Anti-Money Laundering (AML) risk assessment helps organizations evaluate how likely clients are to commit financial crimes such as money laundering and terrorist financing. Money laundering risk assessment is essential for regulatory compliance and fraud prevention, making it a vital part of the onboarding process.
This article will provide an overview of what organizations such as financial institutions, fintech providers, and eCommerce retailers need to know about AML risk assessment and how to perform it. First, we’ll define what AML risk assessment is and who is required to do it. Then we’ll look at how it fits into the customer onboarding process and how AML risk management works. Finally, we’ll walk you through six steps for performing an AML risk assessment and explain how automation can help you optimize the process for better security and speedier customer service.
What Is an AML Risk Assessment?
AML risk assessment is a set of policies and procedures used by organizations such as financial providers to measure the threat of clients engaging in financial crimes such as money laundering and terrorist financing. Money laundering risk assessment involves scoring clients and transactions based on risk factors and cross-referencing client information against law enforcement databases.
Who Is Required to Perform AML Risk Assessment?
AML risk assessment serves to deter money laundering by entities such as organized crime groups, narcotics traffickers, and terrorists. It also protects legitimate businesses and their customers from being preyed upon by criminals and terrorists. Under the 1970 Bank Secrecy Act (BSA) and subsequent legislation such as the Patriot Act, AML BSA compliance is mandatory for providers in the financial industry such as:
- Credit unions
- Securities and futures brokers
- Wealth management consultants
- Fintech providers
Bank risk assessment is the most common type of AML risk assessment. For companies in specific industries that handle high volumes of cash, such as casino gambling, tighter regulations may apply than those required of general businesses. Even for companies not strictly required by law to do an AML risk assessment, following AML risk management best practices may be prudent to safeguard against losses from fraud and liability.
AML Risk Assessment during Customer Onboarding
AML risk assessment includes steps performed during and after the customer onboarding process to ensure compliance and due diligence. During onboarding, AML includes Know Your Customer (KYC) procedures, which take steps to confirm customer identity. These steps include:
- Verifying the validity of identification presented by new customers, including documents, photos, and biometric identification methods such as facial recognition and fingerprints
- Authenticating that customers presenting identification are who they claim to be
- Evaluating the risk associated with customers whose identity has been confirmed
- Filling out and filing reports required for AML compliance
Following these procedures helps financial providers and other institutions quantify the risk associated with new customers and flag high-risk applicants for additional scrutiny.
How Do AML Risk Assessments Work?
To measure risk, financial providers use Key Risk Indicators (KRIs). KRIs are a management metric used to quantify the likelihood of adverse events. In this case, KRIs estimate the likelihood of financial crime. This is done by defining risk categories, assigning a numerical value to each (typically corresponding to a scale of 1 to 3 or 1 to 5), and using the resulting scale to score individual customer accounts.
What are the Risk Factors in an AML Risk Assessment?
KRIs commonly used for AML risk assessment include:
- Size of the client (such as small vs. medium vs. enterprise B2B clients) and type of industry (such as gambling)
- Types of customers (for example, is the customer a representative of a foreign country, known as a Politically Exposed Person?)
- Type of product or service (credit card vs. loan)
- Customer location (are they located in a country where government agencies have flagged a high risk for money laundering?)
- Origin of customers’ funds
- How customers find your company (word-of-mouth referrals vs. search engines vs. social media)
- How you communicate with new customers (in person vs. web portal vs. texting)
- How your company conducts transactions (checks vs. wire transfers vs. cash)
Which risk factors apply to you will vary with your business model. Once you have a list of factors, you’ll need a scale to score them. A typical scoring system using a 1 to 5 scale would look something like this:
- Very low risk
- Low risk
- Average risk
- High risk
- Very high risk
As with your list of risk factors, you can customize your scoring system to meet the needs of your business model. You can then build risk assessment scoring into your standard operating procedures for onboarding new customers and monitoring ongoing transactions.
What Are the Steps to Perform an AML Risk Assessment?
The process of implementing AML risk assessment into your standard operating procedures can be broken down into six steps:
- Document your risk assessment procedures
- Organize and equip your AML team
- Identify risks
- Classify risk levels
- Review risk factors
- Conduct periodic audits
Let’s review what each step involves.
1. Document Your Risk Assessment Procedures
The first step is to document your risk assessment procedures. This includes identifying which KRI risk factors you will measure, creating a scale to measure them, and planning how risk assessment will fit into your organizational chart and workflow. Documenting this will include laying out any automated workflows and manual procedures team members need to follow when your automation detects high-risk customers or transactions.
2. Organize and Equip Your AML Team
Once you’ve established your procedures, you’ll need to prepare your team to implement them. This involves defining your AML organizational chart, establishing workflow responsibilities, and training your staff in risk assessment procedures. Typically, your chief compliance officer or the equivalent would be tasked with overseeing this step.
For best results, your compliance team should work with your IT team to select and implement appropriate technology for automating compliance. This will save your team labor and time and speed up the service you deliver to customers. With today’s technology, a suitable solution should include artificial intelligence machine learning to analyze customers and transactions for suspicious patterns. A good AML platform also should consist of tools for automating KYC procedures, such as doing OCR scans of ID documents and performing biometric verification of client identities.
3. Identify Risks
This step involves taking risks defined by your KRIs and dividing them into categories based on what threat remains after steps have been taken to mitigate a particular type of risk. You can then determine whether additional procedures would further minimize a specific risk category.
For example, have you reduced risk to a tolerable level after you’ve cross-referenced a new international banking client against sanctions lists and verified their identification document? Or will you need to follow up with some manual verification procedure to minimize this risk category further?
This step helps you identify which risks represent the highest potential threats to your organization. You can divide risks into those you have a strong ability to mitigate, those you have only adequate control over, and those that would be difficult to minimize without additional steps. Strategic use of automation can help you address your most significant risk categories and minimize threat frequency.
4. Classify Risk Levels
In this step, you assign a numerical weight to the risks you’ve identified. This helps you quantify your current risk level and measures the effectiveness of steps you take to reduce risk. For example, a risk that might have been classified as a level 5 could be brought down to a level 1 with an effective software tool.
5. Review Risk Factors
At this point, you can use your risk level scale to review your initial list of KRIs and develop specific procedures for reducing risk in each area. For example, for your B2B customers, is there a certain company size threshold that warrants different procedures?
6. Conduct Periodic Audits
Money laundering techniques constantly adapt to new technology, and your procedures also need continuous improvement to remain effective. Periodic audits of your processes and technology can help you identify where what you’re doing is working, where you’re falling short, and where you need to close the gap.
Strengthen Your AML Risk Assessment Processes with Incode Omni
Implementing the steps in the AML risk assessment process can require significant time and labor, and manually performing a manual risk assessment makes it easy to overlook suspicious patterns that can only be detected with artificial intelligence. Fortunately, the Incode Omni platform is designed to help you automate your AML risk management procedures to save your staff time and keep new customers from waiting for you to perform security checks. Incode Omni harnesses the power of artificial intelligence and technologies such as OCR scanning and biometric authentication to quickly verify customer identity and assess risk, providing your customers with a frictionless onboarding experience. Request a demo to see how Incode’s AML solutions can help your organization meet your AML compliance needs while delivering superior customer service.