Most of all beware of AML and CFT Programmes
Staff Reporter –
Businesses and people constantly transferring money between bank accounts and remitting overseas are often faced with a serious question, “What is my Risk and how should I assess the risk to my Anti-Money Laundering (AML) and Counter Financing of Terrorism (CFT) Programme?’
Internal Affairs Department (IAD), which supervises AML/CFT, says that there is no set definition or method to determine risk and that there is no set way to apply an assessment of risk to an AML/CFT Programme.
Some flexibility
An official statement appearing on the Department’s website agrees that while the above may appear unhelpful, it does provide the flexibility to apply risk to your business in a way that fits your particular set of products, services and customers.
“Guidance has been provided by the Sector Supervisors in producing a Risk Assessment and this should be your first point of reference: Risk Assessment Guideline. However, it may also be helpful to consider these pointers when compiling or updating your Risk Assessment,” it said.
Risk can be seen as the likelihood of a money-laundering or terrorist financing event taking place, using your products and services by your customers.
Cause and Effect
Risk can also be considered as a combination of the likelihood of an event and the consequence of that event; this can complicate an assessment of risk but it provides for a more in-depth picture of how risk can affect your business.
Risk can been conceived as how vulnerable your business is and if it is being used for money laundering or terrorist financing. You should ask yourself where your weak points are and how could they be exploited.
Suit yourself
Since no single definition is correct, you could choose the concept of risk that best fits your business. But please be clear in your AML/CFT Risk Assessment and Programme on what you understand as ‘Risk.’
Risk can be expressed in terms of ‘Inherent Risk,’ meaning the level of risk before you apply any controls via your AML/CFT programme
They can also be ‘Residual Risk,’ meaning the level of risk after you apply any controls via your AML/CFT programme.
Some recommendations
IAD recommends a proper examination of the ‘Inherent Risk’ as a part of the AML/CFT Risk Assessment Strategy.
“Remember that to get to a Residual Risk rating, you must determine the Inherent Risk first. For the purposes of your AML/CFT Programme, we recommend that you look at Residual Risk – how your risks can be avoided, reduced or controlled.
“A vital part of the AML/CFT process is describing how the risks that you have identified in the risk assessment are being addressed by your AML/CFT programme; failure to do so is one of the major areas of non-compliance during programme reviews and will result in negative comment from the Department.”
IAD says that it has a duty as a Sector Supervisor to ensure that reporting entities can operate in a fair and transparent environment.
This means the Department has the responsibility to ensure that AML/CFT legislation and the regulations are enforced.
Government warnings
The Financial Markets Authority (Audit related) and the Reserve Bank (Risk Assessment related) have recently issued public warnings.
IAD has issued 11 non-public formal warnings in relation to failures to meet particular AML/CFT risk assessment/programme requirements or failing to submit AML/CFT annual reports.
Source: Internal Affairs, Government of New Zealand
