CTF Risk Management

Posted in Counter-Terrorist Financing on November 20, 2023
Ctf Risk Management - Featured Image

This article elaborates on ‘CTF Risk Management’. The Financial Action Task Force on money laundering (FATF) is the international organization that creates the benchmark standards for managing and counter terrorist financing around the world.

The Risk-Based Approach (RBA) under the International Standards on Combating Money Laundering and the Financing of Terrorism and Proliferation, which came into force in 2012, is the fundamental system used by banks and other financial institutions.

The RBA means that countries should try to analyze and comprehend the risks in their systems that might allow the financing of terrorism. Since resources and controls are limited, such resources are targeted at the riskiest areas of exposure; although this does not mean that “low risk” avenues should be uncontrolled.

There are rules designed to fight money laundering and root out terrorist financing that have made the financial system safer and stronger, but have also increased the cost and difficulty in doing business with developing countries.

Ctf Risk Management

How RBA’s Scope is determined

Risked-Based Approach means countries as well as private sectors should have an understanding of the ML/TF risks that they are exposed to and apply AML/CTF measures to mitigate these risks.

The persons and institutions that are subject to the AML/CTF regime. Traditionally banks and formal institutions have been the subject of the AML/CTF regime with the RBA. Other persons and institutions can be included in the regime. Informal and novel financing systems such as digital currencies and wallets, cryptocurrencies, and hawala systems are now being considered as part of the system that should be controlled under AML/CTF.

To what extent such institutions should be monitored by state and international agencies. The RBA should provide a balance between the internal checks and balances at the institutional level and the monitoring by state organs.

To what extent the institutions should comply with AML/CTF measures. Where there is a higher risk of exploitation, the measures should be accordingly more stringent.

Though the Risk Based Approach is a robust and effective system, it is not perfect and there are several challenges faced with implementing it in a variety of backgrounds. The RBA seeks to look at AML/CTF measures through 3 distinctive parts.

Allocating Responsibility Under RBA

Under the RBA, risk allocation is a primary task. It enables both financial institutions and state organs to channel time and resources to the riskiest avenues for exploitation by would-be terrorist financiers. In this regard, financial institutions should consider national risk assessments in line with FATF regulations to monitor and evaluate their client’s risk profiles.

In this regard, state organs should endeavor to provide accurate, simple, and detailed analysis to enable financial institutions to implement the same effectively.

Identifying Money Laundering/Terrorist Financing Risks

State organs should provide financial institutions with complete and competent information regarding potential terrorism financiers to enable such institutions to effectively identify such persons/institutions.

State organs that hoard information or censor it for political ends deeply hinder the effectiveness of the RBA. It is inherent then that a prompt and transparent system of sharing information with financial institutions is necessary for effective RBA

Mitigating Money Laundering/Terrorist Financing Risks

Lastly, with systems in place, information is gathered on illegal transactions facilitating terrorism. Using this information, different institutions and practices are classified as ‘low’, ‘medium’, or ‘high’ risk. Such classification helps authorities prevent future attacks and thus reduce the inherent risk in the overall system. 

Supervisors (State Organs) Under RBA

State actors such as central banks and criminal investigation agencies act as supervisors of financial institutions under RBA. Under the RBA, supervisors are required to allocate administrative resources based on risk classification. Supervisors therefore can evaluate their systems and alter them in the following ways as their risk profile determines:

  • Supervisors can alter their systems by altering the intensity of supervisory checks based on the risk profile of the financial institutions and the corresponding transactions. Supervisors can raise the amount of information and the relevant documentation required for transactions that are deemed “high risk” and can lower the amount of information required for people in sectors that are deemed “low risk.”
  • Supervisors can alter their systems by altering the nature of AML/CTF supervision based on the nature of the risk. Supervisors can alternate different types of monitoring. They can increase on-site monitoring as opposed to remote monitoring where the risk is relatively high.
  • Supervisors can alter their systems by increasing or decreasing the frequency of AML/CTF supervision. Supervisors should increase the rate of on-site and hands-on systems of AML/CTF supervision where they receive information such as whistleblowers that indicate a higher risk in particular sectors or institutions.
  • Finally, supervisors can alter their systems by increasing or decreasing the intensity of AML/CTF actions whenever appropriate. Where supervisors have information that a particular institution or industry poses a higher risk, the supervisors should use the most intensive methods of AML/CTF checks such as detailed testing of electronic systems and files to verify the implementation of AML/CTF, reviewing Customer Due Diligence or CDD in short protocols and internal auditing.

Supervisors’ continuous vigilance

Supervisors act as the overarching umbrella for the enforcement of AML/CTF protocols and are the bedrock of an effective system. The buck stops with the advisors. As such, they should maintain continuous vigilance and update their systems with new information periodically.

Supervisors are tasked with ensuring that financial institutions under their control are capable of fulfilling the best practices in their respective domains. Supervisors should contrast and compare different institutions and identify best practices and techniques that can be applied across the industry.

In a national setup, supervisors should also align the domestic systems with International Best Practices. This helps in preventing cross-border financing while also standardizing AML/CTF practices at an international level.

Ctf Risk Management 2

Financial Institutions Under RBA 

AML/CTF practices have a wide reach in institutions, particularly banks. There are several different avenues or services these institutions provide including but not limited to:

  • Retail Banking Services, which involve making financial services such as current and savings accounts, money transfers, and access to ATMs directly available to the public.
  • Corporate Banking, which involves providing financial products and solutions to institutions, companies, and government institutions.
  • Investment banking or private banking, which involves providing high-net-worth clients with products and services to assist them in managing their wealth. 
  • Correspondent services, which involve the transfer of funds and other assets or services between banks and even between countries.
  • Cryptocurrency, which is a novel system of anonymous asset transfer that bypasses traditional banks and uses software as an anonymous link between parties. Cryptocurrency has created a whole new arena where large amounts of money can be transferred with little or no AML/CTF oversight.
  • Digital wallets or currency, which is a new system in which digital funds can be transferred from person to person with little or no oversight by authorities.

Final Thoughts

There are rules designed to fight money laundering and root out terrorist financing that have made the financial system safer and stronger, but have also increased the cost and difficulty in doing business with developing countries. Risk-Based Approach is one example of that, and this article elaborates one this in a very detailed manner.