Establishing Risk Appetite
a) Undertaking a business risk assessment allows the business to formulate its “risk appetite”.
b) The term “risk appetite” refers to a business’ overall willingness or acceptance threshold for new business and the associated financial crime risks that will need to be mitigated.
c) A business should be able to formulate a statement, which is understood by all of its staff, about the limits of that appetite, beyond which it is not prepared to accept or able to effectively mitigate, the associated financial crime risks.
Review of the BRA
a) Regulation 3 of the AML/CFT Regulations requires that a business regularly review its BRA. This review must be undertaken at least annually, so as to keep it up to date. Where, as a result of that review, changes to the BRA are required, the business must make those changes.
b) Just as the activities of a business can change, so too do the corresponding financial crime risks. Mergers, acquisitions, the purchase or sale of a book of business, restructuring or a change of external service provider are just some of the events which can affect both the type and extent of financial crime risks to which a business is exposed. This can then result in a need for changes to be made to existing controls to mitigate those risks effectively.
c) Other operational changes such as a change in staffing numbers, change in technology or a change to group financial crime policies, can all have an impact upon the resources required to effectively mitigate financial crime risks.
d) Best practice indicates that a review of a BRA should occur whenever changes such as those described above occur and at least on an annual basis. This ensures that the policies, procedures and controls put in place to mitigate the financial crime risks specific to the business are and remain appropriate and effective.
e) Best practice also suggests that the business should maintain a log or record with its BRA recording the dates on which the BRA has been reviewed and, where necessary changed, and approved by the Board, or equivalent.
Self-Assessment Questions
a) On 10 June 2014, the Commission published the Financial Crime Guidance Note – Visit Trends and Observations.
b) Section 5 of the Note identified examples of good and poor practice in relation to the preparation of a BRA.
c) The Note also lists some questions intended to assist a business in assessing whether its approach in preparing and reviewing a BRA is appropriate and effective.
A business should therefore consider asking itself the following questions after it has prepared its initial BRA and after undertaking a review of an existing BRA, before it is finalised:
a) Can the business clearly explain what it considers to be its greatest area(s) of risk exposure in relation to financial crime?
b) How does the business risk assessment inform the overall risk appetite of the business?
c) Has the business identified the risks associated with its customer base, products and services, its geographical areas of operation and delivery channels? (e.g. internet, telephone, branches).
d) How does the business risk assessment inform the compliance policies, procedure and controls designed to mitigate the financial crime risks to which it could be exposed?
e) Does the business take account of the level of compliance resources currently available and whether these are suitable and sufficient with regard to the financial crime risks identified and assessed?
f) What information is relied upon by the Board when it reviews its business risk assessment in order to assess the financial crime risks to which it could be exposed?
g) Does the business consider the risks identified when it reviews its business risk assessment, in the round, in order to determine whether the possible level of risk exposure might actually be higher than when each of the risks is identified in isolation? (i.e. is the accumulation of the risks / possible confluence of those risks considered in determining the overall risk appetite of the business?)
New Requirement – Submission of Draft BRA
a) With effect from Friday 5 September 2014, a draft BRA, prepared in compliance with Regulation 3 of the AML/CFT Regulations and the rules in Chapter 3 of the Handbook, must be submitted with any application for a licence or registration under the laws. Further information about this requirement can be found on the Commission’s News webpage.
Sources of Information
• The following are just some of the sources of information which can be accessed in order to better understand the types of financial crime risks to which a business may be exposed.
b) FATF, Risk-based Approach, Guidance for Money Services Businesses, July 2009
c) FATF, Guidance for a Risk Based Approach, Prepaid Cards, Mobile Payments and Internet-based Payment Services, June 2013
d) JMLSG, Guidance for Money Services Businesses (as customers of banks), 20 May 2014
e) JMLSG, Guidance for Money Service Providers, 21 July 2014
f) Basel Committee on Banking Supervision, Sound management of risks related to money laundering and financing of terrorism, January 2014
g) IAIS, Application Paper on Application Paper on Combatting Money Laundering and Terrorist Financing, October 2013
h) FATF, Best Practices Paper – The Use of the FATF Recommendations to Combat Corruption, October 2013
i) FATF Guidance, Politically Exposed Persons (Recommendations 12 and 22), June 2013
j) FATF, Guidance for a Risk-Based Approach to Pre-paid Cards, Mobile Payments and Internet-based Payment Services, June 2013
k) FATF, Best Practices, Combatting the Abuse of Non-Profit Organisations (Recommendation 8), June 2013
l) FATF, Guidance on the Risk-Based Approach for the Life Insurance Sector, October 2009
m) FATF, Guidance on the Risk-Based Approach for Real Estate Agents, June 2008
n) FATF, Guidance on the Risk-Based Approach for Accountants, June 2008
o) FATF, Best Practices on Trade Based Money Laundering, June 2008
p) FATF Guidance on the Risk-Based Approach for Trust and Company Services Providers (TCSPs), June 2008
q) IOSCO, Anti-Money Laundering Guidance for Collective Investment Schemes, October 2005
r) The Egmont Group of Financial Intelligence Units – Cases at: http://bit.ly/ZggsR4
s) The Wolfsberg Group at: http://bit.ly/1syr5eG
(Date of Revision: 17 September 2014)
Loading...