelihood of money laundering occurring in relation to its activities taking into account. For example: the type, difficulty, level of complexity, interest, availability, speed of delivery of the product or service in question.
Once the obliged institution has defined the risk factors, it collects and verifies the data already collected giving them the appropriate measures and making a final assessment of the money laundering risk. The institution then implements appropriate mitigants which are controls designed to mitigate the risk.
Summarising the previous steps by considering the overall scoring of the relevant risks allows the level of residual risk to be determined. This, in turn, allows the conclusions of the risk assessment and, consequently, possible remediation plans to be established.
Full article is available in Polish here.
