Published 23 June, 2017
AUSTRAC has identified a number of short-falls in its recent review of reporting entities and their compliance with AML/CTF obligations.
The key areas for improvement that were identified by AUSTRAC were:
- ML/TF risk assessments.
- Application of the risk-based approach to AML/CTF compliance.
- Outsourcing and automation of activities.
- Governance issues.
We will look at these areas for improvement in further detail over a four part series.
The first area that AUSTRAC identified some deficiencies was in respect of reporting entities undertaking money laundering/terrorism financing (ML/TF) risk assessments. Reporting entities are required to undertake regular ML/TF risk assessments to assess any changes to the risk faced by the entity. In particular, a new risk assessment should be undertaken before the reporting entity introduces any new products, services or delivery channels.
The ML/TF risk assessment process involves the following steps:
- risk identification;
- assessment and measurement of the size and importance of the risk (likelihood and impact);
- treatment (how it will be managed and minimized); and
- monitoring and review.
It is important that as part of undertaking a ML/TF risk assessment the reporting entity is able to identify how their products and/or services could be misused by criminals to launder money or fund terrorism and how likely this is.
The key issues that AUSTRAC identified were:
- The use of generic risk assessments that were not tailored to the specific business of the reporting entity. These generic risk assessments failed to identify the specific risks faced by the reporting entity.
- Failure to continually assess the ML/TF risk profile of the business as it changes over time.
- Focusing almost exclusively on money laundering risks when undertaking risk assessments and failing to consider risks associated with terrorism financing.
If you are a reporting entity it is important to get your ML/TF risk assessment processes correct to ensure that they are meaningful and allow you to sufficiently limit the risks your business faces.