Disclaimer: The views expressed herein are those of the author and should not be attributed to the IMF, its Executive Board, or its management. Risk-Based Approach to AML/CFT Terence Donovan, Financial Integrity Group, Legal Department, IMF March 2009
Basis in international standard • 2003 revision of FATF Recommendations provide, for the first time, explicit recognition of the risk-based approach • Multiple references to ML/FT risk and to risk management • Definition of financial institutions • CDD • Internal controls • Supervision • It is NOT mandatory to apply a risk-based approach, except when dealing with higher risks
Risk Principles for Customer Due Diligence (CDD) • CDD is a wider concept than Know Your Customer (KYC) • Financial institutions should apply each of the CDD measures but may determine the extent of such measures on a risk sensitive basis depending on the type of customer, business relationship or transaction.The measures that are taken should be consistent with any guidelines issued by competent authorities. • For higher risk categories, financial institutions should perform enhanced due diligence. • In certain circumstances, where there are low risks, countries may decide that financial institutions can apply reduced or simplified measures.
Issues with the Risk-Based Approach • For many countries Risk-based Approach (RBA) is still new and untested. • Documentation being developed to assist implementation. • No consistent understanding of meaning and application of RBA. • Financial institutions unclear of supervisors’ expectations.
Some benefits of RBA • Requires financial institutions to think about AML/CFT risk. • Allows for less rigid alternative to checklist approach to compliance and supervision. • Flexibility as risks change over time. • Less inconvenience for legitimate customers. • Makes sense to financial institutions and their staff. • Launderers cannot as easily plan around RBA. • Financial institutions best placed to know their own risks.
Challenges of RBA • Financial institutions need expertise in risk assessment and management. • Diversity of approaches means complexity for supervisors. • More difficult to apply legal obligations and sanctions due to level of discretion. • Financial institutions often prefer legal and supervisory ‘certainty’. • Can be costly. • Difficult in cash-based economies.