Ministry Higher Education of Russian Federation

Southern Federal University

Faculty of Economics
Department of Finance and Credit

Financial and banking compliance: Risk-based approach

and FATF

By : Ghazi Patang
Ms Student of Global Business and Forensic Accounting
Group: 1.5
 INTRODUCTION
 The risk-based approach (RBA) is central to the effective implementation of the revised FATF
International Standards on Combating Money Laundering and the Financing of Terrorism and
Proliferation, which were adopted in 2012.
 The FATF has reviewed its 2007 RBA guidance for the financial sector, in order to bring it in line with
the new FATF requirements and to reflect the experience gained by public authorities and the private
sector over the years in applying the RBA.
 This revised version focuses on the banking sector, and a separate guidance will be developed for the
securities sector. The FATF will also review its other RBA guidance papers, all based on the 2003
Recommendations.
 The RBA guidance for the banking sector was drafted by a group of FATF members, co-led by the UK
and Mexico. Representatives of the private sector were associated to the work and consulted on the draft
revised document.
 The FATF adopted this updated RBA Guidance for the banking sector at its October 2014 Plenary.
PURPOSE OF THIS GUIDANCE
 Outline the principles involved in applying a risk-based approach to AML/CFT;
 Assist countries, competent authorities and banks in the design and implementation of
a risk-based approach to AML/CFT by providing general guidelines and examples of
current practice;
 Support the effective implementation and supervision of national AML/CFT measures,
by focusing on risks and on mitigation measures; and
 Above all, support the development of a common understanding of what the risk-
based approach to AML/CFT entails.
WHAT IS THE RBA?

