AML Tuesday’s Session #16 on:

Conducting a Business Risk Assessment

23 May 2023
Agenda

10:00 – 10:05 Welcome and Opening

10:05 – 10:15 BRA Overview

10:15 – 10:50 Stages of BRA and Data Input Relevant for BRA

10:50 – 10:55 BRA Design and Risk Response

10:55 – 11:00 Questions & Answers

28/03/2023 © Financial Transparency Advisors 2

BRA Overview

28/03/2023 © Financial Transparency Advisors 3

 Business Risk Assessment

28/03/2023 © Financial Transparency Advisors 4

 Why DNFBPs need Business Risk Assessment

Overarching recommendation on the Risk-Based

Approach

Making informed decisions

Mitigation of Risks

Managing Reputational and Financial Impact

Business Continuity

28/03/2023 © Financial Transparency Advisors 5

 Regulatory Framework and International
Standards
1. Monegasque AML Law – Article 3 requires FIs and DNFBPs to assess and
understand the risks of ML/TF. Institutions and professionals shall develop a risk
assessment depending on the nature of products/services, transactions, delivery
channels, customers, and geography.

2. FATF recommendation 1 – FIs and DNFBPs are required to take appropriate steps
to identify and assess ML/TF risks. The risk assessment shall be documented. The
risk assessment should be appropriate to the nature and size of the business.

3. FATF guidance – RBA guidance for Money or Value Transfer Services, RBA to prepaid
cards, mobile payments and internet-based payment services

4. Wolfsberg Q&A on Risk Assessment for ML, Sanctions, Bribery & Corruption

28/03/2023 © Financial Transparency Advisors 6

 The Diff erence between BRA and CRA

BRA CRA
Assessment which
Identifies the risk of
specifically identifies
financial crime posed
the risks that each
to DNFBP as a whole
individual customer
based on its
(private or corporate)
activities
pose to the business

28/03/2023 © Financial Transparency Advisors 7

 BRA Overview

Determination of Determination of
Assessment of
the Inherent risk the Residual Risks
controls and Risk
for the following based on risk
Mitigation
Risk Categories mitigation
• Product/Services • Governance • Residual risk shall be
• Geography • Policies and defined for each Risk
• Customer Procedures Category
• Delivery Channel • Training
• Transaction Method • Independent Testing
• Roles and
Responsibilities
• Key Controls
• Secondary Controls

28/03/2023 © Financial Transparency Advisors 8

 BRA Overview (Cont.)

BRA Document Shall describe

1. Overall risks and introduction of the Institution (NRA, Governance products and
Services offered by the Institution, general overview)

2. The Methodology for Inherent risk determination

3. The Methodology for Control Assessment and residual risk calculation

4. Description of Inherent Risk including Quantitative and Qualitative Data

5. Description of Controls and Risk Mitigation

6. Action Plan Defined to Mitigate Risks

28/03/2023 © Financial Transparency Advisors 9

 BRA Stages
Data Collection Monitoring
Gathering information Updating Information
NRA, Internal quantitative Risk Response - Action Plan Annually and based on
data, Qualitative data new developments
Increasing Resources
internal/external
Introducing New Controls
Enhancing Existing
Controls

01 03
05

02 04

Risk Assessment Adopting BRA

Analyzing Data Collected Adoption of RBA and
and assigning Inherent proposed Action Plan by
Risk Senior Management
Assessing Controls and Alignment with Risk
defining Residual Risk Appetite
28/03/2023 10
BRA Data Sources

28/03/2023 © Financial Transparency Advisors 11

 BRA Data Sources

High Level Risks

1. International organization Guidance on risks, typologies, Mutual Evaluations
2. NRA
3. Sectorial Risk Assessments

Individual Risks Related to Each Risk Category

4. Number of Customers, Volume of Transactions per risk category
5. STR
6. Correspondent Requests
7. Court requests
8. FIU Requests

