The investigation program should recommend appropriate risk management strategies, such as implementing internal controls, improving product quality and safety standards, reviewing delivery methods and logistics partners, and implementing credit risk management policies for customers.
Various types of risks are related to the customers and the products offered by the organization. The means of providing the products and services are also included to categorize the risk into broader ML/TF risks. These risk categories arise due to the vast number, types, and locations of customers, for whom the accounts are opened.
The customers’ related risks need to be identified and recorded for ongoing due diligence and monitoring. The account opening team and the AML team of the organization are required to, follow the AML/KYC regulatory requirements, which require organizations to identify and document customer-related risk factors and categories.
The regulatory framework for AML is applicable in the form of AML/CFT Regulations which require organizations to focus on the areas where related ML/TF risks are relatively high to allocate resources most effectively. Accordingly, enabling environment is required to be created by the Board of Directors and the Management, for the effective implementation of a risk-based approach considering internal policies, procedures, and risk parameters, of the organization. Organizations profile every new customer using their judgment and the information obtained through CDD/KYC process at the onboarding stage.
Investigation Program: Considering Channel, Product, Delivery, and Customers Risks
Below are the risk categories, which an organization faces, due to the vast number and types of customers, its products, services, and channels used to provide the services to the customers:
- Customer risk
- Jurisdiction risk
- Product risk
- Channel risk
Concerning AML/CFT the customer risk is the risk that a particular customer or group of customers may perform money laundering or terrorist financing activities. As per AML/CFT regulatory requirements, enhanced due diligence measures are to be performed for high-risk category customers, such as PEPs. The Compliance program and AML/CFT policy must contain the EDD measures, to be applied in cases of red flags issuance and the identification of the customers as high-risk customers.
A transaction is any activity that is initiated or processed, involving the exchange or recording of financial amount. Customer risk relates to the type of customers and the jurisdiction to which they belong. Customer risk is high in cases, where the customers belong to high-risk jurisdictions or countries or the countries which are declared as black listed by the international supervisory bodies or the regulators.
Transaction threshold is a monetary value, assigned to the accounts or customers, based on the risk profile. Every customer has a different risk profile, which is created considering the identification information and other details, obtained at the time of onboarding the customer or client. Red flags are raised due to the breach of the transaction threshold, which is assigned to the customers based on their respective risk profiles.
Transactions and activities of the customers/ clients must be within the threshold limit assigned to them based on the income level or the estimated business activity of the customers. Customers at the time of opening their accounts mention their income level or expected business volume, which enables the account opening time to define the financial threshold, as a benchmark of monitoring for each customer.
The benchmark thresholds are linked with the account of the customers, in the system, so that whenever a transaction is occurred breaching the linked threshold, then an alert is generated by the system, for review and investigation purposes. Based on the alert generated the MLRO or AML Team, reviews the account activity, to identify any potential money laundering risk or suspicious transaction.
The term “jurisdiction risk” has typically referred to the additional risk created by investing in, or lending cross borders to, a foreign country in the context of credit facilities.
The customers of the organization may belong to different jurisdictions or may have business relationships with the residents of different jurisdictions. This creates the risk of ML/TF because, there may be situations when the country or jurisdiction to which the customers belong or have business relationships, may have weak or poor AML/KYC controls.
With the introduction of the RBA as the overriding principle in the fight against money laundering and financial crime, jurisdiction risk factors were identified as being relevant to assessing the financial crime risk of the customer.
The country factors could include a customer’s country of incorporation, domicile, the center of activity, or country of tax residency. Therefore, when assessing a customer’s risk profile, organizations need to consider the financial crime risk related to the customer and the customer’s source of wealth. Further, the effectiveness of legal frameworks, as well as the political environment of the countries are to be considered, concerning the assessment of ML/TF risks.
FIs need to ensure that the control environment of the country concerning AML / CFT must be appropriate and robust to manage the ML/TF risks.
Product risk is the risk that products or services offered to customers may be misused by the customers, for money laundering or terrorist financing activities.
