●● Introduction of new products or services, new technologies, or delivery processes ●● Establishment of new branches and subsidiaries locally and abroad ●● Unusually high growth or disproportionately large share of profits from a certain branch or subsidiary ●● Mergers and acquisitions of businesses ●● Significant growth in high-risk products or services ●● New typologies on ML/TF ●● Changes in AML/CFT laws, regulations, and guidelines ●● High staff turnover in high-risk business lines and compliance ●● ML/TF investigations or legal and regulatory action affecting the institution.
RISK MITIGATION A well-thought-out ML/TF risk assessment provides the foundation for financial institutions to develop an effective and proportionate AML/CFT framework. This framework includes AML/CFT policies, procedures, and controls to mitigate inherent risks as well as institution-wide vulnerabilities. Compliance measures need to be enhanced for higher-risk scenarios, while less rigorous controls can be applied to lower-risk scenarios. Standard controls should apply in the areas or scenarios that are identified as medium risk. Additional factors that are relevant to the adequacy of the AML/CFT framework include the size and complexity of operations, regulatory requirements, the economic environment (for example, level of informality and use of cash in the economy), and the experience and capacity of staff. The following are some of the building blocks for an effective AML/CFT framework.
Role of the Board and Senior Management An effective risk-based approach to AML/CFT implementation requires a board of directors and senior management that are committed to lead and oversee its development and implementation. The AML/CFT framework should be implemented across the financial institution or group. This commitment requires the following actions: ●● Fostering a culture of compliance as a core value of the financial institution that focuses on intrinsic motivation to control ML/TF risks ●● Implementing robust AML/CFT policies, procedures, and controls adapted to the financial institution’s ML/TF risk profile and regulatory environment ●● Having transparent and effective governance and management information systems that keep the board and senior management informed of ML/TF risks, emerging threats and trends, and compliance issues—such as statistics on unusual and suspicious transactions, regulatory measures, and sanctions—in a timely manner
Appendix A
175