28/03/2023 © Financial Transparency Advisors 12

 BRA Risk Factors - Customers
Total number of Non-resident
clients and types Customers and Clients subject to Quantitative
PEPs (foreign,
(natural, legal Beneficiaries
domestic, BOs)
Targeted Financial Information
persons, trusts and Customers from High Sanctions
legal arrangements) Risk Jurisdictions 1. Number of
Customers
2. Volume of
High Net Worth Trusts, legal Special Purpose Non-Profit Transactions
Individuals (HNWI) arrangements Vehicles (SPVs) Organizations (NPOs) 3. Volume of Assets
4. Internal
Information (STR,
Clients engaged in
high-risk Nominee
Customers with
Holders of bearer Correspondent
businesses (VASPs, shareholders, shares or other
gaming/gambling, directors, persons
complex ownership
bearer negotiable
Requests, FIU
structures
arms industry, Cash acting as nominees instruments requests, Court
Intensive etc.)
Requests)
Clients involved in
management and
administration of
companies

28/03/2023 © Financial Transparency Advisors 13

 BRA Risk Factors – Products and Services

Products Quantitative Data

 Deposits/Current Accounts 1. Number of Customers per
 Wire transfers/, currency product
exchange) 2. Volume of Transactions
 Credit cards 3. Internal Information (STR,
 Prepaid cards Correspondent Requests, FIU
 Trade finance transactions requests, Court Requests)
 4. If quantitative data is not
Omnibus accounts
available – professional
 Correspondent banking or
judgment shall be used to
similar types of correspondent determine the inherent risks
relationship
 Pre-paid Cards
 Checks
 etc

28/03/2023 © Financial Transparency Advisors 14

 BRA Risk Factors – Delivery Channels

Products Quantitative
 Face to Face Onboarding 1. Number of Customers
 Distance onboarding (Digital onboarded based on the type
onboarding, other means of of delivery channel and
onboarding, Referrals, percentage compared to the
intermediaries) total onboarded customers
 Group geographies (head per annum.
2. Number of intermediaries,
office, branches, subsidiaries,
Referals and their geographies
etc.)
3. Volume of Transactions
 Outsourcing arrangements 4. Internal Information (STR,
Correspondent Requests, FIU
requests, Court Requests)
5. If quantitative data is not
available – professional
judgment shall be used to
determine the inherent risks

28/03/2023 © Financial Transparency Advisors 15

 BRA Risk Factors – Geography
Products Quantitative
 Countries under Targeted 1. Number of Customers/BO’s
Financial Sanctions 2. Number and volume of
 FATF blacklisted/grey-listed transactions to/from such
countries Offshore jurisdictions and comparison
jurisdictions with total transactions
 Countries with High 3. Trade finance operations %
Corruption Risks volume and number
 Countries linked to TF risk 4. Correspondent relationships
5. Referrals, agents, etc.
6. Internal Information (STR,
Correspondent Requests, FIU
requests, Court Requests)
7. If quantitative data is not
available – professional
judgment shall be used to
determine the inherent risks
28/03/2023 © Financial Transparency Advisors 16
BRA Design and Risk Response

28/03/2023 © Financial Transparency Advisors 17

 Risk Assessment Inherent and Residual Risks

DATA ON CUSTOMERS Inherent Risk is determined based on

Information to be used for risk the assessment of the quantitative
scoring and determination of the data.
likelihood

Where quantitative data is not

DATA ON TRANSACTIONS VOLUMES
available professional judgment shall
Information to be used for risk be applied.
scoring and determination of the
likelihood
The methodology for inherent risk
INTERNAL DATA FROM STR/FIU ETC assessment can be based on risk
scoring or risk weighting. As well as
Information to be used for risk assessing the likelihood and impact of
scoring and determination of the
each risk scenario.
likelihood

Impact Description for ML/FT Risks can

PROFESSIONAL JUDGMENT
be defined as Reputational damage,
Information to be used for risk
Regulatory fines, and civil/criminal
scoring and determination of the
28/03/2023 likelihood
liability. 18
Risk Assessment Inherent and Residual Risks (cont.)