 A RBA to AML/CFT means that countries, competent authorities and financial

institutions8, are expected to identify, assess and understand the ML/TF risks to
which they are exposed and take AML/CFT measures commensurate to those
risks in order to mitigate them effectively.
 When assessing ML/TF risk, countries, competent authorities, and financial
institutions should analyze and seek to understand how the ML/TF risks they
identify affect them; the risk assessment therefore provides the basis for the risk-
sensitive application of AML/CFT measures.
THE RATIONALE FOR A NEW
APPROACH
 In 2012, the FATF updated its Recommendations to strengthen global safeguards and to
further protect the integrity of the financial system by providing governments with stronger
tools to take action against financial crime.
 One of the most important changes was the increased emphasis on the RBA to AML/CFT,
especially in relation to preventive measures and supervision. Whereas the 2003
Recommendations provided for the application of a RBA in some areas, the 2012
Recommendations consider the RBA to be an ‘essential foundation’ of a country’s
AML/CFT framework.12 This is an over-arching requirement applicable to all relevant
FATF Recommendations.
 According to the Introduction to the 40 Recommendations, the RBA ‘allows countries,
within the framework of the FATF requirements, to adopt a more flexible set of measures in
order to target their resources more effectively and apply preventive measures that are
commensurate to the nature of risks, in order to focus their efforts in the most effective
way’.
APPLICATION OF THE RISK-BASED
APPROACH
 Recommendation 1 sets out the scope of the application of the RBA. It applies in relation to:
 Who and what should be subject to a country’s AML/CFT regime: in addition to the sectors and
activities already included in the scope of the FATF Recommendations14, countries should
extend their regime to additional institutions, sectors or activities if they pose a higher risk of
ML/TF.
 How those subject to the AML/CFT regime should be supervised for compliance with this
regime: AML/CFT supervisors should consider a bank’s own risk assessment and mitigation,
and acknowledge the degree of discretion allowed under the national RBA, while INR 26
further requires supervisors to themselves adopt a RBA to AML/CFT supervision;
 How those subject to the AML/CFT regime should comply: where the ML/TF risk associated
with a situation is higher, competent authorities and banks have to take enhanced measures to
mitigate the higher risk.
Implementing a RBA can present a
number of challenges:
 ALLOCATING RESPONSIBILITY UNDER A RBA :
 An effective risk-based regime builds on, and reflects, a country’s legal and regulatory
approach, the nature, diversity and maturity of its financial sector, and its risk profile.
Banks’ identification and assessment of their own ML/TF risk should consider national
risk assessments in line with Recommendation 1, and take account of the national legal
and regulatory framework, including any areas of prescribed significant risk and any
mitigation measures defined at legal or regulatory level.
 Banks may be granted flexibility in deciding on the most effective way to address other
risks, including those identified in the national risk assessment or by the banks themselves.
 Institutions should not be exempted from AML/CFT supervision even where their capacity
and compliance is good. However, the RBA may allow competent authorities to focus
more supervisory resource on higher risk institutions.
Risk-based approach (RBA)
 FATF Recommendations require countries to understand risks and apply
a RBA, including simplified measures where the risks are lower
 Financial inclusion measures can be used in low-risk situations (or as
part of a strategy to reduce the risks)
 However, there needs to be balance-risks must be understood by
countries and institutions:
 Risk can be increased by disproportionate measures to encourage
inclusion.
 Newly banked people cannot be classified as lower risks solely on
the basis that they are low-income clients.
THE RISK-BASED APPROACH TO
SUPERVISION
 Recommendation 26 requires countries to subject banks to adequate AML/CFT
regulation and supervision. INR 26 requires supervisors to allocate supervisory
resources to areas of higher ML/TF risk, on the basis that supervisors understand
the ML/TF risk in their country and have onsite and off-site access to all
information relevant to determining a bank’s risk profile.
SUPERVISION OF THE RISK-BASED
APPROACH
 GENERAL APPROACH :
 It is important that supervisors discharge their functions in a way that is conducive to banks' adoption of
a risk-based approach. This means that supervisors have to take steps to check that their staff are
equipped to assess whether a bank’s policies, procedures and controls are appropriate in view of the
risks identified through the risk assessment, and its risk appetite.
 To support supervisors’ understanding of the overall strength of measures in the banking sector, carrying
out comparisons between banks’ AML/CFT programmes could be considered as a means to inform their
judgment of the quality of an individual bank’s controls.
 Supervisors should understand the ML/TF risks faced by the sector and by the banks. They should, in
particular, have a thorough understanding of higher and lower risk lines of business, leading to a sound
judgment about the proportionality and adequacy of AML/CFT controls. Supervisors should engage in a
dialogue with individual banks about their views on AML/CFT controls set up by that institution.
 The general principles outlined above in relation to domestic banks and domestic banking groups also
apply to international banking groups.
GUIDANCE FOR BANKS
 The RBA to AML/CFT aims to support the development of prevention and mitigation
measures that are commensurate to the ML/TF risks identified. In the case of banks, this
applies to the way banks allocate their compliance resources, organize their internal
controls and internal structures, and implement policies and procedures to deter and
detect ML/TF, including, where relevant, at group level.
 Banking encompasses a wide range of financial products and services, which are
associated with different ML/TF risks.
 Banks should be mindful of those differences when assessing and mitigating the ML/TF
risk to which they are exposed.
 RISK ASSESSMENT
 The risk assessment forms the basis of a bank’s RBA. It should enable the bank to understand how, and
to what extent, it is vulnerable to ML/TF.
 A bank’s risk assessment need not be complex, but should be commensurate with the nature and size of
the bank’s business.
 In identifying and assessing the ML/TF risk to which they are exposed, banks should consider a range of
factors which may include:
The nature, scale, diversity and complexity of their business; Their target markets; The number of customers
already identified as high risk, The jurisdictions the bank is exposed to, either through its own activities or
the activities of customers, especially jurisdictions with relatively higher levels of corruption or organized
crime, and/or deficient AML/CFT controls and listed by FATF; The distribution channels, including the
extent to which the bank deals directly with the customer or the extent to which it relies third parties to
conduct CDD and the use of technology; The internal audit and regulatory findings; The volume and size of
its transactions, considering the usual activity of the bank and the profile of its customers.
 RISK MITIGATION : IDENTIFICATION, VERIFICATION AND THE PURPOSE AND
INTENDED NATURE OF THE BUSINESS RELATIONSHIP