As a best practice, the organization, before designing, developing, and offering the products or services to the customers, performs research, market studies, and perform ML/TF risk assessment. Product-related ML/TF risk assessment is necessary to identify and understand the possible ways, customers may utilize for materializing their malicious intentions or conduct money laundering and terrorist financing activities.
Products that are offered by the organizations, such as banks are required to have complied with the applicable regulatory requirements. The challenge faced by banks, is due to the interdependency on the service providers, without whom support the products may not offer to the customers, such as the ATM network operations, digital banking solutions, etc. These factors contribute to product risk, where desired controls may not be devised by the organization itself and reliance may need to be placed on the controls of the service providers.
The nature and characteristics of products and services offered to the customers by the organization, significantly impact the risk profile of the organization, concerning money laundering and terrorist financing. The risks associated with a product or service are assessed by whether the product or service characteristics provide the user with functionality that may be utilized to enable the conduct of money laundering and terrorism funding activities, using the financial channel of the organization.
The ML/TF risks increase further when the products or services are offered to the high-risk category customers, such as politically exposed persons (PEPs), NGOs, Charitable organizations, and Correspondent Banking Accounts. For these high-risk category customers, the organization must mark them as “High-Risk”, and need regularly perform detailed scrutiny and monitoring for the products offered to such customers and the utilization made by such customers of the products or services.
All high-risk category customers are subject to ongoing monitoring, to identify any potential or existing suspicious activity or money laundering risks. High-risk category customers are more prone to conduct ML/TF activities, therefore, when offering the products or services to them, the organization must ask questions in detail about the use and need of the products and services, requested by high-risk category customers.
The organization uses different channels to serve customers including individuals, businesses, and companies. Such channels may be remittance channels, cash-based transactions, normal fund transfer channels, wire transfers, etc. Channel risk is the misuse of the financial channel, provided to the customers by the financial institution, for money laundering, and/or terrorist financing.
The type and characteristics of the channels used to provide services to the customers may significantly impact the risk of money laundering and terrorist financing. Organizations are required not to open fictitious accounts and initiate transactions, which lack apparent economic sense or to be processed using high-risk channels.
The regulatory challenges and commercial economic factors in many of the emerging markets, particularly the smaller economies, have resulted in a disproportionate increase in costs and implementation challenges, exacerbated by the impact of the withdrawal of the corresponding banking relationships. There has been a notable concentration of flows within trade lines and remittance channels, undermining smaller local banks which can be critical to financial sector stability and the growth and prosperity of emerging market countries.
Customers may also perform the transaction using the financial channels, without face-to-face interaction, with the organization’s representatives. This increases the risk of ML/TF. In cases of face-to-face contact and transactions, the customers are restricted to remain anonymous and it becomes easier to identify and verify, the customer and beneficial owner.
At a minimum, the organizations are required to have a thorough understanding of the inherent ML/FT risks present in its delivery channels, and services offered through these channels. The ML/TF risk assessment must consider the delivery channels and certain delivery channels (for example, business relationships or transactions that do not face) may pose a higher ML/FT risk as they increase the challenge of verifying the customer’s identity and activities. The jurisdiction’s specific risks must also be assessed when the country’s risks are considered, due to their linking with each other, such as in cases of international remittances or inward remittances.
The comprehensive analysis provided reveals a multi-faceted approach to risk management in a financial organization, especially related to anti-money laundering (AML) and combating the financing of terrorism (CFT). The different categories of risks identified – customer, jurisdiction, product, and channel – emphasize the importance of thorough diligence, regular monitoring, and adherence to AML/CFT regulations in mitigating potential threats.
To implement these measures effectively, the board and management must establish a supportive environment that prioritizes risk-based approaches, internal controls, and adherence to regulatory requirements. Moreover, it’s vital to evaluate potential risks associated with service providers who play a critical role in product delivery. The investigation program is essential to maintain the integrity of the organization and to provide a safe and reliable service to the customers, as well as to adhere to international standards and regulations.