[ PRACTICAL SOLUTIONS ]
AML risk assessment
The AML risk assessment is the first step in building a valuable AML program and is one of the more complicated and time-consuming program activities. The risk assessment methodology is approached in a vastly different manner at each FI. No matter if the risk assessment is 300 pages or 50, the question boils down to whether the risk assessment guides the FI in building an effective and efficient AML program. One would expect with so much time and effort put into risk assessment that it would provide valuable results. However, many AML professionals have agreed that it feels more like a “check-the-box” exercise, resulting in a document with too much “filler” content that distracts from the intent, further reducing its value. In addition, in many cases, the risk assessment gets stored away until requested by auditors or examiners. If either situation exists, take it as a professional red flag and revamp the risk assessment into a process that produces value.
FinCEN’s ANPRM would require an FI’s risk assessment methodology to include the identifi- cation and analysis of money laundering, terrorist financing and other illicit financial activity risks and to consider the AML and counter-terrorist financing (CTF) strategic priorities issued by FinCEN. Furthermore, the AMLA promotes taking a risk-based approach that focuses on higher-risk customers and activities. FIs should take this as an opportunity to reassess their risk assessment methodology to focus on their FI’s risk priorities and FinCEN’s anti-money laundering/counter-terrorist financing (AML/CTF) strategic priorities.
The AML risk assessment is the first step in building a valuable AML program and is one of the more complicated and time-consuming program activities
Some FIs have already developed or are moving toward such a methodology. One FI’s primary risk assessment document focuses on the highest-risk customers, products as well as services and geographies. For areas that are lower risk, a separate document is maintained for coverage. Another FI recently kicked off a target operating model gap assessment to prepare for the transition from the current “book report” risk assessment approach into an analytical model. Both approaches leverage the “National Strategy for Combating Terrorist and Other Illicit Financing,”3 among other documents, to inform their risk assessment. These FIs feel as though their approach will meet and go beyond the new AML regulatory mandates and support alignment with AML/CTF strategic priorities. This approach is sound, particularly in light of a comment from FinCEN’s Director of Regulatory Policy, Barry Emmert, “I don’t think there’ll be any surprises as these priorities are going to be consistent with Treasury’s ‘National Illicit Finance Strategy’ as required by Congress.”4
Targeted and adaptable methodologies allow an FI to move away from an annual risk assessment exercise that is already out of date when the work begins. It also supports the AML program in being nimble when responding to new or evolving risks. One example is an AML risk assessment focused on human trafficking that depicts a clear under- standing of the human trafficking risks specific to the FI. Instead of building broad human trafficking controls and monitoring scenarios, the FI is more risk-based, efficient and responsive. Another example is to update the risk assessment regularly as new risks emerge or if there is a new product/ service offering. Updating the risk assessment immediately will ensure it is always up to date and the AML program can evolve and adjust as needed.
 46 [ JUNE-AUGUST 2021 ]