While financial institutions are the most prone to being used in money laundering schemes, virtually any business in which money changes hands runs the risk of being an unwitting accomplice in such shady dealings.
Just because your business is a little on the small side doesn’t make it safe from money launderers, as restaurants, bars, secondhand car dealerships, and even laundromats have been known to be used for cleaning dirty money.
That’s why it’s so important that businesses undergo AML risk assessments in order to establish exactly how at-risk they really are. That being said, it’s also vital that you understand what AML risk assessments are and what they usually entail.
What are AML Risk Assessments?
Money laundering involves making illegally obtained funds appear as though they were procured legally and is often accomplished by moving said funds through legitimate commercial businesses. In most cases, these entities are unknowing aiders in money laundering endeavours, wherein lies the importance of businesses undertaking Anti Money Laundering Risk Assessments.
AML Risk Assessments are analytical procedures that gauge the probability that a business inadvertently engages in money laundering operations. Risk Assessments measure this probability by identifying which facets of the company appear most attractive to money launderers. These factors are known as Key Risk Indicators or KRIs.
The 5 Money Laundering Key Risk Indicators
Global governments have identified five major key risk indicators which can be applied to any form of business.
- The nature, scale, and complexity of the business.
- The type of customer the business caters to – whether it’s business to business or business to consumer, etc.
- The variety of goods or services that are offered to consumers.
- How the business obtains new customers and the way they communicate with existing clients.
- Geographical risks
What are Risk Drivers?
The aforementioned KRIs are manipulated by elements known as Risk Drivers which may increase or decrease risk depending on the element in question. The Risk Range (sometimes referred to as the Risk Rating) is a common 3-level or 5-level rating that’s set at low, medium, and high, or very low, low, medium, high, and very high respectively.
If a Risk Driver bumps up the risk of a KRI, the Risk Range, in turn, increases as well. In contrast, if a Risk Driver lowers the risk of a KRI, the Risk Range also drops. A successful AML Risk Assessment must be able to satisfactorily identify all necessary KRIs, provide proper measurements for the Risk Drivers, then factor all the data into a Risk Range.
Examples of Risk Drivers
- Commission-based work: This Risk Driver has the potential to increase risk, as businesses have a tendency to overlook AML controls when employees or third-party member who receive commission-based compensation for the sale/rendering of goods or services are involved.
- Offshore businesses: This is a primary example of the geographical risk KRI and is a Risk Driver that always results in increased risk. Using this method, money launderers can make it more difficult for AML controls to pinpoint illegal transactions and it also makes it harder to ensure if the business is legitimate.
Individual vs Aggregate Risk Scores
Naturally, the data compiled from the AML Risk Assessment will provide individual risk scores, which are the scores per KPI, as well as an aggregate risk score that’s basically the overall risk of the business undergoing the assessment.
The Two Types of Risk
AML Risk Assessments factor in two types of risk – Inherent Risk and Residual Risk. Inherent risk is the innate level of risk that the business faces without the placement of any controls or checks. Residual risk refers to the measurement obtained from pitting the inherent risk against the effectiveness of the controls set by the business. This measurement represents the actual risk that the business faces when it comes to being unknowingly involved in money laundering.