Welcome to the second article in our Future of Financial Crime series. In this edition, we explore how intelligence-led risk management is crucial for an advanced financial crime framework.
A Money Laundering and Terrorism Financing (ML/TF) risk assessment is the foundation that guides the design and execution of a risk-based Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Program. Often, these assessments are perceived as mere regulatory obligations, leading to broad evaluations that fail to offer actionable intelligence and focus on the highest areas of risk within an organisation. As financial crime threats evolve and become more intricate, such an approach is no longer sufficient.
AUSTRAC, in its Regulatory Priorities for 20241 highlights this area as one of its enduring priorities. It notes that reporting entities must understand the nature of the ML/TF risk they face, and the linkages between their ML/TF risk profile and their AML/CTF program2, to develop an appropriately risk-based approach.
A driver of this regulatory focus has been the repeated findings by AUSTRAC that reporting entities are not regularly and consistently updating their ML/TF risk assessments based on organisational change or in response to the release of new guidance or external intelligence. For example, the recently released National Risk Assessment by AUSTRAC should be considered as a trigger for reporting entities to consider as part of its ML/TF risk assessment.
Further to this, there is a recognition by the Australian Government that the current AML/CTF regime does not sufficiently emphasise the importance of an ML/TF risk assessment. Proposed revisions to the AML/CTF Act aim to clearly state that reporting entities must consider the nature, size and complexity of its business in determining their ML/TF risk level, incorporate relevant risks identified by AUSTRAC, and to document their risk assessment methodology as part of its AML/CTF program.
Moving beyond the regulatory mandated requirements, organisations are realising wider benefits from performing more comprehensive and regular ML/TF risk assessments. These include the ability to better target AML/CTF programs and resources towards higher-risk areas through an intelligence-led approach. Examples emerging in Australia include the evolution of dynamic Customer Risk Assessment (CRA) models and the more rapid ingestion and actioning of external financial and open-source intelligence feeds in risk and control systems, moving beyond the historical approach of assessing ML/TF risk at arbitrary, static points in time.
At its essence, there is a need for organisations to look at financial crime risk differently, beyond merely being a compliance ‘tick box’ obligation, and embracing it as an enabler of intelligence, focus, efficiency, and competitive advantage.
In this article authored by our UK colleagues, we delve into building a dynamic risk assessment and the benefits they offer beyond regulatory compliance.
This is the second article in our Future of Financial Crime series, with a focus on the importance of intelligence-led risk management as a foundation for a future financial crime framework.
The risk assessment is a critical tool which should sit at the heart of a financial services (FS) institution’s financial crime control framework. However, it is often viewed as a regulatory driven exercise, which results in generic evaluations of the financial crime (FC) vulnerabilities that an institution is exposed to. Such outcomes provide limited actionable intelligence to enable appropriate adjustments to be made to financial crime controls. With financial crime threats ever-changing and becoming increasingly complex, this approach must evolve.
Typically, risk assessments are often limited by the following:
Unsurprisingly, expectations about the role of the risk assessment are changing, driven by a number of factors. In recent years, regulatory visits and reviews have increased the focus on assessing how well the risk assessment recognises the specific threats the FS institution faces, and how effectively it evaluates the underlying mitigating controls. Both are instrumental to delivering a risk-based approach. Regulatory enforcement can result where this is unsatisfactory. In the UK, the government’s Economic Crime Plan 2 (2023 – 2026) has set out clear actions to drive a more dynamic response by FS institutions to the FC risks faced by the UK. This will require the development of a control framework that provides a mechanism for adjusting areas of focus, and the ability to ‘dial-up’ and ‘dial-down’ activities as risks evolve.
Adopting a more dynamic and integrated approach to risk assessment and control modulation is key to addressing the limitations of risk assessments and meeting the changing regulatory expectations. Change can be incremental, and specific solutions will vary across FS institutions (based on sector, maturity, products, and customer base), but it is our belief that the following changes are needed:
In adopting these changes, we believe that it is possible to achieve three key benefits:
In summary, the changes suggested here will deliver a sophisticated and proactive intelligence-led approach to managing risk that identifies the changing nature of FC threats and dynamically adjusts the mitigating controls on the highest priority risks, allowing the dialling down of effort in other areas.
We believe the evolution of the risk assessment and control framework as set out in this article is fundamental to enabling further changes that are needed in a future financial crime capability. Specifically, changing the approach to due diligence to create a more dynamic customer lifecycle management, and the convergence of monitoring to allow the simplification and streamlining of FC operations. Overall, this will drive a move to a more efficient and effective approach to fighting financial crime.
Please get in touch if you would like to discuss this topic further. Also look out for future articles in our Future of Financial Crime series – up next, Revolutionising Due Diligence in Customer Lifecycle Management.
___________________________________________________