Risk-Based Approach to AML Compliance

The amount of money laundered yearly poses a growing threat to companies and economies.  

Money laundering encompasses the illegal activities used to make illegally-acquired funds appear legitimate. It is a highly diverse activity carried out at various levels of sophistication and plays a vital role in organised crime.  

In the past two years, Australian financial firms have been exposed to increased financial crimes, with money laundering ranked as the top risk in compliance operations by 80% of Australian compliance specialists working for financial institutions. 

The United Nations Office on Drugs and Crime (UNODC) estimates that the amount of money laundered in one year from criminal activities worldwide is 2 - 5 % of global GDP. However, the secretive nature of money laundering makes it challenging to know for sure.  

Global and Local Regulation of Anti-Money Laundering 

The global nature of money laundering has led to the formation of global and regional regulatory bodies to combat the threat and to help countries put regulations in place to deal with the threat locally.  

The global money laundering and terrorist financing watchdog is the Financial Action Task Force (FATF). As a policy-making inter-governmental body, the FATF works with governments and national regulatory bodies to achieve regulatory reforms and sets standards to prevent these illegal activities and the harm they cause. FATF’s list of 40 recommendations and nine special recommendations act as the standards to combat money laundering and terrorist financing.  

Australia is a founding member of the FATF and has established its own laws based on the recommendations. The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) and the Anti-Money Laundering and Counter-Terrorism Financing Rules (AML/CTF Rules) set out to prevent money laundering and the financing of terrorism. They require the financial sector and other relevant businesses and professionals to abide by a number of obligations, with the Australian Transaction Reports and Analysis Centre (AUSTRAC) ensuring compliance.  

A risk-based approach is central to the FATF recommendations and AML/CTF Act. 

What is a risk-based approach to AML? 

A risk-based approach to AML forms the foundation of global best practice approaches to combating money laundering and terrorism financing. 

A risk-based approach to AML is where you identify and assess the money laundering and terrorist financing risks your company faces, and determine the threat level to your business.  

You can then implement the relevant processes and solutions to mitigate and manage those risks effectively. 

Why adopt a risk-based approach? 

Adopting a risk-based approach is critical to meeting your obligations under the AML/CTF Act while also protecting your business and the financial system from criminal abuse. 

Defined by the FATF in 2012, a risk-based approach is considered by the FATF Recommendations to be an ‘essential foundation’ of a country’s AML/CFT framework and is an overarching requirement of all relevant FATF Recommendations.  

The benefits of a risk-based approach for businesses include the following: 

• more efficient and effective use of resources against money laundering 
• minimising compliance costs  
• more flexibility to manage new and emerging risks as money laundering and terrorism financing tactics evolve and emerge. 

Common AML Risk Factors 

A risk-based approach recognises that AML/CTF risks are unique to every business, product or service, customer, and transaction.  

Here are some of the most common AML risk factors: 

Individual Risks 

What type of customer are you targeting and what information do you have about them?  

Checking for high-risk individuals is a Know Your Customer (KYC) regulatory requirement. Governments collect and maintain watchlists of high-risk individuals, including known fraudsters, money launderers, terrorists, and ‘Politically Exposed Persons’ (PEPs) and their associates.  

The level of individual risk varies greatly. For example, AUSTRAC recommends that businesses treat every foreign PEP as a high-risk customer, while some domestic PEPs can range from high-risk to low-to-medium risk. That’s where a risk assessment is essential.  

Geographical Risks 

What is the risk associated with the country in which you are operating, or your customers are located? 

Geography determines the laws, regulations, security, data privacy and other factors making up a business environment. Your AML/CTF program requires you to know which countries and regions may pose a high risk of money laundering or terrorism financing. 

Channel Risks 

What methods does your customer use to transfer funds between accounts or countries? How is your product or service taken to market? 

In an increasingly digital economy, online transactions carry an inherent risk of identity fraud unless a robust digital identity verification process is in place.  

Third-party services or payments associated with product or service delivery can also increase the risk associated with a transaction. 

Transaction Risks 

Certain types of individual transactions can be flagged as high risk, such as an unusually large transaction or activity that appears to be outside normal behaviour.  

Also, transactions that are complex or involve the routing of payments may be assessed as higher risk.