The risk-based approach (RBA) is central to the effective implementation of the Know Your Customer (KYC) and Anti-Money Laundering (AML) framework. This modern risk control technique departs from the previous rule-based approach and is advocated by the Financial Action Task Force (FATF).
A brief history of RBA
In the mid-1990s, the KYC and AML laws were still novel and prescriptive. The prescriptive approach was that the regulations initially centred on the risks and controls of retail banking and did not fit other business structures, such as corporate, institutional, or investment banking and wealth management.
This resulted in companies attempting to customise and adjust AML controls to suit their market models, trying to accommodate the regulatory paradigm but potentially ignoring the real risks they were exposed to. The enforcement efforts have also failed to meet regulatory requirements.
As a result, RBA came into existence.
The components of RBA
There are two distinct pillars of RBA risk assessment:
- Each country must consider its susceptibility to money laundering on a country-by-country basis. This is being implemented by way of national risk evaluations.
- Each financial institution (FI) must complete its internal risk evaluation against the backdrop of national risk, tailoring its money laundering/financing risk management systems.
EU's Anti-Money Laundering Directives
The European Union (EU) has adopted several directives incorporating FATF's AML/KYC recommendations, including an RBA framework. The most recent directive added in 2020 is called the 6th Anti-Money Laundering Directive (6AMLD). These directives have then been transposed into national legislation by the Member States and now govern financial institutions operating in their jurisdiction in the form of regulations.
The EU system of AML is decentralised – within each EU member states lies a Financial Intelligence Unit (FIU). The FIUs are small units responsible for collecting Suspicious Transaction Reports (STRs) and prosecuting suspected money laundering cases.
Also, the EU's framework emphasises the role played by mandated agencies to determine the extent of risk of money laundering that transactions present. Unique forms of Customer Due Diligence (CDD) are implemented by experts, depending on the degree of risk. They are expected to file an STR with their national FIU to decide that the transaction is suspicious. The role played by professionals is, therefore, paramount to the efficiency of the AML mechanism.