Risk matrix development
Understanding what is legally required of your institution, employees and customers is essential to a successful program.
The theory is that no financial institution can reasonably be expected to detect all wrongdoing by customers, including money laundering. But if an institution develops systems and procedures to detect, monitor and report the riskier customers and transactions, it will increase its chances of staying out of harm’s way from criminals and from government sanctions and penalties.
A risk-based approach requires institutions to have systems and controls that are commensurate with the specific risks of money laundering and terrorist financing facing them. Assessing this risk is, therefore, one of the most important steps in creating a good anti-money laundering compliance program. As money laundering risks increase, stronger controls are necessary. However, all categories of risk — whether low, medium or high — must be identified and mitigated by the application of controls, such as verification of customer identity, CDD policies, suspicious activity monitoring and economic sanctions screening.
Risk-based approach is preferable to a prescriptive approach in the area of AML and CTF, as it is more:
Flexible — as money laundering and terrorist financing risks vary across jurisdictions, customers, products and delivery channels, and over time.
Effective — as companies are better equipped than legislators to effectively assess and mitigate the particular money laundering and terrorist financing risks they face.
Proportionate — because a risk-based approach promotes a common sense and intelligent approach to fighting money laundering and terrorist financing as opposed to a “check the box” approach.
From Rule-based to Risk-based
Know Your Customer
From Identification procedures to Customer due diligence
From risk assessment to risk scoring
The securities and financial institutions industry rules and regulations have many specific guidelines pertaining to BSA/AML Risk Profile and Risk Assessment. However, the industry rules and regulations are not very clear when it comes to specific guidelines and requirements defining how or when securities and financial institutions are required to assign a risk score to a customer or entity. Many securities and financial institutions are learning the benefits of risk scoring to identify the level of risk associated with a new customer or account by efficiently capturing CDD information during onboarding and ongoing monitoring. The use of due diligence information can generate an initial score for each new customer/account and ongoing transaction data from existing monitoring systems (particularly high-risk transaction activity) to build and continuously update the customers risk score within a “Risk Profile” for each customer or entity.
However costly and time-consuming AML compliance may be, financial institutions that understand the importance of implementing a strong AML program will quickly realize its worth. In today’s world, any financial institutions who do not appreciate the importance of a strong BSA/AML programs targeting customer risk scoring and CDD programs need to understand the costs and risks of having an inadequate AML program. When you have a strong AML program, the risk of financial loss due to penalties can be mitigated along with various other regulatory, legal and reputational risks.
From RE-active to PRO-active
What is Proactive Risk Management?
Proactive risk management improves an organization’s ability to avoid or manage both existing and emerging risks and helps adapt quickly to unwanted events or crisis. It helps build an understanding required to measure and manage emerging risks which give organizations a better view of tomorrow’s risk and how it impacts their business.
What differentiates proactive risk management approach from a reactive approach is the way risks are assessed, reported and mitigated. It involves carefully analyzing a situation or assessing processes to determine the potential risks, identifying drivers of risks to understand the root cause, assessing probability and impact to prioritize risks and accordingly preparing a contingency plan. To do so, risk managers need to learn to assess the strength of the innovation component of the organization and use that information effectively to combat known and emerging risks. Also, focus on using the expertise of experienced risk managers to engage in strategic risk utilization.
Implementing Proactive Risk Management
Proactive Risk Management is not a process or an initiative but a discipline that an organization has to practice and make an integral part of the overall business strategy. It cannot be defined in a day and cannot be performed in isolation. It is a continuous process until it becomes an integral part of organization’s risk culture.
Developing and implementing a preventive risk identification and management program helps businesses limit exposure, save costs, and enhance value for stakeholders. However, there are challenges that need to be managed before seeing the results of such approach, for example, lack of clear understanding about the spectrum of risks and consequences, lack of relevant tools and techniques, availability of data in silos, limited resources, and absence of tone-at-the-top.
Delivering effective and proactive Risk Management needs an organization to have more clarity about the breadth of risks facing the business and understand the potential threats and opportunities in alignment with the overall business strategy in order to plan appropriate mitigation action. Also, ensuring proper communication between all stakeholders across functions and harnessing the benefits of technology are crucial elements to create greater business value.