 Banks should develop and implement policies and procedures to mitigate the ML/TF risks they have
identified through their individual risk assessment.
 Based on a holistic view of the information obtained in the context of their application of CDD measures,
banks should be able to prepare a customer risk profile.
 banks should take measures to comply with national and international sanctions legislation by screening
the customer’s and beneficial owner’s names against the UN and other relevant sanctions lists.
 As a general rule, CDD measures have to apply in all cases. The extent of these measures may be
adjusted, to the extent permitted or required by regulatory requirements, in line with the ML/TF risk, if
any, associated with the individual business relationship as discussed above under Risk Assessment.
 Enhanced Due Diligence (EDD),
 INTERNAL CONTROLS, GOVERNANCE AND MONITORING
 INTERNAL CONTROLS :
 Adequate internal controls are a prerequisite
for the effective implementation of policies and
processes to mitigate ML/TF risk.
 Internal controls include appropriate
governance arrangements where responsibility
for AML/CFT is clearly allocated, controls to
monitor the integrity of staff, in accordance
with the applicable local legislation, especially
in cross-border situations and the national risk
assessment, compliance and controls to test the
overall effectiveness of the bank’s policies and
processes to identify, assess and monitor risk.
 For larger banking groups, there should be
controls in place for a consistent approach to
AML/CFT controls across the group.
GOVERNANCE:
 The successful implementation and
effective operation of a RBA to AML/CFT ENSURING AND MONITORING
depends on strong senior management
COMPLIANCE :
leadership and oversight of the  A bank’s internal control
development and implementation of the environment should be conducive
RBA across the bank. to assuring the integrity,
 This implies that senior management competence and compliance of
should not only know about the ML/TF staff with relevant policies and
risks to which the bank is exposed but also procedures.
understand how its AML/CFT control  The measures relevant to
framework operates to mitigate those risks. AML/CFT controls should be
 It is important that responsibility for the consistent with the broader set of
consistency and effectiveness of controls in place to address
AML/CFT controls be clearly allocated to business, financial and operating
an individual of sufficient seniority within risks generally.
the bank to signal the importance of
ML/TF risk management and compliance,
and that ML/TF issues are brought to
senior management’s attention.
 UNITED KINGDOM:
The Financial Conduct Authority (FCA) classifies all firms according to the risk they pose to
the FCA’s operational and statutory objectives. It also classifies all firms that are subject to
the UK’s AML legislation according to their money laundering risk. This is because money
laundering risk does not necessarily correlate to the size of a firm. As a result, a firm in a
lower conduct risk category may receive relatively more supervisory attention from an
AML/CFT perspective.

UNITED STATES:
The Federal Banking Agencies (FBAs) supervisory processes assess whether depository
institutions have established the appropriate policies, procedures, and processes based on
their BSA/AML risk to identify and report suspicious activity and that they provide sufficient
detail in reports to law enforcement agencies to make the reports useful for investigating
suspicious transactions that are reported. To ensure consistency in the application of the
BSA/AML requirements, the FBAs follow the examination procedures contained in the
Federal Financial Institutions Examination Council (FFIEC)’s Bank Secrecy Act/Anti-Money
Laundering Examination Manual.
Financial Action Task Force (FATF)
 The Financial Action Task Force (FATF) is the global money laundering and terrorist financing
watchdog. The inter-governmental body sets international standards that aim to prevent these illegal
activities and the harm they cause to society. As a policy-making body, the FATF works to generate the
necessary political will to bring about national legislative and regulatory reforms in these areas.
 With more than 200 countries and jurisdictions committed to implementing them.  The FATF has
developed the FATF Recommendations, or FATF Standards, which ensure a co-ordinated global
response to prevent organized crime, corruption and terrorism. They help authorities go after the money
of criminals dealing in illegal drugs, human trafficking and other crimes.  The FATF also works to stop
funding for weapons of mass destruction.
 The FATF reviews money laundering and terrorist financing techniques and continuously strengthens its
standards to address new risks, such as the regulation of virtual assets, which have spread as
cryptocurrencies gain popularity.  The FATF monitors countries to ensure they implement the FATF
Standards fully and effectively, and holds countries to account that do not comply.
Financial Action Task Force (FATF)

