structures; and internal procedures. Any such measures take into account their effect on the soundness and stability of ongoing business. 8. The supervisor has a clear framework or process for handling banks in times of stress, such that any decisions to require or undertake recovery or resolution actions are made in a timely manner. 9. Where the supervisor becomes aware of bank-like activities being performed fully or partially outside the regulatory perimeter, the supervisor takes appropriate steps to call the matter to the attention of the responsible authority. Where the supervisor becomes aware that a bank is restructuring its activities to avoid the regulatory perimeter, the supervisor takes appropriate steps to address this situation.
RISK-BASED APPROACH TO SUPERVISION A risk-based approach to AML/CFT supervision refers to (a) the process by which a supervisor, according to its understanding of ML/TF risks in the jurisdiction and of the supervised institutions, allocates its resources to AML/CFT supervision; and (b) the specific process of supervising institutions (that is, the frequency and intensity of off-site and on-site AML/CFT supervision). The Joint Committee of the European Supervisory Authorities—a forum with the objective of strengthening cooperation between the European Banking Authority, the European Insurance and Occupational Pensions Authority, and the European Securities and Markets Authority—characterizes risk-based supervision as an ongoing, cyclical process that includes four steps (Joint Committee of the European Supervisory Authorities 2016, 3): 1.
The identification of ML/TF risk factors, whereby competent authorities obtain information on both domestic and foreign ML/TF threats affecting the relevant markets;
2. The assessment of risk, whereby competent authorities use this information to obtain a holistic view of the ML/TF risk associated with each credit or financial institution (“firm”) or group of firms, including the inherent risk to which the firm or group of firms is exposed and the risk-mitigating measures that a firm or group of firm has in place; 3. The allocation of AML/CFT supervisory resources based on this risk assessment, which includes decisions about the focus, depth, duration, and frequency of on-site and off-site activities and supervisory staffing needs, including technical expertise; and 4. The monitoring and review of the risk assessment and associated allocation of supervisory resources to ensure that they remain up to date and relevant. Adopting a risk-based approach to AML/CFT supervision allows the supervisory authority to allocate its resources based on the risks assessed in the jurisdiction, in a sector, or in an institution. As a result, the supervisory authority can use its resources effectively and efficiently. To do so, the supervisor should have a clear understanding of the following (FATF 2021b, 75–76): ●● The ML/TF risks and the policies, internal controls, and procedures associated with the institution or group, as identified by the supervisor’s assessment of the institution or group’s risk profile; 48
PREVENTING MONEY LAUNDERING AND TERRORIST FINANCING
