Risk-Based Approach – Guidance for Money Service Businesses

Risk-Based Approach – Guidance for Money Service Businesses - July 2009 Publicly listed companies subject to regulatory disclosure requirements. Other MSBs (domestic or foreign) subject to an AML/CFT regime consistent with the FATFRecommendations and which are supervised for compliance with those requirements.An increased level of due diligence applied to those applicants determined to be higher risk, suchas: Agents located in a higher-risk jurisdiction. Principals determined to have PEP status. Agents with a history of regulatory noncompliance. Agents serving high-risk customers or transactions as described in 110 to 112 above.Agent Monitoring131. Agent monitoring is a very important element in an effective MSB AML/CFT program. While allagents require baseline monitoring to assess and address systemic risks such as inadequate training, new orchanging services or products, and poor individual judgment or performance, the risk-based approachrequires a higher level of monitoring to locate and eliminate the few agents that knowingly or throughwillful blindness act in a way that may conceal their customers‟ conduct from routine monitoring. Thedegree and nature of agent monitoring will depend on the transaction volume and principal volume of theagent with whom the MSB shares responsibility for effective AML/CFT, the monitoring method beingutilised (manual, automated or some combination), and the type of activity under scrutiny. In applying arisk-based approach to monitoring, the degree of monitoring will be based on the perceived risks, bothexternal and internal, associated with the agent, such as the products or services being provided by theagent, the location of the agent and the nature of the activity.132. The principal aim of monitoring in a risk-based system is to respond to enterprise-wide issuesbased on each MSB‟s analysis of its major risks. Regulatory authorities should, therefore, be mindful ofand give due weight to the determinations made by MSBs, provided that these determinations areconsistent with any legislative or regulatory requirements, and are reasonable and adequately documented.133. Agent monitoring under a risk-based approach allows a MSB to create monetary or otherthresholds to determine which agent activities will be reviewed. Defined situations or thresholds used forthis purpose should be reviewed on a regular basis to determine their adequacy for the risk levelsestablished. MSBs should also assess the adequacy and integrity of any systems and processes on aperiodic basis.134. Agent monitoring under a risk-based approach should utilize baseline risk assessment tools thatmonitor agent activity to measure transaction-related risk or identify agents that exhibit risk behaviours,such as those described in para. 113 above, structured transactions, customer identification sharing orbiographical information sharing, higher volume senders or payees, unusual and unexplained spikes intransaction volume, inferior data quality entered at point of origination, related STR/SAR activity, highervolume agent-to-agent corridors, unusual agent patterns, or unusual product or service concentration.Prompt attention and remediation of risk behaviours should be addressed by appropriate means, such asenhanced examination of the agent‟s transaction history and data integrity, to learn and evaluate the agent‟sexplanation of these concerns, confidential sampling of the questioned aspects of the agent‟s services, or40 - © 2009 FATF/OECD