Anti-Money Laundering & Counter-Terrorism Financing
What should a robust enterprise-wide risk assessment (“EwRA”) framework include?
In constructing a robust EwRA framework, an EAM should consider incorporating the following elements:
a) Strong BSM oversight of the EwRA, including formal processes for BSM to deliberate over and approve the EwRA. In particular, BSM needs to be assured that the scale and scope of the EwRA are commensurate with the nature and complexity of the EAM’s business. Such deliberations and approvals should be properly documented;
b) ML/TF risks highlighted in Singapore’s National ML/TF Risk Assessment Report and feedback from the relevant authorities;
c) Robust qualitative and quantitative analysis of the EAM’s ML/TF risks that exist across all its business lines. Some examples of quantitative factors include the volume and size of transactions and qualitative factors, whether there is adverse news and whether the jurisdictions where the EAM operates or its customers are based in, are assessed to pose higher corruption and tax risks (for instance);
d) Regular reviews to ensure the EwRA remains relevant. The EAM should have a formal process for conducting a post-implementation review of its EwRA and providing a feedback loop to its BSM. Regular reviews would ensure that the EAM keeps its EwRA up-to-date.
EAMs should note that the EwRA is the foundation of an EAM’s overall risk-based approach. A properly conducted EwRA enables an EAM to clearly understand its overall vulnerability to ML/TF risks and to develop relevant AML/CFT controls and procedures, as well as allocate AML/CFT resources appropriately.