 Inter-governmental policy-making body:

 Members: 34 countries + 2 organisations
 8 FATF-style regional bodies (FSRBs)
 Sets the international standards for anti-money laundering, counter-terrorist
financing (AML/CFT) and combating proliferation financing
 Core activities:
 Standard setting (FATF 40 Recommendations)
 Assessing compliance
 Identify and respond to threats: high risk jurisdictions and typology studies
 Over 190 countries have endorsed the FATF Standards
 FATF Response
 FATF Recommendations support the risk-based approach (RBA).
 Methodology considers financial inclusion through risk &
effectiveness
 FATF has issued Guidance on:
 Financial inclusion (2013)
 New Payment Products & Services (2013)
 RBA Guidance for banking sector (2014)
 FATF statement on risk-based approach: case-by-case, not
wholesale de-risking (October 2014)
What do FATF do
 The Financial Action Task Force (FATF) was established in July 1989 by a Group of Seven (G-7)
Summit in Paris, initially to examine and develop measures to combat money laundering.  Click here
 to see the Economic Declaration from that G-7 Summit.
 In October 2001, the FATF expanded its mandate to incorporate efforts to combat terrorist financing,
in addition to money laundering.  In April 2012, it added efforts to counter the financing of
proliferation of weapons of mass destruction.
 Since its inception, the FATF has operated under a fixed life-span, requiring a specific decision by its
Ministers to continue.  Three decades after its, creation, in April 2019,  FATF Ministers adopted a
new, open-ended mandate for the FATF. 
 The objectives of the FATF are to set standards and promote effective implementation of legal,
regulatory and operational measures for combating money laundering, terrorist financing and other
related threats to the integrity of the international financial system. Starting with its own members,
the FATF monitors countries' progress in implementing the FATF Recommendations; reviews money
laundering and terrorist financing techniques and counter-measures; and, promotes the adoption and
implementation of the FATF Recommendations globally.
FATF Presidency

 The FATF President is a senior official appointed by the FATF Plenary from
among its members (see also FATF Presidencies since 1989). In April 2019, the
revised Mandate extended the terms of the FATF Presidency to a two-year period.
 The term of the President begins on 1 July and ends on 30 June two years after
assuming office. The President convenes and chairs the meetings of the FATF
Plenary and the Steering Group, and he/she oversees the FATF Secretariat. The
President is the principal spokesperson for the FATF and represents the FATF
externally.
 FATF Recommendations
 The Task Force was given the responsibility of examining money laundering techniques and trends,
reviewing the action which had already been taken at a national or international level, and setting out the
measures that still needed to be taken to combat money laundering.  In April 1990, less than one year after its
creation, the FATF issued a report containing a set of Forty Recommendations, which were intended to
provide a comprehensive plan of action needed to fight against money laundering. 
 In 2001, the development of standards in the fight against terrorist financing was added to the mission of the
FATF.  In October 2001 the FATF issued the Eight Special Recommendations to deal with the issue of
terrorist financing. 
 In February 2012, the FATF completed a thorough review of its standards and published the revised FATF
Recommendations. This revision is intended to strengthen global safeguards and further protect the integrity
of the financial system by providing governments with stronger tools to take action against financial crime.
 They have been expanded to deal with new threats such as the financing of proliferation of weapons of mass
destruction, and to be clearer on transparency and tougher on corruption.  The 9 Special Recommendations
on terrorist financing have been fully integrated with the measures against money laundering. This has
resulted in a stronger and clearer set of standards.