Assessme
nt of
1. Quantitative Inherent
Data Risk

2. Risk
Scoring/Risk
Weighting/Likel Residua
ihood
Impact
and
l Risk
3. Assignment of
Inherent Risk Control
4. Control Assessment
Assessment

28/03/2023 19
 Risk Assessment - Example

CONTROLS RISK IMPACT

RISK
# /RISK Low Medium High
DESCRIPTION
MITIGATION
 CDD/EDD Process

High
Risk of processing and tools
transactions for a  Screening of
1 person subject to Customers in

RISK LIKELIHOOD
Targeted Financial Sanctions Lists
Sanctions List  Identification and
verification of BO

Medium
 CDD/EDD Process
 Source of Funds
and Source of
Risk of processing
Wealth Information
2 illegal funds for  Transaction Control
HNWI
– requested
additional
documents Low

 CDD Process
Risk of onboarding  Screening for
3 customers subject to Negative Media
ML/TF investigation  Period screening of
customer base Risk Level: Low Medium High

28/03/2023 20
 Control Assessment

Control Level Dashboard  Type of Control

Manual/Automatic
Process Very Low Low Medium High Very High
 Control has been
Money Loundering ML 0 0 0 0 0 implemented for more
Terorist Financing TF 0 0 0 0 0 than 1 year
Sanction Risk SC 0 0 0 0 0  Internal Audit has
tested the control for
design effectiveness
 Control monitored by
2nd line of defense
 Control type
preventive/detective/c
orrective

28/03/2023 21
Examples – Scenario related High Risk Products
Private Banking

Risk Assessment
Examination of the data related to the number of Action Plan
customers, assets, volume of operations
Scoring of Risks based on STR, FIU/court Increase of AML resources
requests/orders and correspondent
Developing automatic tool
requests/rejected transactions/restricted
customers Introducing EDD additional Measures – validity of
documents from independent sources
Based on the analysis the inherent risk is defined
as high Scrutinize high risk transactions (cash; Wire
transfers to and from high-risk jurisdictions)
Mitigating controls – CDD/EDD SoW/SoF
monitoring of Transactions, number of resources
allocated, Control Effectiveness – low
effectiveness due to manual controls and low
number of resources
Residual Risk – high

28/03/2023 © Financial Transparency Advisors 22

Examples – Scenario related High Risk Customers
PEP

Risk Assessment
Examination of the data related to the number of Action Plan
customers, assets, volume of operations – trend
increasing with Foreign PEP’s
Review of PEP customers with the customer base
Scoring of Risks based on STR, FIU/court to identify Close Associates
requests/orders and correspondent
Transaction Monitoring to identify any links – Look
requests/rejected transactions/restricted
Back/retrospective
customers
Enhancement of IT tool – external vendors for PEP
Based on the analysis the inherent risk is defined
lists
as high
Introduction of Periodic Review of the Customer
Mitigating controls – CDD/EDD SoW/SoF
base as a control mechanism
monitoring of Transactions, Screening, number of
resources allocated, Control Effectiveness – Low Restricting PEP onboarding process digitally/non-
Effectiveness due to gaps in IT tools to identify face to face
Close Associates of PEP and absence of periodic Increase resources for periodic review/screening
review of customer base
Residual Risk – High

28/03/2023 © Financial Transparency Advisors 23

 BRA Risk Response

01 02 03 04

Action Plan ImplementationUpdate of Risk Appetite

Update of BRA based on Trigger Annual Update
 Enhancing or Is risk Assessment  New  Updated Quantitative
Introducing New aligned with the defined Products/Channels/Ser Data
Controls risk appetite? vices  NRA
 Enhancing/updating  Significant Regulatory  Review of new
existing internal Changes/Regulatory Products/Channels/Ser
policies and Request vices
procedures  Significant Increase in  Review of significant
 Adding Resources high risk Regulatory Changes
 Enhancing IT tools customers/transaction
s etc

28/03/2023 24
Conclusion

28/03/2023 © Financial Transparency Advisors 25

 Next Session:
06.06.2023

Topic:
Thank you for Instructions and
your time Guidance on
completing the RBO
Today’s Host: Jan Bellenghi

Today’s Presenter: Tamar Goderdzishvili

Financial Transparency Advisors GmbH
Zieglergasse 38/7/1070 Vienna, Austria
Phone: +43 1 890 8717 11
www.ft-advisors.com
http://www.ft-advisors.com