Managing risk is key to maintaining an anti-money laundering program. A well-developed BSA/AML risk assessment assists the bank in identifying illicit financial activity risks and in developing appropriate internal controls. In this post, we will review the components of an AML risk program.
The four-steps to implement a risk-based program are:
- Identify the various risks within the organization
- Evaluate the likelihood of occurrence and severity
- Implement measures to reduce the identified risk
- Continuously monitor to identify new or evolving risk.
Risk categories can be used to identify the level of risk for the customer. For example:
- Low risk would be the baseline risk of money laundering. Normal, expected activity.
- Medium risk would merit additional scrutiny but does not rise to the level of high-risk.
- High risk would be risks that are significant but are not prohibited. Conduct EDD and rigorous transaction monitoring. The institution will not tolerate any dealings of any kind given the risk. This would include any sanctioned countries or people on the SDN (or Specially Designated Nationals and Blocked Person) list.
Customer risk should be evaluated at regular intervals as determined by internal policies and procedures. The FFIEC (Federal Financial Institutions Examination Council) recommends updating BSA/AML risk assessments every 12-18 months or more frequently when necessary. So, an example would be re-evaluating low and medium risk customers every 18 months and high customers every 12 months.
Additional scrutiny should be performed as needed, especially when specific events occur. For example, when the customer has been surfaced in the transaction monitoring system with alerts, cases or SAR. Also, when unexpected activity occurs or when receiving an inquiry from law enforcement.
There are three main risk factors to look at when doing a risk assessment.
- Customer risk
- Both individuals or organizations and can present various risks. Individuals with a known history in criminal activities, politically exposed persons, both domestic and foreign, and non-residents would be scored higher. High risk businesses such as those that are cash intensive, like restaurants, car dealerships or casinos and professional service providers, like attorneys, and accountants would be scored higher along with foreign corporations where it is difficult to identify the beneficial owners.
- Geographic risk
- Geographic risk should consider any OFAC sanctioned country, FATF High-Risk Jurisdictions and Known Bank Secrecy Havens.
- Product risk
- Product risk depends on the likelihood that the product or service will be used for money laundering. Some banking products are considered higher risk. These include Private Banking, offshore international activity, wire transfer and cash-management functions, foreign exchange transactions, prepaid products or automatic clearing house (ACH), and remote deposit capture.
To learn how to use SAS Anti-Money Laundering, you can take one of these e-learning courses
For more information about the SAS Anti-Money Laundering solution, please visit https://support.sas.com/en/software/sas-anti-money-laundering-support.html.
Find more articles from SAS Global Enablement and Learning here.
