AML Governance and the Business Risk Assessment

For a financial institution in the EU, the governance of the firm’s requirements related to AML/CFTis critical. Non-compliance in this area can lead to significant regulatory fines and reputational damage to the business and personally.

Alongside this imperative for effective oversight is a set of requirements which can seem daunting, partly because they are written for a very broad sector and partly because they have evolved over time with Acts from 2010, 2013, 2018 and likely AMLD5 in 2021.The AML/CFT Business Risk Assessmentis at the centre of any firm’s framework for implementing and embedding a strong compliance culture in this area.

It has the benefit of focusing discussion not just on the general set of requirements in legislation but how these requirements apply specifically to the business of the firm. It is a structured process, bringing focus to how the risks specific to the firm are mitigated, monitored, and reported. It considers product design, customer due diligence and distribution channels as well as where the firm does business and the internal processes for monitoring transactions. I have found that time spent discussing and documenting the risk assessment at board level brings greater clarity to the risks specific to the business of the firm, how mitigating controls have been deployed, and which areas are in need of improvement.

The AML/CFT agenda for 2021 will include the Criminal Justice Amendment Bill, currently at second stage in the Seanad and drafted to give effect to the 5thEU Anti Money Laundering Directive. In addition to this, firms should, in 2021 ,put a renewed focus on the Business Risk Assessment, with dedicated board engagement and follow through on areas of weakness.

Seamus@GovernanceMatters.ie