Risk management is defined as the “process of understanding and managing risks that the organization is certainly exposed to.”. This article elaborates what the importance of CDD/KYC for risk management is.
Poor governance structure and compliance culture pose serious financial crime and money laundering risks for the organization. The occurrence of fraud incidents and cases in organizations has resulted in the depletion of profits, operating inefficiencies, and reputational losses.
Importance of risk management
For an organization, risks are potential incidents and events that could occur and influence the achievement of the organization’s core objectives and goals. Risk management is about understanding the nature of such potential incidents and events and taking appropriate measures to address the threats posed by such potential fraud incidents. Devising risk mitigation strategies is important because risk incidents such as money laundering or financial crime activities negatively hit the organization’s profile and result in financial, operational, and reputational losses.
Objectives of Board of Directors
Strong compliance culture and governance means a strong Board of Directors, including executive and non-executive directors from various specialized backgrounds such as finance, audit, risk management, human resources, information technology, and business. The Board of Directors is reportable to the organization’s shareholders; therefore, the Board members must ensure that the financial objectives of Shareholders are achieved, and their investments are secured. Strong Board enables the implementation of effective CDD and KYC processes in the form of compliance programs, including policies. The senior management is given directions and tone to effectively implement and monitor the employees’ and customers’ activities to ensure that money laundering and terrorist financing risks are identified and effectively managed to avoid penalties from regulators.
Functions of risk management
A risk management function is established in the organizations whose main task is to facilitate and coordinate the overall risk management process, including financial crime and money laundering risk management. This is done in collaboration with the compliance team headed by the Chief Compliance Officer.
The risk management function is headed by Chief Risk Officer (CRO). The risk management committee includes different members from the organizations, such as the Chief Financial Officer (CFO), Heads of Planning and Sales, the Head of Investments, and the Head of Information Technology. All these members work together as part of committee members to ensure that fraud risk factors are identified and addressed appropriately using available resources. CRO acts as the secretary to the risk management committee and presents the agenda items to the committee members, including significant fraud risks, fraud incidents, available mitigants, and controls.
Members of the committee meet from time to time to ensure that any possible fraudulent activities are identified and mitigated. The risk management committee members promote the understanding and assessment of fraud risks and facilitate the development of a targeted strategy for dealing with the fraud risks identified.
Overview of the importance of CDD/KYC for risk management
CDD and KYC processes help the risks management function in identifying risks such as money laundering, terrorist financing, tax evasion, and other financial crime risks. The compliance team collaborates with the risk management team to ensure that overall risk management activities are directed towards the ML and TF risks.
Once money laundering or other related risks are identified, the risk management function assesses the impact and likelihood of occurrence of such risks in collaboration with the compliance function. Specific parameters and assessment grids are used to assess the impact and likelihood of fraud risks.
Fraud risks are analyzed and prioritized based on impact and likelihood analysis and risk scoring. Fraud risks are broken down into High, Medium, and Low-level risks. Such a classification enables directing the available resources to address the High and Medium level fraud risks.
Where the net likelihood and the target likelihood for a particular risk differ, this would indicate the need to alter the risk profile accordingly.
It is a common practice to assess the likelihood in terms of:
- high – probable;
- moderate – possible;
- low – remote.
Implementing risk analysis
The risk analysis is performed by the organizations to assess the robustness of the existing compliance controls, to prevent the risks of occurrence of money laundering and other financial crimes.
Some organizations prepare detailed risk registers for the assessment of money laundering, terrorist financing, and other financial crime risks and controls, that aim to direct the identification of implemented controls to proactively manage the overall risk profile of the organization. AML and KYC controls are required to be monitored as part of overall risk management measures, to assess whether or not they are effective in mitigating money laundering, and other financial crime risks. In case of weak CDD and KYC controls, the risk management department proposes the compliance or AML team to design and implement the effective CDD and KYC controls, to fill the gap and reduce the risk of being used by the criminals such as money launderers.
Customer Due Diligence (CDD) and Know Your Customer (KYC) play major roles in risk management. Organizations are in constant threat of financial crime such as money laundering, fraud and terrorist financing. In order to prevent onboarding a person or persons with history of financial crimes, risk management is implemented.