The KYC/CDD for organizational risk management practices is where ML/TF risks are to be assessed for management purposes. Risk management is defined as the process of understanding and managing risks that the organization is certainly exposed to.
Poor governance structure and compliance culture, pose serious financial crime and money laundering risks for the organization. The occurrence of fraud incidents and cases in organizations has resulted in depletion of profits, operating inefficiencies, and reputational losses to the organizations.
Importance of KYC/CDD for Organizational Risk Management
For an organization, risks are potential incidents and events that could occur and influence the achievement of the organization’s core objectives and goals. Risk management is about understanding the nature of such potential incidents and events and, taking appropriate measures to address the threats posed by such potential fraud incidents. Devising risk mitigation strategies are important because risk incidents such as money laundering or financial crime activities, negatively hit the profile of the organization and result in financial, operational, and reputational losses.
To avoid the risk of onboarding criminals the organization should perform the ML/TF risk assessment on periodic basis, to ensure that all existing risks are identified and assessed on timely basis. Appropriate control strategies are devised then to mitigate the identified ML/TF risks, as per the level and significance of the ML/TF risks.
Without performing KYC and CDD of customers, the organization faces different kinds or risks including the legal risk, financial risk, regulatory risk and reputational risks. These risks are required to be addressed through the performance of appropriate AML and KYC/CDD measures, before onboarding the customers.
A compliance risk management function performs the ML/TF risk assessment and the compliance risk management function’s main task is to facilitate and coordinate the overall risk management process including financial crime and money laundering risk management. This is done in collaboration with the compliance team headed by the Chief Compliance Officer.
The risk management committee is formed which includes different members from the organizations such as Chief Financial Officer (CFO), Heads of Planning and Sales, Head of Investments, and Head of Information Technology. All these members work together as part of committee members, to ensure that fraud risk factors are identified and addressed appropriately using available resources. Members of the committee meet from time to time, to ensure that any possible fraudulent activities are identified and mitigated. The risk management committee members promote the understanding and assessment of fraud risks and facilitate the development of a targeted strategy for dealing with the fraud risks identified.
CDD and KYC Process
CDD and KYC processes help the risks management function in the identification of risks such as money laundering, terrorist financing, tax evasion, and other financial crime risks. The compliance team works in collaboration with the risk management team, to ensure that overall risk management activities are directed towards the ML and TF risks as well.
Once money laundering or other related risks are identified, an assessment of the impact and likelihood of occurrence of such risks is performed by the risk management function in collaboration with the compliance function. Specific parameters and assessment grids are used to assess the impact and likelihood of fraud risks.
Based on Impact and likelihood analysis and risk scoring, fraud risks are analyzed and prioritized. Fraud risks are broken down into High, Medium, and Low-level risks. Such a classification enables directing the available resources to address the High and Medium level fraud risks.
Where the net likelihood and the target likelihood for a particular risk differ, this would indicate the need to alter the risk profile accordingly.
It is a common practice to assess the likelihood in terms of:
• high – probable
• moderate – possible
• low – remote.
The risk analysis is performed by the organizations to assess the robustness of the existing compliance controls, to prevent the risks of occurrence of money laundering and other financial crimes.
Some organizations prepare detailed risk registers for the assessment of money laundering, terrorist financing, and other financial crime risks and controls, that aim to direct the identification of implemented controls to proactively manage the overall risk profile of the organization. AML and KYC controls are required to be monitored as part of overall risk management measures, to assess whether or not they are effective in mitigating money laundering, and other financial crime risks.
In case of weak CDD and KYC controls, the risk management department proposes the compliance or AML team to design and implement the effective CDD and KYC controls, to fill the gap and reduce the risk of being used by the criminals such as money launderers.
Risks are potential incidents and events that could occur and have an impact on the achievement of an organization’s core objectives and goals. Understanding the nature of such potential incidents and events and taking appropriate measures to address the threats posed by such potential fraud incidents constitute risk management. Risk incidents such as money laundering or financial crime activities have a negative impact on the organization’s profile and result in financial, operational, and reputational losses.