Risk-Based Approach – Guidance for Money Service Businesses

Risk-Based Approach – Guidance for Money Service Businesses - July 2009supervisory tools for use when, in the supervisor‟s judgement, a financial institution is not complying withlaws, regulations or supervisory decision. These tools include the ability to require a MSB to take promptremedial action and to impose penalties. In practice, the range of tools is applied in accordance with thegravity of a situation.94. Fines and/or penalties are not appropriate in all regulatory actions to correct or remedyAML/CFT deficiencies. However, supervisors must have the authority and willingness to apply finesand/or penalties in cases where substantial deficiencies exist. More often than not, action should take theform of a remedial program through the normal supervisory processes.95. In considering the above factors it is clear that proportionate regulation will be supported by twocentral features:a) Regulatory Transparency96. In the implementation of proportionate actions, regulatory transparency will be of paramountimportance. Supervisors are aware that MSBs, while looking for operational freedom to make their ownrisk judgments, will also seek guidance on regulatory obligations. As such, the regulator with AML/CFTsupervisory responsibilities should seek to be transparent in setting out what it expects from regulatedinstitutions, and will need to consider appropriate mechanisms of communicating these messages. Forinstance, this may be in the form of high-level requirements, based on desired outcomes, rather thandetailed process.97. No matter what individual procedure is adopted, the guiding principle will be that MSBs areaware of their legal responsibilities and regulatory expectations. In the absence of this transparency there isthe danger that supervisory actions may be perceived as either disproportionate or unpredictable whichmay undermine even the most effective application of the risk-based approach by MSBs.b) Staff Training of Supervisors and Enforcement Staff98. In the context of the risk-based approach, it is not possible to specify precisely what a MSB hasto do, in all cases, to meet its regulatory obligations. Thus, a prevailing consideration will be how best toensure the consistent implementation of predictable and proportionate supervisory actions. Theeffectiveness of supervisory training will therefore be important to the successful delivery of proportionatesupervisory actions.99. Training should aim to allow supervisory staff to form sound comparative judgements aboutMSBs AML/CFT systems and controls. It is important in conducting assessments that supervisors have theability to make judgements regarding management controls in light of the risks assumed by businesses andconsidering available industry practices. Supervisors might also find it useful to undertake comparativeassessments so as to form judgements as to the relative strengths and weaknesses of different businesses‟arrangements.100. The training should include instructing supervisors about how to evaluate whether seniormanagement have implemented adequate risk management measures, and that the necessary proceduresand controls are in place. The training should also include reference to specific guidance, where available.It should be noted that “the supervisory process should include not only a review of policies andprocedures, but also a review of customer files and the sampling of some accounts” 11 . The supervisor hasequally to assess whether or not the processes are adequate, and if it determines that the risk managementprocesses are inadequate, it has the power to require a business group to strengthen them. Supervisors also11See FATF Recommendations, R.29.24 - © 2009 FATF/OECD