Risk-Based Approach to AML Compliance
Reading time: 3 min

Risk-Based Approach to AML Compliance

The amount of money laundered yearly poses a growing threat to companies and economies.  

Money laundering encompasses the illegal activities used to make illegally-acquired funds appear legitimate. It is a highly diverse activity carried out at various levels of sophistication and plays a vital role in organised crime.  

In the past two years, Australian financial firms have been exposed to increased financial crimes, with money laundering ranked as the top risk in compliance operations by 80% of Australian compliance specialists working for financial institutions. 

The United Nations Office on Drugs and Crime (UNODC) estimates that the amount of money laundered in one year from criminal activities worldwide is 2 - 5 % of global GDP. However, the secretive nature of money laundering makes it challenging to know for sure.  

Global and Local Regulation of Anti-Money Laundering 

The global nature of money laundering has led to the formation of global and regional regulatory bodies to combat the threat and to help countries put regulations in place to deal with the threat locally.  

The global money laundering and terrorist financing watchdog is the Financial Action Task Force (FATF). As a policy-making inter-governmental body, the FATF works with governments and national regulatory bodies to achieve regulatory reforms and sets standards to prevent these illegal activities and the harm they cause. FATF’s list of 40 recommendations and nine special recommendations act as the standards to combat money laundering and terrorist financing.  

Australia is a founding member of the FATF and has established its own laws based on the recommendations. The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) and the Anti-Money Laundering and Counter-Terrorism Financing Rules (AML/CTF Rules) set out to prevent money laundering and the financing of terrorism. They require the financial sector and other relevant businesses and professionals to abide by a number of obligations, with the Australian Transaction Reports and Analysis Centre (AUSTRAC) ensuring compliance.  

A risk-based approach is central to the FATF recommendations and AML/CTF Act. 

Fight financial fraud and manage AML compliance in one platform

What is a risk-based approach to AML? 

A risk-based approach to AML forms the foundation of global best practice approaches to combating money laundering and terrorism financing. 

A risk-based approach to AML is where you identify and assess the money laundering and terrorist financing risks your company faces, and determine the threat level to your business.  

You can then implement the relevant processes and solutions to mitigate and manage those risks effectively. 

Why adopt a risk-based approach? 

Adopting a risk-based approach is critical to meeting your obligations under the AML/CTF Act while also protecting your business and the financial system from criminal abuse. 

Defined by the FATF in 2012, a risk-based approach is considered by the FATF Recommendations to be an ‘essential foundation’ of a country’s AML/CFT framework and is an overarching requirement of all relevant FATF Recommendations.  

The benefits of a risk-based approach for businesses include the following: 

  • more efficient and effective use of resources against money laundering 
  • minimising compliance costs  
  • more flexibility to manage new and emerging risks as money laundering and terrorism financing tactics evolve and emerge. 

Common AML Risk Factors 

A risk-based approach recognises that AML/CTF risks are unique to every business, product or service, customer, and transaction.  

Here are some of the most common AML risk factors: 

Individual Risks 

What type of customer are you targeting and what information do you have about them?  

Checking for high-risk individuals is a Know Your Customer (KYC) regulatory requirement. Governments collect and maintain watchlists of high-risk individuals, including known fraudsters, money launderers, terrorists, and ‘Politically Exposed Persons’ (PEPs) and their associates.  

The level of individual risk varies greatly. For example, AUSTRAC recommends that businesses treat every foreign PEP as a high-risk customer, while some domestic PEPs can range from high-risk to low-to-medium risk. That’s where a risk assessment is essential.  

Geographical Risks 

What is the risk associated with the country in which you are operating, or your customers are located? 

Geography determines the laws, regulations, security, data privacy and other factors making up a business environment. Your AML/CTF program requires you to know which countries and regions may pose a high risk of money laundering or terrorism financing. 

Channel Risks 

What methods does your customer use to transfer funds between accounts or countries? How is your product or service taken to market? 

In an increasingly digital economy, online transactions carry an inherent risk of identity fraud unless a robust digital identity verification process is in place.  

Third-party services or payments associated with product or service delivery can also increase the risk associated with a transaction. 

Transaction Risks 

Certain types of individual transactions can be flagged as high risk, such as an unusually large transaction or activity that appears to be outside normal behaviour.  

Also, transactions that are complex or involve the routing of payments may be assessed as higher risk. 

Detect complex fraud with predictive analytics and deep learning


How to Implement a Risk-Based Approach to AML 

Managing a risk-based approach to AML is like managing any other risks in your business – you identify the risks, assess their levels, and implement processes and solutions to mitigate them.  

Let’s look at the process for an AML risk-based approach: 

1. Identify business risks 

To identify AML risks, start by reviewing your product or service portfolio. For example: 

  • Customers: Who are the type of customers for your service? 
  • Geography: What is the geographical landscape and implications on the exposure of the target markets to financial crime? 
  • Delivery Channel: How will the product or service be delivered to the customer? Are digital transactions involved? 
  • Regulatory Controls: How advanced are the industry regulations? 
  • Market: What is the market exposure to financial crime? 

2. Assessment of risks 

Central to a risk-based approach to AML is an assessment of a product’s exposure to risks and their potential impact.  

Rank the risks for a product using a simple matrix, as explained in the FATF guide to National Money Laundering and Terrorist Financing Risk Assessment or refer to the AUSTRAC’s Assessing ML-TF Risk guide 

For a risk-based approach to work, businesses need to continually review and update their risk assessment to identify and address new, evolving and changing risks.  

3. Implement policies and solutions to mitigate risks  

Once the risk assessment is complete, a risk-based approach to AML requires implementing policies and solutions to mitigate risks. This may include procedures and technology to verify your customers’ identity or automated solutions for transaction monitoring.  

Final thoughts 

Risk will always be a factor for businesses regarding money laundering. However, a risk-based approach to AML ensures companies can effectively recognise, understand and manage those risks systematically.  

Find out how GBG’s solutions can help mitigate the risk of money laundering for your business.  

Sign up for more expert insight

Hear from us when we launch new research, guides and reports.

Related Content