How to Conduct an AML Risk Assessment

Mark Halstead Compliance

All UK businesses have a responsibility to prevent money laundering and other forms of financial crime. Risk assessments are a key component of any firm's anti-money laundering (AML) tool kit, and can help businesses to measure the likelihood that they will inadvertently support or engage in criminal behaviour.

This guide explains what risk assessments are, and how any business can apply them to combat money laundering while meeting their regulatory compliance obligations.

What is an AML Risk Assessment?

A money laundering risk assessment is a process that analyses a business's risk of exposure to financial crime. The process aims to identify which aspects of the business put it at risk of exposure to money laundering or terrorist financing. It achieves this by monitoring and assessing known vulnerabilities, also commonly referred to as Key Risk Indicators (KRIs).

Why are AML Risk Assessments Required

Certain businesses are required to conduct anti-money laundering risk assessments under Regulation 18 of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017).

On a practical level, a risk assessment could help a business to:

  • use a risk-based approach to identifying and preventing money laundering.
  • understand the risks associated with various business relationships and commercial activities.
  • create policies, procedures, and controls that actively reduce the risk of financial crime.
  • make more informed decisions about employees and clients.
  • identify transactions and relationships that involve an at-risk or sanctioned country.
  • Evaluate risk reduction measures.

Ultimately, an AML risk assessment can help businesses to reduce the risk of money laundering and terrorist financing. These measures are an essential part of any anti-money laundering compliance program, and can help organisations to stay on the right side of the law.

Money Laundering Risk Indicators

Businesses can conduct a money laundering risk assessment by monitoring key risk indicators. International authorities generally apply five primary categories of risk indicator that businesses should assess:

  1. The size, nature, and complexity of a business.
  2. The type of customer involved (e.g. B2B or B2C).
  3. The types of products and services involved in a transaction.
  4. The methods used to onboard new customers and communicate with existing ones.
  5. Geographical factors

By assessing these individual factors, businesses can allocate a risk rating to a transaction or customer relationship. Ratings of low, medium, and high can be used when applying a simple risk range, whereas more advanced risk ranges extend to very low and very high ratings.

Key Risk Drivers

There are a variety of Key Risk Drivers (KRI) that businesses should consider when conducting a money laundering risk assessment. These include:

  • Whether a transaction or commercial relationship has an international element. Overseas transactions can significantly increase the risk of money laundering and terrorist financing, and firms may need to conduct more detailed due diligence when dealing with offshore entities.
  • Whether a transaction involves a commission payment that could give rise to a conflict of interest.
  • The substance of a transaction. High-value transactions generally pose a greater risk of money laundering, for instance.
  • The involvement of third parties, particularly where they are the payor or payee. The movement of assets by a third party can contribute to money laundering, so it's important to identify the source of funds for each transaction.
  • The complexity of a client's business structure, as organisations with wide, branching corporate structures can pose a greater risk of financial crime.

Assessing High-Risk Activities

Businesses must pay particular attention to any high-risk activities when conducting a risk assessment. Each year, the UK government publishes a National Risk Assessment (NRA) that outlines the latest trends in money laundering and terrorist financing. This can help when prioritising certain activities as part of a risk-based approach to compliance.

In the UK's 2020 NRA, the following activities were identified as high-risk:

  • conveyancing
  • client account services
  • trust and company formation
  • financial technology services
  • cash-related services
  • the use of crypto assets and virtual money

Businesses should carefully consider whether their compliance framework does enough to identify and address these risks.

At the same time, organisations must pay close attention to the warning signs of money laundering and adjust their policies, controls, and procedures accordingly. This is especially true when dealing with customers and transactions that involve jurisdictions classified as high-risk by the Financial Action Task Force (FATF).

Risk Assessment during Customer Onboarding

A risk assessment can form a substantial part of the customer onboarding process. This opportunity should be used to conduct thorough due diligence before forming closer ties with an individual or organisation.

As part of an onboarding risk assessment, customers should be vetted for money laundering and terrorist financing risk factors. This process should include screening for adverse media, sanctions, and politically exposed persons (PEPs).

In addition to the above, businesses ought to be cautious when dealing with customers that perform actions that are at odds with their profile. This might happen if a customer suddenly attempts to enter into a high-value transaction, pay via a previously unrelated entity, or engage in a transaction that makes no commercial sense.

If a risk assessment flags any of these factors it may be necessary to ask further questions of a potential customer, or even to file a suspicious activity report (SAR).

Improve Your Approach to Risk Assessments with Red Flag Alert

Risk assessments are essential for businesses that need to comply with anti-money laundering regulations. Not only can they help to protect the economy from the threat of financial crime, but they can also prevent financial and reputational damage to the organisations involved.

Red Flag Alert can make the risk assessment process easy by providing businesses with fast access to data for over 6.5 million businesses. With over 100,000 updates every day, users can rely on this data to vet potential customers and verify any claims they make.

To discuss how Red Flag Alert can help to streamline your approach to risk assessments, contact Richard West on richard.west@redflagalert.com or 0344 412 6699.

Stay informed

Sign up to receive expert insights direct to your inbox.

Mark Halstead Partner

Mark's experience is big data analytics, financial services and building businesses provides Red Flag Alert with strategic direction.