Risk Based Approach

FATF Recommendation (1) states the following:

Countries should identify, assess, and understand the money laundering and terrorist financing risks for the country, and take action, including designating an authority or mechanism to coordinate actions to assess risks, and apply resources, aimed at ensuring the risks are mitigated effectively. Based on that assessment, countries should apply a risk-based approach (RBA) to ensure that measures to prevent or mitigate money laundering and terrorist financing are commensurate with the risks identified. This approach should be an essential foundation for the efficient allocation of resources across the anti-money laundering and countering the financing of terrorism (AML/CFT) regime and the implementation of risk-based measures throughout the FATF Recommendations. Where countries identify higher risks, they should ensure that their AML/CFT regime adequately addresses such risks. Where countries identify lower risks, they may decide to allow simplified measures for some of the FATF recommendations under certain conditions.

The ADGM Financial Services Regulatory Authority (FSRA) is a risk-based regulator. This means that the FSRA’s approach focuses on those areas that present the greatest risk to its regulatory objectives.

The Risk-Based Approach (RBA) is an effective way to combat money laundering and terrorist financing. By adopting this approach, competent authorities, financial institutions and DNFBPs are able to ensure that measures to prevent or mitigate money laundering and terrorist financing are commensurate with the risks identified, and would enable them to make decisions on how to allocate their own resources in the most effective way.
In implementing RBA, financial institutions and DNFBPs should have in place processes to identify, assess, monitor, manage and mitigate money laundering and terrorist financing risks. The general principle of RBA is that, where there are higher risks, financial institutions and DNFBPs should consider and take enhanced measures to manage and mitigate those risks; and that, correspondingly, where the risks are lower, simplified measures may be permitted. Simplified measures should not be permitted whenever there is a suspicion of money laundering or terrorist financing.

Examples of Risk-Based Approach

The FATF Recommendation (1) can be considered the groundwork towards the implementation of the risk-based approach:

The Wolfsberg risk-based approach guidance has provided an insight on the approach by identifying these components that can assist in measuring the risk. Industry risk related to Business activities in which the customer is involved. "Money laundering risks may be measured using various categories, which may be modified by risk variables. The most commonly used risk criteria are: country risk customer risk and services risk." Based on Wolfsberg's guidance on a risk-based approach, risk factor identification or indicators that can allow the assessment and measurement of the level of risk can be summarized in the following diagram:

The risk based approach or assessment process should be comprehensive, transparent and well documented. When completing the risk based approach effectively, the end result should create reliable conclusions necessary to establish appropriate policies, procedures, processes and systems required to develop the organisation's Compliance Program.