Every Accountable Institution faces some degree of money laundering risks. Therefore, it has become more and more crucial for Accountable Institutions to be proactive in defining what possible money laundering risks their clients pose, as well as classifying which risks are regarded as high or low. Focusing time and attention on putting together a risk-based assessment will no doubt have a positive impact on your business. So let’s dive into how to approach this.
Foundations for a Risk-Based Program
Whilst the Financial Intelligence Centre (FIC) Amendment Act does set out minimum requirements for identifying these risks, it acknowledges that due to varying factors, different companies will need different approaches. This is why an effective Anti-Money Laundering (AML) risk-based assessment should be implemented to aid in identifying the aspects of your business that are most vulnerable and therefore most likely to be taken advantage of by criminals.
These aspects set the foundation for a risk-based compliance program and are often referred to as Key Risk Indicators. As set out by the FIC, these risk indicators include the products and services the Accountable Institution offer, as well as the clients they serve and the size and scope of the company.
The importance of each risk indicator might differ from one industry to another and so, Accountable Institutions should use a combination of these indicators to holistically assess the risk that a client, business relationship or single transaction may pose. Once these risk indicators have been identified, they should be documented together with a classification of what constitutes a high, medium or low risk. Ultimately the outcome of your key risk indicators should indicate to you whether or not to regard a client as high or low risk.
The outcome of the high or low risk will inform your next steps, such as whether to continue to onboard a client, perform enhanced due diligence or report the individual for suspicious behaviour etc. The defining and documenting of this risk-based approach and its process is what should form your Risk Management Compliance Programme (RMCP) which will ultimately become your reference point when onboarding or working with any clients. In order to be truly effective an RMCP should be kept up to date and be enforced consistently throughout your business.
Dedicating staff to perform costly, manual compliance processes isn’t the best use of resources. This is where solutions like DocFox can alleviate the pressure from your staff and improve your existing processes.
In addition to our software, our compliance experts have created FICA in-a-Box, an end-to-end FICA compliance solution for Accountable Institutions. One of the elements included in FICA in-a-Box is an expertly crafted RMCP to help you address key FICA requirements with an easy to use risk rating process for your business.