Setting up your KYC risk assessment framework is an important part of implementing anti-money laundering processes in your business. This guide sets out what you need to know.
AML and KYC Risk Assessments
AML risk assessments are a vital part of staying compliant with money laundering regulations in the UK and prevent your business from being a part of financial crime and money laundering activity. Money laundering risk management occurs at a few different key points:
- At the outset – i.e., when you’re creating your company’s risk framework to determine the level of risk for different types of clients, and
- When onboarding new customers – i.e, each time your company onboards a new customer
- If anything materially changes about your customer which would cause you to reconsider their risk level (eg has their business structure changed? Has there been a very last minute change in their AML requirements??
In this blog we’ll cover what you need to know when considering AML risks as well as the difference between AML and KYC risk assessments in your compliance framework.
What is an anti-money laundering risk assessment?
An anti-money laundering (AML) risk assessment is the process where you review your business holistically in order to determine your risk/exposure to people who may use your business to launder money.
Risk factors might include:
- The countries and geographical areas in which you operate
- Your products or services
- Your company’s transactions
- Your delivery channels (do you mostly do transactions online, with no face-to-face contact?)
Your AML risk assessment requires you to create a framework outlining how the company will deal with different types of customers. Depending on the varying levels of risk they pose, you can implement different KYC & CDD assessments, monitoring or safeguard measures to ensure that everything remains above board.
What is a KYC risk assessment?
Although both terms are often used interchangeably, there is a difference between an AML risk assessment and a KYC risk assessment:
- Your AML risk assessment refers to the entire process of ensuring that you are compliant with AML regulations.
- In comparison, the KYC/CDD risk assessment refers to the individual assessment you make after gathering information (due diligence) about the individual or entity that you’re dealing with in order to know who your customer is.
How to carry out an anti-money laundering risk assessment
Companies can either do their initial AML risk assessment manually by using templates or industry methodologies, or by using AML risk assessment tools and systems.
Each industry supervisory body has released specific templates to help guide companies within their industry as a starting point (for further information, you can read the Law Society’s AML Toolkit or the ICAEW’s methodology to get you started).
However, we recommend that you tailor any AML risk assessment template to the specifics of your business, which you can do on your own or with the help of an AML consultant.
Key features to look for in an outsourced AML partner
Completing your KYC/CDD process can take up a significant amount of in-house time, meaning less time spent on billable activities. Here are some key considerations when choosing to outsource your anti-money laundering process:
- Do they align with your internal processes? The best outsourcing providers align with your own internal processes, which results in a smooth and streamlined experience for both your team and your clients.
- Knowledge of local legislation: International outsourcing providers have global experience of dealing with AML requirements across multiple countries. However, as these requirements change across countries, nothing beats having in-depth understanding of the UK legislation and requirements for CDD.
- Speed of delivery: You don’t want your processes slowed down because of an overwhelmed system or a slow outsourcing provider.
- What’s the end-user experience like? Doing business with a firm that has long, paper-based processes can be really off-putting.
- Transparency: Transparency over the process is key, so that you know your provider is covering all the bases and not cutting any corners – this is especially important come audit time. Opt for a provider where you can see the status of each case, and all the documentation that has been provided.
Compliance challenges of outsourcing AML
An important note that is commonly misunderstood by companies who are searching for an outsourced AML provider is that you cannot outsource the risk itself to a third party provider.
This means that the regulated company is still responsible for making the final call on whether or not to accept a client – a tech solution can’t make the risk assessment for you.
However, outsourced providers still free up a lot of time by doing the heavy administrative lifting and creating a picture for the relevant person in the company to review and approve.
Tips for approaching your AML/CDD audit
Regulators have indicated that they may do thematic audits – for example, they may choose to audit firms doing a particular type of work (eg conveyancing), or based on a particular risk profile.
Much of the auditing process is what might be called ‘desk-based supervision’ – that is, when a firm is selected to be audited, they will request the documents and paperwork to be audited. This can be problematic, but not necessarily because AML checks are not being done at all.
Instead, it’s usually a matter of documentation – a fee-earner or relevant person may carry out a proper AML customer risk assessment but may not have created a sufficient paper trail to enable the auditor to understand the process on their own without someone to help talk through the documents. In short: you need to have an AML risk framework in place to get through an audit successfully.
If your company is approached for audit and you are your company’s MLRO (Money Laundering Reporting Officer), we recommend taking a day to do some file review to see if your customer risk assessments and business risk assessment are in good shape – you don’t want your auditor being the first one to tell you where you’re going wrong.
Using technology for AML compliance
With the rise of online transactions, online banking and other new financial frontiers, fraudsters have a raft of new ways to launder illicit funds. As a result, regulatory and audit requirements have tightened.
It’s no longer reasonable to expect an AML officer to manage the large amount of data and analysis involved in an AML process.
AML officers often benefit from using tools and technology to manage the large amounts of data and analysis involved in the onboarding process. Having the right tools also helps reduce the repetitive and manual processes around document collection and company structuring.
KYC risk assessments are a tricky but essential part of your wider AML processes. If you’d like to view or would like to see our platform for yourself, get in touch.
About First AML
First AML is an AML technology provider, and the maker of Source, an all-in-one AML platform. Source powers thousands of compliance experts around the globe to reduce the time and cost burden of complex and international entity KYC. Its enterprise-wide, long term approach to the KYC / CDD data lifecycle addresses time and cost challenges while minimising compliance, reputational and security risks.