Country AML Risk Assessments are the foundation for the risk based approach. Whilst many countries have improved in their latest published reported, improvements are still needed. Many countries use the WB model which is a great start, but the model and the outputs from it can be further improved. See below:
Country National AML Risk Assessments – 11 Improvements (Based on the WB Model)
1. World Bank ML Risk Assessment Model – The model is a very useful tool for countries to assess ML threats and vulnerabilities, but it can still be improved, as well as used more effectively. For more details see call outs on this slide.
2. Predicate Offence Crimes & ML – Better research into Proceeds and Prevalence is required as well as how these are laundered in order to validate high threat crimes. Harms to victims should also be included as a factor for consideration.
3. Predicate Offences (PO) & ML: Country Risk Assessments should more clearly list and summarise both the Main (High Threat) PO & the Main (High Threat) POs for ML, including what POs for ML looks like and in particular how they target particular sectors and their vulnerabilities, and what can be done to mitigate these vulnerabilities.
4. National Priorities – Not all Predicate Crimes should be treated equally and identified High risk PO for ML crimes, should be included in a limited set of National AML Priorities communicated to LEA, FIU and Regulated Sectors to direct resources including for increased detection and reporting e.g. SAR filing.
5. Country of ML Origin: Countries should assess their ML risk based on proceeds and or ML from domestic sources or from foreign sources. If foreign also whether country connection is limited to BO of companies/trusts etc, or whether funds are involved and it’s a destination or a transit funds country.
6. Relative Rating of Predicate Offence Crimes & ML – Countries publish H/MH/M/LM/L ratings for their PO Crimes and ML related crimes, and for Sectors (& sub sectors) but the rating represents a distribution based on the difference in the threat in a particular country, and not based on comparative assessments, as such all countries will have high ratings but these high ratings may not represent the same level of threat.
7. Sector/Sub Sector Categories – These Categories should not be limited to the regulated sector. For example for the PO of fraud including online scams (cybercrime), sectors that are vulnerable to the successful use by scammers, and therefore facilitate the crime, (but may not be involved in the ML itself) should be considered for inclusion, e.g, telco & technology sectors, incl search, social media, messaging, mail, e commerce etc)
8. Supervisory Action Plans – Based on the results of the Sector vulnerability assessment and bearing in mind the sector threat and residual risk results, sectors with high vulnerability or risk ratings should be targeted in supervisory plans to reduce the vulnerability and or risk ratings to acceptable levels, e.g. within risk appetite. Regulated sectors out of risk appetite could be a measure of a lack of supervisory effectiveness.
9. Sector/Sub Sector Categories – A broad set of Sectors and sector sub categories would be useful to differentiate where both the ML threat and the vulnerabilities exist. Within FIs and in particular within Banking, major Lines of Business should be more consistently used and defined, with countries using different product offerings to define types of banks.
10. National Combatting Authority Categories – A better alternative would be to use the FATF IO 2-9 ML Ratings assessed independently, and or as updated annually or bi annually by the Country as a self assessment and published.
11. Frequency: ML RA’s should be updated and refreshed regularly, e.g. every 3 years. Whilst the regulated sector is expected to update & refresh their ML RAs annually, country ML RAs need not be so frequent as constant change will disrupt others that rely upon these results.
Credit: thefinancialcrimenews.com
