Risk-Based Approach – Guidance for Money Service Businesses

Risk-Based Approach – Guidance for Money Service Businesses - July 2009SECTION THREE: GUIDANCE FOR MONEY SERVICES BUSINESSESON IMPLEMENTING A RISK-BASED APPROACHPreamble102. The specifics of a MSB‟s particular risk-based process to manage and mitigate its ML/TF risksshould be determined based on the operations of the business, including its size, the products and servicesoffered, and its geographic scope of operations. Where appropriate and feasible the policies and proceduressetting out how a MSB will manage and mitigate its money laundering and terrorist financing risks shouldbe articulated on a company or group-wide basis. However, it is noted that the characteristics of terroristfinancing present differently from money laundering and, therefore, the associated risk may be difficult toassess without a more comprehensive set of indicators of the methods and techniques used for terroristfinancing (see paragraphs 40 to 44). Because there are no clear red flags for detecting activity related toterrorist financing, and because terrorist financing methods can be the same or similar to moneylaundering, the identification of terrorist financing itself can be a difficult process. A reasonably designedrisk-based approach provides the means by which a MSB identifies the criteria to assess potential moneylaundering/terrorist financing (ML/TF) risks. Whenever integrated in a group, the MSB should be fullyintegrated and apply a consistent risk-based approach to all their operations. No obstacle should hindercommunication of information among the different agents of the group, and there should also be testingcompliance with group-wide policies. Such compliance tests could usefully also be reviewed by externalauditors and supervisors. One component of a reasonably designed risk-based approach is a geographicrisk assessment, which can aid in identifying geographic locations that may pose a higher risk, such ascountries subject to government sanctions. A reasonably implemented risk-based process provides aframework for identifying the degree of potential ML/TF risks associated with customers and transactionsand allows the business to focus on those customers and transactions that potentially pose the greatest riskof ML/TF. To further combat the threat of the MSB‟s systems being used for terrorist financing, customertransactions should be screened against applicable government lists.103. Depending upon the jurisdiction and the licensing/registration structure, the MSB sector can beregulated as a financial institution that offers similar services. MSBs are required to monitor and reportsuspicious activity and, if required by domestic law, large transactions, collect required customeridentification at specific monetary thresholds, and maintain certain records in accordance with applicableregulations. This guidance focuses on the transfer of money or value and the money and currency changingoperated by MSBs. In some cases, MSBs maintain account relationships with customers. In most cases,MSBs operate in a transaction-based environment.104. Performing a risk assessment is the foundation of a risk-based approach. The intent of a riskassessment is to identify products, services, geographic locations and points of customer interaction thatare most susceptible to ML/TF activities. The risk assessment also serves to highlight remaining areas ofexposure that should be addressed after applying a regime of risk-based internal controls. A riskassessment may include a variety of factors, depending upon the particular circumstances, including butnot limited to:The nature, scale and complexity of the business‟s operations, including geographical diversity.26 - © 2009 FATF/OECD