Q&As

What is the ‘risk-based approach’ in relation to anti-money laundering, and what does it mean to me?

read titleRead full title
Published on LexisPSL on 11/02/2021

The following Practice Compliance Q&A provides comprehensive and up to date legal information covering:

  • What is the ‘risk-based approach’ in relation to anti-money laundering, and what does it mean to me?
  • Organisation-wide risk assessment
  • Risk-based approach methodology
  • Implementing a risk-based approach
  • Limitations of the risk-based approach
  • Further guidance and tools

What is the ‘risk-based approach’ in relation to anti-money laundering, and what does it mean to me?

The risk-based approach (RBA) is a core concept of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017), SI 2017/692, as amended.

The general concept of an RBA is simple: you cannot monitor everything done by each member of staff for every client all the time. You should therefore identify where your greatest risks lie and apply your resources appropriately.

Organisation-wide risk assessment

You should not confuse your organisation-wide risk assessment with the RBA.

If the MLR 2017 apply to your organisation, you must take appropriate steps to identify and assess your organisation’s money laundering and terrorist financing risks, ie conduct an organisation-wide risk assessment.

The organisation-wide risk assessment is intended to inform your anti-money laundering (AML) and counter-terrorist financing (CTF) measures. It will enable you to take a considered RBA to devising and implementing your systems and controls where such an approach is permitted or required by the MLR 2017.

Risk-based approach methodology

The starting point of the RBA is that greater risks should command greater resources.

Generally an RBA will involve:

  1. identifying the risks you face

  2. assessing the risks you face

  3. designing and implementing systems and controls to mitigate those risks

  4. monitoring your systems and controls

  5. recording what you have done and why

  6. reviewing your risks

Popular documents