Why you need an annual financial crime risk assessment
- Posted on: 11 December 2020
What do the terms ‘money laundering’, ‘fraud’, ‘bribery’, and ‘market abuse’ all have in common? Hopefully, you correctly guessed that they all relate to financial crime. All regulated firms have financial crime risks, albeit at varying levels of complexity and depending on the business model. You should have policies and procedures that document your approach to managing financial crime risks, but did you know that you also have to do an annual review?
At least once a year, you are required to assess whether your controls are up to the job of identifying and preventing financial crime. It is not enough to just have policies and procedures, you have to base those documents on the output from the annual risk assessment. It is all too easy to overlook these risks assessments, but it is important to do them, and to do them properly.
Financial crime is a worldwide risk and criminals use ever more sophisticated techniques to commit it, so firms need to assess and manage their risks. The assessment requires you to consider and document your financial crime risks relating to:
1) The products and services that you offer; for example:
Do you safeguard client money or assets?
Are the products at risk of being used for financial crime, such as insurance?
2) The jurisdictions that you operate in (including where your clients may be based); for example:
Do any of your transactions cross jurisdictions?
Do you know where your clients' source of funds or wealth originated from?
3) Who your clients are (and any controllers or owners if relevant); for example:
What is their legal status and is it easy to understand?
Are there any PEP or sanction concerns?
4) The complexity and volume of transactions; for example:
Do you have the capability to monitor transactions and identify discrepancies?
Are you comfortable with complex transaction structures?
5) The distribution channels that you use to service your clients; for example:
Does your distribution channel make it difficult to identify the underlying client?
Do you use any agents, branches or other third parties in your distribution chain?
Once you have identified what your risks are in each of those areas, then you can work out how to allocate your resources to best mitigate them. This is where your policies, procedures and training will come in. If you have identified that your clients operate in high-risk jurisdictions, then you can make sure that your onboarding and monitoring due diligence is robust enough manage those specific risks. The assessment will also help you to train your staff to identify the risks that matter most, and how they can help your firm to manage them.
The annual financial crime risk assessment is an important tool in your regulatory toolbox. As we prepare for 2021, are you confident that your firm has the tools that it needs to face the future?