Guidance On Money Laundering (ML) And Terrorist Financing (TF) Risk Assessment By Non-Banking Financial Companies (NBFCS)
LEGAL REQUIREMENTS ML/TF RISK ASSESSMENT:
Reserve Bank of India has issued Notification w.r.t. Internal ML/TF Risk Assessment by Regulated Entities – Amendment to Master Direction (MD) on KYC, where Regulated Entities (REs) are required to carry out ‘Money Laundering (ML) and Terrorist Financing (TF) Risk Assessment’ exercise periodically to identify, assess and take effective measures to mitigate its money laundering and terrorist financing risk for clients, countries or geographic areas, products, services, transactions or delivery channels, etc.
While assessing the ML/TF risk the REs are required to take cognizance of the overall sector-specific vulnerabilities, if any, that the regulator/supervisor may share with REs from time to time. Further, the internal risk assessment carried out by the RE should be commensurate to its size, geographical presence, complexity of activities/structure, etc.
Also, the REs shall apply a Risk Based Approach (RBA) for mitigation and management of the identified risk and should have Board approved policies, controls and procedures in this regard. This requirement shall be applicable with immediate effect and the first assessment has to be carried out by June 30, 2020.
ORIGIN OF THE CONCEPT
The concept of ML and TF risk assessment arises from the recommendations of Financial Action Task Force (FATF). FATF has also provided detailed guidance on TF Risk Assessment. Due to the inter-linkage between ML and TF, the guidelines also serve the purpose of guiding ML risk assessment. TF risk is defined as-
“A TF risk can be seen as a function of three factors: threat, vulnerability and consequence. It involves the risk that funds or other assets intended for a terrorist or terrorist organization are being raised, moved, stored or used in or through a jurisdiction, in the form of legitimate or illegitimate funds or other assets.”
GLOBAL PRACTICES FOR ML/TF RISK ASSESSMENT
Based on FATF recommendations, many jurisdictions have prepared and published risk assessment procedures. India is yet to come up with the same.
For example, the National risk assessment of money laundering and terrorist financing is the guidance published by the UK government. It provides sector specific guidance for risk assessment. The sector specific guidance is further granulated keeping in view the specific threats to certain parts of the sector.
The guidance provided by the Republic of Serbia is a generalized one providing broad guidance to all sectors for risk assessment.
In Germany, financial institutions are classified on the basis of potential risk of ML/TF identified by them (considering the factors such as location, scope of business, product structure, customers’ profile and distribution structure) and the intensity of supervision by regulator is based on such risk categorization.
STEP WISE PROCESS OF RISK BASED APPROACH IN VIEW OF THE FATF GUIDANCE
A risk-based approach is a process that allows you to identify potential risks of money laundering and terrorist financing and develop strategies to mitigate them.
The approach to the management of risk and risk mitigation requires the leadership and engagement of senior management towards the detection and deterrence of money laundering and terrorist financing. Senior management is ultimately responsible for making management decisions related to policies, procedures and processes that mitigate and control the risks of money laundering and terrorist financing within a business.
|1.||Risk Assessment||A risk assessment is an analysis of potential threats and vulnerabilities to money laundering and terrorist financing to which your business is exposed.
Based on the assessment, ML/TF risks should be classified as low, medium and high impact risks.
While assessing the risks, following factors should be considered:
The risk assessment should be approved by senior management.
|2.||Analysis of ML/TF threats and vulnerabilities||In the context of money laundering/terrorist financing (ML/TF), risk means:
Threats: this could be a person (or group), object that could cause harm. In the ML/TF context, a threat could be criminals, facilitators, their funds or even terrorist groups.
Vulnerabilities: elements of a business that could be exploited by the identified threat. In the ML/TF context, vulnerabilities could be weak controls within a reporting entity, offering high risk products or services, etc.
|3.||Risk Mitigation||To develop and implement policies and procedures to mitigate the ML/TF risks they have identified through their individual risk assessment:
|5.||Risk Categorization||The risk classification of the customer should also be done based on the CDD carried out.
In case of medium or high-risk customers, or unusual transactions, the entities should also carry out transaction due diligence to identify source and application of funds, beneficiary of the transaction, purpose etc.
NBFCs should document and state clearly the criteria and parameters used for customer segmentation and for the allocation of a risk level for each of the clusters of customers.
|6.||Monitoring of Transactions||
|7.||Reporting||The NBFCs have the ability to flag unusual movement of funds or transactions for further analysis.
Funds or transactions that are suspicious should be reported promptly to the Financial Intelligence Unit (FIU) and in the manner specified by the authorities.
|8.||Internal Control||Adequate internal controls are a prerequisite for the effective implementation of policies and processes to mitigate ML/TF risk.
Internal controls include appropriate governance arrangements where responsibility for AML/CFT is clearly allocated and there are controls to test the overall effectiveness of the NBFC’s policies and processes to identify, assess and monitor risk.
|9.||Governance||The successful implementation and effective operation of a RBA to AML/CFT depends on strong senior management leadership and oversight of the development and implementation of the RBA across the functions.
Senior management should consider various ways to support AML/CFT initiatives:
Steps taken by Senior Management to promote compliance:
|10.||Training and Awareness||The effective application of AML/CFT policies and procedures depends on staff within NBFCs understanding not only the processes they are required to follow but also the risks these processes are designed to mitigate, as well as the possible consequences of those risks.
It is therefore important that NBFCs staff receive AML/CFT training, which should be:
Overall, the training should also seek to build up a working behavior where compliance is embedded in the activities and decisions of all NBFCs’ staff.
|11.||Assessment of Controls||NBFCs should take steps to be satisfied that their AML/CFT policies and controls are adhered to and effective.
INTERNAL CONTROLS TO ENCOURAGE COMPLIANCE:
1) Facilitate the reporting of suspicious transactions:
2) Allow staff to report areas of policy or controls they find unclear/unhelpful/ineffective:
LIFE CYCLE IN THE RISK BASED APPROACH: