Using risk to shape money-laundering defences is central for any entity trying to implement FATF recommendations, the international watchdog has said. This approach means that an institution or government will identify and assess risk on an individual basis. What threats are they specifically exposed to and how can they specifically mitigate them? But as risk comes from many directions and arrives in many forms, the question remains – can a firm cover all these threats at once and still do effective business? Here Colette Best provides the answers.
The money laundering regulations are founded on a risk-based approach, but what does that actually mean and how do you identify and assess money laundering risk?
Preventing money laundering is important, but it is also costly and time-consuming and this is why a risk-based approach is baked into the requirements. This means that those in the regulated sector should direct resources to those transactions that are at the highest risk of being used for money laundering. That’s not to say that lower-risk clients can be ignored entirely, but it does mean that, all things being equal, you could apply less scrutiny to a director of a listed company than you would do a politically-exposed person from a high-risk jurisdiction.
The money laundering regulations set out that risk should be considered at both a firm-wide and client/transactional level. The firm-wide risk assessment should be set out in writing and reviewed regularly. There’s plenty of guidance on our website on how to go about creating and updating a firm-wide risk assessment.
There are two important documents that your firm-wide risk assessment should draw upon: the national risk assessment and our sectoral risk assessment, both of which have been recently updated.
The national risk assessment was last updated in December 2020 and unsurprisingly legal services remain rated as high risk of being used for money laundering and low risk of being used for terrorist financing.
In 2021, we also updated our SRA sectoral risk assessment. The new sectoral risk assessment sets out our view on the main risks for lawyers, and now includes private offices, Covid-19 and countries with currency controls. There is lots of additional information out there to help you keep your risk assessment up-to-date, including our Risk Outlook, updates from the National Crime Agency and the Financial Action Taskforce.
Sitting below the firm-wide risk assessment is the client and/or matter risk assessment. These assessments should be informed by your firm-wide risk assessment and are important because they will decide the level of customer due diligence you apply. The matter risk assessment should consider the purpose of the transaction, the size of the transaction and whether it is part of an ongoing client relationship. We have seen some good practice with firms updating their firm-wide risk assessments to reflect changes in the market and working arrangements due to Covid-19. This is great to see because it demonstrates that firms are aware of a change in risk and are keeping their controls up-to-date.
When we visit firms, we sometimes find a disconnect between what the firm-wide risk assessment says and the specific matter risk assessments. So for example if your firm-wide risk assessment says that high-value cash purchases of properties should be treated as high risk, we would expect to that reflected in a matter risk assessment.
The consequences of not correctly risk-rating a transaction can be serious, because if you over-rate the risk you are applying potentially unnecessary checks. But if you under-rate the risk you could miss completing source of wealth checks.
We have seen serious conduct issues arise, simply because a firm has not appropriately risk assessed a transaction. This is not to say that you cannot deviate from the risk factors set out in your firm-wide risk assessment, however this should be a considered decision and the reasons for the risk rating should be documented and held on file.
Knowing and accurately assessing money laundering risk is the backbone of compliance with the regulations. Make sure that you know your risk and act appropriately to prevent money laundering and protect your firm.
Follow us on:
Share this on: