Fintelekt-ABA Webinar on Driving More Effective Enterprise-Wide ML/TF Risk Assessments
Fintelekt Advisory Services and the Asian Bankers Association presented a webinar on Driving More Effective Enterprise-Wide Money Laundering (ML)/ Terrorist Financing (TF) Risk Assessments on August 3, 2023. More than 1200 participants from 50 countries were registered.
Shirish Pathak, Managing Director, Fintelekt Advisory Services, hosted the webinar with speakers Ekta Singh, Regional Head of Compliance, ShuttleOne and Anthony Quinn, Founder, Arctic Intelligence. Ekta presented first and started by defining enterprise-wide risk assessment (EWRA) as a process of identifying, analysing and evaluating all the risks that an organisation faces, whether financial, operational or strategic. It provides a holistic view of risks, following which an effective risk management strategy can be implemented.
An enterprise wide AML/CFT risk assessment is crucial to the long-term success of the AML programme of any organisation.
Ekta Singh, Regional Head of Compliance, ShuttleOne
The EWRA exercise has its benefits, but it also has certain limitations. It places a lot of reliance on estimates and cannot predict unpredictable events. Further, there could be a tendency to underestimate the risk magnitude or occurrence, which may lead to overconfident operations.
Compared with traditional risk management which focuses on specific functions within the organisation, an enterprise-wide risk assessment provides a holistic view of all risks across the organisation and is therefore more proactive. Conducting an EWRA helps the organisation to identity and prioritise the risks across all areas of business, allocate resources better and improve overall resilience and agility.
The organisation can take advantage of ISO 31000, which is an international standard developed by the International Organization for Standardization (ISO) that provides guidelines and principles for implementing effective risk management across all levels of an organization. The standard is applicable to all types of organizations, regardless of size, industry, or location. It is also applicable to all types of risks, including strategic, operational, financial, and compliance risks.
Anthony discussed the Financial Action Task Force (FATF) guidance that requires each member country to conduct a national ML/TF risk assessment on a country level on an ongoing basis. Once the risks are properly understood, countries will be able to implement AML/CTF measures using a risk-based approach to mitigate the risks.
Based on the experience of Arctic across countries and across financial and non-financial sector companies, Anthony elaborated on the top ten challenges that organisations typically face while conducting their EWRA and some key considerations for organisations:
- Defining the ML/TF risk appetite and risk tolerance, and ensuring a common understanding of the risk appetite across the organisation
- Deciding what ML/TF risk assessment methodology to use. There is no one size fits all approach, and each organisation should consider the methodology that works best for them.
- Assessing the nature, size and complexity of the organisation and making the risk assessment appropriate and proportionate to their organisation.
- Adopting a subjective (question driven), objective (data driven) or hybrid approach to assessing risk. A hybrid approach may avoid limitations of both, the subjective and objective approaches.
- Deciding what risk groups, risk categories, risk factors and risk indicators to use in the EWRA model. Organisations can go much deeper in the risk assessment and can include environmental risks, customer location risk, customer business risks, etc.
- Deciding whether to introduce proportionality/weighting (or not) to the ML/TF risk assessment: Should the risk methodology treat all risks equally or is there a need to proportionally weight risks (and/or controls) in the risk model and/or across different assessment units across the enterprise?
- Deciding how to assess the design and operational effectiveness of controls
- Assessing how all ML/TF risks link together across the enterprise: Many larger organisations have multiple assessment units, multiple risk domains, with hundreds of risk indicators, rolling up to risk factors, risk categories and risk groups – which can make reporting very complicated.
- Deciding what “system” to use – is the business still using spreadsheets to conduct ML/TF risk assessments?
- Deciding when and how to maintain the ML/TF risk assessment and keep it current, even as change is continuous in the internal as well as external environment.
Most regulators expect an enterprise-wide risk assessment to be logical, comprehensive, explainable and defendable.
Anthony Quinn, Founder, Arctic Intelligence
Fintelekt has recently partnered with Arctic Intelligence. Together with Arctic’s enterprise-wide risk assessment expertise, the new partnership will promote risk assessment solutions in the Asia-Pacific region. If you would like to get a free demo of Arctic’s risk assessment tool, please write to us at contact(at)fintelekt.com.
A recording of the webinar on Driving More Effective Enterprise-Wide ML/TF Risk Assessments is available on: