SlideShare a Scribd company logo

Risk Assessment1.ppt

Download as PPT, PDF
M
MdSahedulHoque

The document discusses annual risk assessment and investigations related to anti-money laundering (AML) and combating the financing of terrorism (CFT). It covers several topics: 1. The AML/CFT risk management framework and why risks need to be assessed. 2. How to assess risks through identification, evaluation, and estimation of likelihood and impact. Risk matrices and scoring are presented as examples. 3. The implications of risk assessments, including improving policies/procedures and informed decision-making about risk appetite based on residual risk.

Business
1 of 43
Downloaded 19 times
1
2
3
Most read
4
5
6
7
Most read
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Most read
31
32
33
34
35
36
37
38
39
40
41
42
43
Annual AML/CFT Risk Assessment & Investigations Md. Sahadul Hoque Principal Officer Islami Bank Bangladesh Limited Risk Management Wing
Agenda of the Session  AML Risk Management Framework  Why & What Risks to be assessed?  How to assess AML/CFT Risk?  Implications of AML Risk Assessment  AML Investigations
Let’s Refresh our Concept of Risk  Intention of the man is to suicide.  Jumping from the top of the building  Loss of life is certain  Is the event a Risky One?  Risk is the uncertainty of an expected objective (ISO 31000).  Risks can be seen as a combination of the chance that something may happen and the degree of damage or loss that may result if it does occur
Why Banks are Vulnerable in ML/CFT Definition: The process of disguising the proceeds of crime in an effort to conceal their illicit origins and legitimize their future use. Objective: To conceal true ownership and origin of the proceeds, a desire to maintain control, a need to change the form of the proceeds. Banks Financial services Brokerage firms Other Examples: Insurance companies, Money remitters, Cash intensive businesses, Brokerage firms, LAWYERS and ACCOUNTANTS Money is Laundered Through
Is Money Laundering a Risk? Increased headcount Increased technology budget Reputational damage Consultancy fees Long periods of Regulatory oversight Attention from other Regulators Loss of partners, clients Regulatory Fines/Penalty
Risk Management "Narrated Aisha, Ummul Mu'minin: The Apostle of Allah (peace_be_upon_him) said: Profit follows responsibility of bearing loss. “ (Sunan e Ibn Majah Book 23, Number 3501)
AML/CFT Risk Management Framework Risk Identification Business Risk  Customers  Products & Services  Delivery Methods or Channel  Country or Jurisdiction Regulatory Risk  Failure to report SARs/STRs  Inappropriate customer verification  Inappropriate record keeping  Lack of AML/CFT Program Risk Assessment Size & Importance of Risk  likelihood – chance of the risk happening  impact – the amount of loss or damage if the risk happened  likelihood X impact = level of risk (risk score) Risk Treatment Business Risk  Minimize & Manage the Risks  Apply strategy, policy & procedures Regulatory Risk:  Put in place systems and controls  Carry out risk plan and AML/CFT program Monitoring & Review  Develop & carry out monitoring process  Keep necessary records  Review risk plan and necessary AML/CFT Program  Do internal audit and assessment  Do AML & CFT Compliance Report
Why and What AML Risks to be Assessed?
Risk Assessment According to Business Dictionary, Risk Assessment is –  Identification  Evaluation and  Estimation of the levels of Risks And comparison against standards of an acceptable level of Risk.
Is Risk Assessment Obligatory? FATF Recommendations No. 1  To identify ML & TF Risk  To assess ML & TF Risk  To take action  To mitigate ML & TF Risk FATF Recommendations No. 15  To assess ML & TF Risk for new products, business techniques and delivery mechanisms  Using technology to asses new and existing products AML Rule 2013, Rule No. 21  RO-FI shall conduct periodic assessment  Report to BFIU for vetting  Assessment report to be utilized by RO-FI after vetting  EDD for HIGH Risk BFIU Circular Letter No. 01/2015 dated 08.01.2015 ML & TF Risk Assessment Guideline for Banking Sector September 2015 Money Laundering and Terrorist Financing Risk Management Guideline. A Risk Register is enclosed.
Uses of Risk Assessment  Identify gaps and improve policy & procedures  Develop Risk Based Framework  Aware Sr. Management about key risks, exits and disposals  Informed decision about Risk Appetite on the basis of Residual Risk  Alignment of compliance with Risk Profile  Risk mitigation strategies and resource allocation  Regulatory reporting for remediation efforts across the FIs
Steps of Risk Assessment  Identification of Risk Assessment Categories  Detailed Analysis of the Gathered Data  Evaluation of AML Program
Money Laundering Risks in Banks Operational Risk Legal Risk Reputational Risk Concentration Risk
Kroll’s Findings on Risk Assessment of IBBL  Risk Assessment is Partial  Risk rating is done on clients’ net-worth, occupation & transaction profile only  Inadequate tools, technology and methodology  Poor data quality  Inadequate actionable information in in Risk Assessment Report  Inadequate SoP & SoD
Kroll’s Findings on Risk Assessment of IBBL
Business Risks Arises to and from Customer  New customer  New customer but wants to conduct large transaction  Transaction to the same individual or group  Cash intensive business  Identification is difficult to check  Large but small denominated transactions  Distance between business and location of the customer  Non resident customer  Complex corporate ownership  PEPs & IPs  Unreliable documents  Inconsistent transaction with source of income etc. Country/Jurisdiction  any country which is unidentified by credible sources as having significant level of corruption and criminal activity  any country subject to economic or trade sanctions  any country known to be a tax haven and unidentified by credible sources as providing funding or support for terrorist activities or that have designated terrorist organizations operating within their country  any country unidentified by FATF or FATF Style Regional Bodies (FSRBs) as not having adequate AML&CFT system  any country indentified as destination of illicit financial flow
Business Risks Arises to and from (Cont’d) Product & Services  private banking i.e., prioritized or privileged banking  credit card  anonymous transaction  non face to face business relationship or transaction  payment received from unknown or unrelated third parties  any new product & service developed  service to walk-in customers  mobile banking Delivery Channel  direct to the customer  online/internet  phone  fax  email  third-party agent or broker.
Regulatory Risks Arises to and from Regulatory Risks  customer/beneficial owner identification and verification not done properly  failure to keep record properly  failure to scrutinize staffs properly  failure to train staff adequately  not having an AML&CFT program  failure to report suspicious transactions or activities  not submitting required report to BFIU regularly  not having an AML&CFT Compliance Officer  failure of doing Enhanced Due Diligence (EDD) for high risk customers (i.e., PEPs, IPs)  not complying with any order for freezing or suspension of transaction issued by BFIU or BB  not submitting accurate information or statement requested by BFIU or BB.
Other Qualitative Risk Factors Other Risk Factors  Client base stability  Integration of IT system  Expected account/client growth  Expected revenue growth  Recent AML Compliance Employee turnover  Reliance on 3rd party providers  Recent introduction of new products and services  Recent project and initiatives related to AML Compliance matters  Recent relevant enforcement actions  National risk assessment
How to Assess Risk?
Standard Risk Assessment Methodology
Risk Assessment Scales Likelihood Scale Frequency Likelihood of an ML/FT Risk Very Likely Probably occur several times in a year Likely High probability that it will happen once in a year Unlikely Unlikely, but not impossible Impact Scale Consequence Impact of an ML/FT Risk Major major damage or effect. Serious terrorist act or large- scale money laundering Moderate Moderate level of money laundering or terrorism financing impact Minor Minor or negligible consequences or effects
Risk Matrix
Risk Score Table Rating Impact – of an ML&TF risk 4 Extreme Risk almost sure to happen and/or to have very serious consequences. Response: Do not allow transaction to occur or reduce the risk to acceptable level. 3 High Risk likely to happen and/or to have serious consequences. Response: Do not allow transaction until risk reduced. 2 Medium Possible this could happen and/or have moderate consequences. Response: May go ahead but preferably reduce risk. 1 Low Unlikely to happen and/or have minor or negligible consequences. Response: Okay to go ahead.
Risk Registrar Risk Likelihood Impact Risk Score Treatment/ Action Retail Banking Customer A new customer Unlikely Minor i) CDD shall be applied properly. ii) EDD shall also be applied for high risky clients & accounts opened without physical presence of the clients. Walk-in customer (beneficiary is government/semi government/autonomous body/ bank & NBFI Unlikely Minor Obtaining proper KYC of the Remitter Walk-in customer (beneficiary is other than government/semi government/autonomous body/ bank & NBFI Likely Moderate i) Obtaining proper KYC of the remitter/ beneficiary ii) Reporting STR/ SAR if suspicious anything found. Non-Resident customer (Bangladeshi) Likely Major i) CDD shall be done ii) verification of necessary papers/ documents including work permit, passport & visa. iii) Transaction shall be allowed with constant monitoring of the account in case of High Risk nature. iv) STR shall be submitted to CCU if any transaction found suspicious. A new customer who wants to carry out a large transaction (i.e. transaction above CTR threshold or below the threshold) Likely Moderate i) CDD shall be applied properly. ii) Verifying the genuineness of the data/ information of the client. iii) Transaction monitoring shall be done. iv) STR shall be submitted to CCU if any transaction found suspicious.
Risk Registrar Risk Likelihood Impact Risk Score Treatment/ Action Retail Banking Customer A new customer Unlikely Minor 1 Low i) CDD shall be applied properly. ii) EDD shall also be applied for high risky clients & accounts opened without physical presence of the clients. Walk-in customer (beneficiary is government/semi government/autonomous body/ bank & NBFI Unlikely Minor 1 Low Obtaining proper KYC of the Remitter Walk-in customer (beneficiary is other than government/semi government/autonomous body/ bank & NBFI Likely Moderate 2 Medium i) Obtaining proper KYC of the remitter/ beneficiary ii) Reporting STR/ SAR if suspicious anything found. Non-Resident customer (Bangladeshi) Likely Major 3 High i) CDD shall be done ii) verification of necessary papers/ documents including work permit, passport & visa. iii) Transaction shall be allowed with constant monitoring of the account in case of High Risk nature. iv) STR shall be submitted to CCU if any transaction found suspicious. A new customer who wants to carry out a large transaction (i.e. transaction above CTR threshold or below the threshold) Likely Moderate 2 Medium i) CDD shall be applied properly. ii) Verifying the genuineness of the data/ information of the client. iii) Transaction monitoring shall be done. iv) STR shall be submitted to CCU if any transaction found suspicious.
Risk Register (Summary) Sl. Risk Aspects Particulars # Questions 1 ML & TF Risk Register for Customer’s Retail Banking Customer 35 Wholesale Banking Customer 8 Khidmah Card Customer 4 International Trade Customer 10 Sub-total= 57 2 ML & TF Risk Register for Products & Services Retail Banking Product 15 Retail Privilege Facilities 2 SME Banking Product 7 Wholesale Banking Product 9 Khidmah Card Product 4 International Trade 5 Sub-total= 42 3 Risk Register for Businesses Practice/delivery methods or channels Online/BEFTN/BACH 4 Mobile Banking 3 Alternate Delivery Channel 6 International Trade 2 Sub-total= 15 4 Risk Register for Country/Jurisdiction 15 5 Register for Regulatory Risk 42 Grand Total= 171
Consolidated Risk Assessment Report (example)
Consolidated Risk Assessment Report (example)
Consolidated Risk Assessment Report (example)
Risk Assessment (Examples: Factor Weights)
Risk Assessment (Exapmles: Factor Weights)
Dependants of Risk Assessment Frequency  Methodology  Type & extent of interim validation  Result of the Risk Assessment  Material Change to the Risk Environment  Regulatory intervention  Trigger based Usually requires to submit assessment report annually
Implication of Risk Assessment
Implications µwgK cÖK…wZ SuywKi gvÎv ‡¯‹vi 26 ‡dªBU/wkwcs/Kv‡M©v G‡R›U D”P 3 27 wjwRsdvBbvÝ †Kv¤úvbx ga¨g 3 28 BÝy¨‡iÝ/‡eªvKv‡iRG‡RÝx ga¨g 3 29 ag©xq cÖwZôvb/ms¯’v ga¨g 3 30 we‡bv`bKvix cÖwZôvb/cvK© ga¨g 3 31 ‡gvUi cvU©m Gi e¨emv ga¨g 3 32 ZvgvK I wmMv‡i‡Uie¨emv ga¨g 3 33 Drcv`bKvix cÖwZôvb ga¨g 3 34 PvKzix (†eZb wnmve e¨vZxZAb¨ wnmve) ga¨g 3 35 QvÎ ga¨g 3 36 M„wnYx ga¨g 3 37 A‡Uv cÖvBgvix (bZzb Mvox) ga¨g 2 38 †`vKv‡bi gvwjK (LyPiv) wb¤œ 2 39 e¨emv-G‡R›U wb¤œ 2 40 ¶z`ª e¨emvqx(evwl©K Uvb©Ifvi 50 j¶ UvKvi bx‡P) wb¤œ 2 41 evox wbg©vY mvgMÖxie¨emv wb¤œ 2 42 md&UIq¨vie¨emv wb¤œ 2 43 PvKzix (ïaygvΆeZb wnmve) wb¤œ 1 44 PvKzix n‡Z AemiMÖnYKvix wb¤œ 1 45 K…wlRxex wb¤œ 1 46 Ab¨vb¨.....(aiYAbymv‡i e¨vsKwi¯‹ †¯‹vi cÖ`vb Ki‡e) `ªóe¨:KYCm¤úv`bKvixKg©KZ©vMªvn‡Kie¨emv‡qi ev†ckvi cªK…wZ,e¨emv‡qi GjvKv,e¨emv‡qi AvKvi, wnmv‡eicÖK…Zmyweav‡fvMx cÖf„wZ welqmg~nwe‡ePbvq wb‡q MÖvnK†f‡`27-46µwg‡KD‡jwLZ †ckvi †¶‡Î ewb©Z†¯‹vi A‡c¶vD”PZi †¯‹vi cÖ`vb Ki‡Z cv KYC m¤úv`bKvix Kg©KZ©vMªvn‡Ki e¨emv‡qi ev †ckvicªK…wZ, e¨emv‡qi GjvKv, e¨emv‡qi AvKvi, wnmv‡ei cÖK…Z myweav‡fvMx cÖf„wZ welqmg~n we‡ePbvq wb‡q MÖvnK†f‡` 27-46µwg‡K D‡jwLZ †ckvi †¶‡Î ewb©Z
Implications  Improve policy & procedures  Effective Risk Based Framework  Informed decision about Risk Appetite on the basis of Residual Risk  Alignment of compliance with Risk Profile  Risk mitigation strategies and resource allocation  Regulatory reporting for remediation efforts across the FIs  Charging 1.5% of MCR for risk rating below “satisfactory” under SRP
Investigation of Risk Assessment
Considerations of Investigations  Identification of all areas of business and responsibilities of business units  Effectiveness of systems and internal controls  Inherent risk of existing, new, potential class of customers, geographies, products, services and systems  Reflection of changed events like expansion, new markets, new products, new core data processing and systems  Whether crossed the assets size of defined large bank  Whether assessment has been done on qualitative and quantitative data  Frequency of risk assessment review  Whether risk assessment is communicated to the business units and the Board of Directors  Whether regulatory changes have been warranted
Major Areas of Investigation  AML Corporate Governance; Management Oversight and Accountability  Policies and Procedures  Know Your Client (“KYC”); Client Due Diligence (“CDD”); Enhanced Due Diligence (“EDD”)  Previous Other Risk Assessments (local and enterprise-wide)  Management Information/Reporting  Record Keeping and Retention  Designated AML Compliance Officer/Unit  Detection and SAR filing  Monitoring and Controls  Training  Independent Testing and Oversight (including recent Internal Audit or Other Material Findings)  Other Controls/Others
Report Contents of Internal Control  Key Risk Indicators (KRIs)  High Risk Processes  Compliance Initiatives  AML Program Deficiencies  Volume SAR, STR & CTR filed  Accounts closed due to suspicious activity  Customer Identification Program (CIP) Violations  High Risk Accounts  Completed and outstanding training  Source of alerts reported and investigations completed
Technical Considerations  Configuration of the AML Software  Logics behind the alert generation  Alert Management  Change Control Procedure  How data is imported from the CBS  Independent validation of the software  Gap analysis of the AML software  Volume of false positive and false negative  Risk of failure of the AML software, hardware and data
Risk Assessment1.ppt
Glory is to You, O Allah, and praise is to You. I bear witness that there is none worthy of worship but You. I seek Your forgiveness and repent to You. Kaffara-e-Majlish

More Related Content

PDF
How to conduct an AML risk assessment
Asia Pacific AML
 
PPTX
Anti-Money Laundering (AML) Risk Assessment Process
accenture
 
PPTX
Risk based approach
Pierre Simon, CCEP-I
 
PPTX
Anti-Money Laundering
Sharjeel Qasim
 
PPTX
The ANTI-MONEYLAUNDERING LEGAL FRAMEWORK
Melissa Cammarata
 
PPTX
Anti Money Laundering Framework
nikatmalik
 
PPTX
Aml basics
David F Amakobe
 
PPTX
Customer Due Diligence Part 1 slides.pptx
SiniTizhe
 
How to conduct an AML risk assessment
Asia Pacific AML
 
Anti-Money Laundering (AML) Risk Assessment Process
accenture
 
Risk based approach
Pierre Simon, CCEP-I
 
Anti-Money Laundering
Sharjeel Qasim
 
The ANTI-MONEYLAUNDERING LEGAL FRAMEWORK
Melissa Cammarata
 
Anti Money Laundering Framework
nikatmalik
 
Aml basics
David F Amakobe
 
Customer Due Diligence Part 1 slides.pptx
SiniTizhe
 

What's hot (20)

PPT
Aml cft training programme
Subhalakshmi Girish
 
PPTX
Understanding Its Suspicious Activity Reporting (SAR) Requirement
complianceonline123
 
PPT
Insurance anti money laundering
Mohit Singla
 
PPTX
Anti-Money Laundering and Counter Financing of Terrorism
Puni Hariaratnam
 
PPT
Knowyourcustomer
mohitronnie
 
PPTX
Basics of Anti-Money Laundering : A Really Quick Primer
complianceonline123
 
PPTX
AML Presentation 2.pptx
Olufemi Feyisitan
 
PPTX
AML presentation
Jowhar Roshan
 
PPT
Presentation AML
Mirsazzad
 
PPTX
Money laundering
Ananya Sree Katta
 
PDF
Money Laundering and Terrorist Financing in a Nutshell: Chapter One
Md. Moulude Hossain
 
PDF
Aml training
Rahul Bhan (CA, CIA, MBA)
 
PDF
Anti Money Laundering
Besart Qerimi
 
PPTX
Amla traning (2014) 180714
Nurul Amira
 
PPT
AML Training uba capital
SEGUN AREMU B.sc Banking and Finance (ACIB)
 
PPTX
know your customer
sumit dubey
 
PPT
Anti Money Laundering Presentation
Audrius Sapola
 
PDF
Anti Money Laundering - CDD & KYC
Besart Qerimi
 
PPTX
Money Laundering
Siddharth Chakravarty
 
PPTX
Fraud in the Banking Sector
Venktesh Venke
 
Aml cft training programme
Subhalakshmi Girish
 
Understanding Its Suspicious Activity Reporting (SAR) Requirement
complianceonline123
 
Insurance anti money laundering
Mohit Singla
 
Anti-Money Laundering and Counter Financing of Terrorism
Puni Hariaratnam
 
Knowyourcustomer
mohitronnie
 
Basics of Anti-Money Laundering : A Really Quick Primer
complianceonline123
 
AML Presentation 2.pptx
Olufemi Feyisitan
 
AML presentation
Jowhar Roshan
 
Presentation AML
Mirsazzad
 
Money laundering
Ananya Sree Katta
 
Money Laundering and Terrorist Financing in a Nutshell: Chapter One
Md. Moulude Hossain
 
Aml training
Rahul Bhan (CA, CIA, MBA)
 
Anti Money Laundering
Besart Qerimi
 
Amla traning (2014) 180714
Nurul Amira
 
AML Training uba capital
SEGUN AREMU B.sc Banking and Finance (ACIB)
 
know your customer
sumit dubey
 
Anti Money Laundering Presentation
Audrius Sapola
 
Anti Money Laundering - CDD & KYC
Besart Qerimi
 
Money Laundering
Siddharth Chakravarty
 
Fraud in the Banking Sector
Venktesh Venke
 

Similar to Risk Assessment1.ppt (20)

PPTX
Webinar Presentation: Enhancing AML Compliance Regimes in MSB Sectors
Securefact
 
PDF
KYC Regulations - Mel Georgie Racela
SWIFTAsiaPac
 
PDF
Implementing Anti Money Laundering and Fraud Rules in Banking
TriVersa
 
PPT
ComplianceOnline PPT Format AMLOFAC Risk Assessment The Cornerstone of an Eff...
Craig Taggart MBA
 
PDF
The Role of Business Risk Assessment in AML: A Definitive Guide
AML India
 
PDF
Navigating Business & Customer Risk Assessments for Compliance.
MEMA Consultants
 
PPTX
Las Vegas - InsideBitcoins 2014-10-05
Juan Llanos
 
PDF
Elements of Customer Risk - Products & Services, Activity Patterns and Behaviors
Alessa
 
PDF
2014 10-05 juan llanos presentation (inside bitcoins)
MecklerMedia
 
PDF
Aligning AML/CFT Program with FATF's Grey List Updates.pdf
technovisors
 
PPTX
2014 07-09 Juan Llanos Presentation
Mediabistro
 
PDF
Riskpro Aml Services
Rahul Bhan (CA, CIA, MBA)
 
PDF
Riskpro Aml Services
Rahul Bhan (CA, CIA, MBA)
 
PDF
Riskpro Aml Services
Rahul Bhan (CA, CIA, MBA)
 
PDF
Riskpro aml services
Rahul Bhan (CA, CIA, MBA)
 
PPTX
Mdm (2)
Martijn Sinninghe Damsté
 
PDF
New York - Virtual Currencies Compliance Conference
Juan Llanos
 
PPT
Knowyourcustomer
Viral Jain
 
PDF
Compliance at an inflection point
Mohammad Ibrahim Fheili
 
PPTX
E-book: How to manage Anti-Money Laundering and Counter Financing of Terroris...
Jitske de Bruijne
 
Webinar Presentation: Enhancing AML Compliance Regimes in MSB Sectors
Securefact
 
KYC Regulations - Mel Georgie Racela
SWIFTAsiaPac
 
Implementing Anti Money Laundering and Fraud Rules in Banking
TriVersa
 
ComplianceOnline PPT Format AMLOFAC Risk Assessment The Cornerstone of an Eff...
Craig Taggart MBA
 
The Role of Business Risk Assessment in AML: A Definitive Guide
AML India
 
Navigating Business & Customer Risk Assessments for Compliance.
MEMA Consultants
 
Las Vegas - InsideBitcoins 2014-10-05
Juan Llanos
 
Elements of Customer Risk - Products & Services, Activity Patterns and Behaviors
Alessa
 
2014 10-05 juan llanos presentation (inside bitcoins)
MecklerMedia
 
Aligning AML/CFT Program with FATF's Grey List Updates.pdf
technovisors
 
2014 07-09 Juan Llanos Presentation
Mediabistro
 
Riskpro Aml Services
Rahul Bhan (CA, CIA, MBA)
 
Riskpro Aml Services
Rahul Bhan (CA, CIA, MBA)
 
Riskpro Aml Services
Rahul Bhan (CA, CIA, MBA)
 
Riskpro aml services
Rahul Bhan (CA, CIA, MBA)
 
Mdm (2)
Martijn Sinninghe Damsté
 
New York - Virtual Currencies Compliance Conference
Juan Llanos
 
Knowyourcustomer
Viral Jain
 
Compliance at an inflection point
Mohammad Ibrahim Fheili
 
E-book: How to manage Anti-Money Laundering and Counter Financing of Terroris...
Jitske de Bruijne
 

Recently uploaded (20)

PPTX
Sales & Distribution Management , LOGISTICS, Distribution, Sales Managers
efranciscaantoinette
 
PDF
TyAnn Osborn: A Visionary Leader Shaping Corporate Workforce Dynamics
CIO WOMEN MAGAIZNE CIO WOMEN MAGAIZNE
 
PPTX
Board-Reporting-Package-by-Umbrex-5-23-23.pptx
Pars Six Sigma Excellence
 
PDF
Booking.com The Global AI Sentiment Report 2025
agatadrynko
 
PPTX
Slide gioi thieu VietinBank Quy 2 - 2025
hoadm5190
 
PDF
Cours de Système d'information about ERP.pdf
pha nguyen
 
PDF
How to Get Business Funding for Small Business Fast
Jake Thornhill
 
PDF
Digital Marketing & E-commerce Certificate Glossary.pdf.................
RoobaV2
 
PDF
kom-180-proposal-for-a-directive-amending-directive-2014-45-eu-and-directive-...
nlusch08
 
PDF
Module 3 - Functions of the Supervisor - Part 1 - Student Resource (1).pdf
OmoobaOrun1
 
PDF
Introduction to Generative Engine Optimization (GEO)
seoplus+
 
PDF
Nante Industrial Plug Factory: Engineering Quality for Modern Power Applications
gdhdgee963
 
PPTX
sales presentation، Training Overview.pptx
hamdullahazimi3
 
PPTX
Slide gioi thieu VietinBank Quy 2 - 2025
hoadm5190
 
PDF
How to Get Approval for Business Funding
Jake Thornhill
 
PDF
Building a Smart Pet Ecosystem: A Full Introduction to Zhejiang Beijing Techn...
fuijfsdsazdyu
 
PPTX
Negotiation and Persuasion Skills: A Shrewd Person's Perspective
smartanimesh2710
 
PDF
Family Law: The Role of Communication in Mediation (www.kiu.ac.ug)
publication11
 
PDF
Tata consultancy services case study shri Sharda college, basrur
nityanema19
 
PDF
Daniels 2024 Inclusive, Sustainable Development
CMassociates
 
Sales & Distribution Management , LOGISTICS, Distribution, Sales Managers
efranciscaantoinette
 
TyAnn Osborn: A Visionary Leader Shaping Corporate Workforce Dynamics
CIO WOMEN MAGAIZNE CIO WOMEN MAGAIZNE
 
Board-Reporting-Package-by-Umbrex-5-23-23.pptx
Pars Six Sigma Excellence
 
Booking.com The Global AI Sentiment Report 2025
agatadrynko
 
Slide gioi thieu VietinBank Quy 2 - 2025
hoadm5190
 
Cours de Système d'information about ERP.pdf
pha nguyen
 
How to Get Business Funding for Small Business Fast
Jake Thornhill
 
Digital Marketing & E-commerce Certificate Glossary.pdf.................
RoobaV2
 
kom-180-proposal-for-a-directive-amending-directive-2014-45-eu-and-directive-...
nlusch08
 
Module 3 - Functions of the Supervisor - Part 1 - Student Resource (1).pdf
OmoobaOrun1
 
Introduction to Generative Engine Optimization (GEO)
seoplus+
 
Nante Industrial Plug Factory: Engineering Quality for Modern Power Applications
gdhdgee963
 
sales presentation، Training Overview.pptx
hamdullahazimi3
 
Slide gioi thieu VietinBank Quy 2 - 2025
hoadm5190
 
How to Get Approval for Business Funding
Jake Thornhill
 
Building a Smart Pet Ecosystem: A Full Introduction to Zhejiang Beijing Techn...
fuijfsdsazdyu
 
Negotiation and Persuasion Skills: A Shrewd Person's Perspective
smartanimesh2710
 
Family Law: The Role of Communication in Mediation (www.kiu.ac.ug)
publication11
 
Tata consultancy services case study shri Sharda college, basrur
nityanema19
 
Daniels 2024 Inclusive, Sustainable Development
CMassociates
 

Risk Assessment1.ppt

  • 1. Annual AML/CFT Risk Assessment & Investigations Md. Sahadul Hoque Principal Officer Islami Bank Bangladesh Limited Risk Management Wing
  • 2. Agenda of the Session  AML Risk Management Framework  Why & What Risks to be assessed?  How to assess AML/CFT Risk?  Implications of AML Risk Assessment  AML Investigations
  • 3. Let’s Refresh our Concept of Risk  Intention of the man is to suicide.  Jumping from the top of the building  Loss of life is certain  Is the event a Risky One?  Risk is the uncertainty of an expected objective (ISO 31000).  Risks can be seen as a combination of the chance that something may happen and the degree of damage or loss that may result if it does occur
  • 4. Why Banks are Vulnerable in ML/CFT Definition: The process of disguising the proceeds of crime in an effort to conceal their illicit origins and legitimize their future use. Objective: To conceal true ownership and origin of the proceeds, a desire to maintain control, a need to change the form of the proceeds. Banks Financial services Brokerage firms Other Examples: Insurance companies, Money remitters, Cash intensive businesses, Brokerage firms, LAWYERS and ACCOUNTANTS Money is Laundered Through
  • 5. Is Money Laundering a Risk? Increased headcount Increased technology budget Reputational damage Consultancy fees Long periods of Regulatory oversight Attention from other Regulators Loss of partners, clients Regulatory Fines/Penalty
  • 6. Risk Management "Narrated Aisha, Ummul Mu'minin: The Apostle of Allah (peace_be_upon_him) said: Profit follows responsibility of bearing loss. “ (Sunan e Ibn Majah Book 23, Number 3501)
  • 7. AML/CFT Risk Management Framework Risk Identification Business Risk  Customers  Products & Services  Delivery Methods or Channel  Country or Jurisdiction Regulatory Risk  Failure to report SARs/STRs  Inappropriate customer verification  Inappropriate record keeping  Lack of AML/CFT Program Risk Assessment Size & Importance of Risk  likelihood – chance of the risk happening  impact – the amount of loss or damage if the risk happened  likelihood X impact = level of risk (risk score) Risk Treatment Business Risk  Minimize & Manage the Risks  Apply strategy, policy & procedures Regulatory Risk:  Put in place systems and controls  Carry out risk plan and AML/CFT program Monitoring & Review  Develop & carry out monitoring process  Keep necessary records  Review risk plan and necessary AML/CFT Program  Do internal audit and assessment  Do AML & CFT Compliance Report
  • 8. Why and What AML Risks to be Assessed?
  • 9. Risk Assessment According to Business Dictionary, Risk Assessment is –  Identification  Evaluation and  Estimation of the levels of Risks And comparison against standards of an acceptable level of Risk.
  • 10. Is Risk Assessment Obligatory? FATF Recommendations No. 1  To identify ML & TF Risk  To assess ML & TF Risk  To take action  To mitigate ML & TF Risk FATF Recommendations No. 15  To assess ML & TF Risk for new products, business techniques and delivery mechanisms  Using technology to asses new and existing products AML Rule 2013, Rule No. 21  RO-FI shall conduct periodic assessment  Report to BFIU for vetting  Assessment report to be utilized by RO-FI after vetting  EDD for HIGH Risk BFIU Circular Letter No. 01/2015 dated 08.01.2015 ML & TF Risk Assessment Guideline for Banking Sector September 2015 Money Laundering and Terrorist Financing Risk Management Guideline. A Risk Register is enclosed.
  • 11. Uses of Risk Assessment  Identify gaps and improve policy & procedures  Develop Risk Based Framework  Aware Sr. Management about key risks, exits and disposals  Informed decision about Risk Appetite on the basis of Residual Risk  Alignment of compliance with Risk Profile  Risk mitigation strategies and resource allocation  Regulatory reporting for remediation efforts across the FIs
  • 12. Steps of Risk Assessment  Identification of Risk Assessment Categories  Detailed Analysis of the Gathered Data  Evaluation of AML Program
  • 13. Money Laundering Risks in Banks Operational Risk Legal Risk Reputational Risk Concentration Risk
  • 14. Kroll’s Findings on Risk Assessment of IBBL  Risk Assessment is Partial  Risk rating is done on clients’ net-worth, occupation & transaction profile only  Inadequate tools, technology and methodology  Poor data quality  Inadequate actionable information in in Risk Assessment Report  Inadequate SoP & SoD
  • 15. Kroll’s Findings on Risk Assessment of IBBL
  • 16. Business Risks Arises to and from Customer  New customer  New customer but wants to conduct large transaction  Transaction to the same individual or group  Cash intensive business  Identification is difficult to check  Large but small denominated transactions  Distance between business and location of the customer  Non resident customer  Complex corporate ownership  PEPs & IPs  Unreliable documents  Inconsistent transaction with source of income etc. Country/Jurisdiction  any country which is unidentified by credible sources as having significant level of corruption and criminal activity  any country subject to economic or trade sanctions  any country known to be a tax haven and unidentified by credible sources as providing funding or support for terrorist activities or that have designated terrorist organizations operating within their country  any country unidentified by FATF or FATF Style Regional Bodies (FSRBs) as not having adequate AML&CFT system  any country indentified as destination of illicit financial flow
  • 17. Business Risks Arises to and from (Cont’d) Product & Services  private banking i.e., prioritized or privileged banking  credit card  anonymous transaction  non face to face business relationship or transaction  payment received from unknown or unrelated third parties  any new product & service developed  service to walk-in customers  mobile banking Delivery Channel  direct to the customer  online/internet  phone  fax  email  third-party agent or broker.
  • 18. Regulatory Risks Arises to and from Regulatory Risks  customer/beneficial owner identification and verification not done properly  failure to keep record properly  failure to scrutinize staffs properly  failure to train staff adequately  not having an AML&CFT program  failure to report suspicious transactions or activities  not submitting required report to BFIU regularly  not having an AML&CFT Compliance Officer  failure of doing Enhanced Due Diligence (EDD) for high risk customers (i.e., PEPs, IPs)  not complying with any order for freezing or suspension of transaction issued by BFIU or BB  not submitting accurate information or statement requested by BFIU or BB.
  • 19. Other Qualitative Risk Factors Other Risk Factors  Client base stability  Integration of IT system  Expected account/client growth  Expected revenue growth  Recent AML Compliance Employee turnover  Reliance on 3rd party providers  Recent introduction of new products and services  Recent project and initiatives related to AML Compliance matters  Recent relevant enforcement actions  National risk assessment
  • 20. How to Assess Risk?
  • 22. Risk Assessment Scales Likelihood Scale Frequency Likelihood of an ML/FT Risk Very Likely Probably occur several times in a year Likely High probability that it will happen once in a year Unlikely Unlikely, but not impossible Impact Scale Consequence Impact of an ML/FT Risk Major major damage or effect. Serious terrorist act or large- scale money laundering Moderate Moderate level of money laundering or terrorism financing impact Minor Minor or negligible consequences or effects
  • 24. Risk Score Table Rating Impact – of an ML&TF risk 4 Extreme Risk almost sure to happen and/or to have very serious consequences. Response: Do not allow transaction to occur or reduce the risk to acceptable level. 3 High Risk likely to happen and/or to have serious consequences. Response: Do not allow transaction until risk reduced. 2 Medium Possible this could happen and/or have moderate consequences. Response: May go ahead but preferably reduce risk. 1 Low Unlikely to happen and/or have minor or negligible consequences. Response: Okay to go ahead.
  • 25. Risk Registrar Risk Likelihood Impact Risk Score Treatment/ Action Retail Banking Customer A new customer Unlikely Minor i) CDD shall be applied properly. ii) EDD shall also be applied for high risky clients & accounts opened without physical presence of the clients. Walk-in customer (beneficiary is government/semi government/autonomous body/ bank & NBFI Unlikely Minor Obtaining proper KYC of the Remitter Walk-in customer (beneficiary is other than government/semi government/autonomous body/ bank & NBFI Likely Moderate i) Obtaining proper KYC of the remitter/ beneficiary ii) Reporting STR/ SAR if suspicious anything found. Non-Resident customer (Bangladeshi) Likely Major i) CDD shall be done ii) verification of necessary papers/ documents including work permit, passport & visa. iii) Transaction shall be allowed with constant monitoring of the account in case of High Risk nature. iv) STR shall be submitted to CCU if any transaction found suspicious. A new customer who wants to carry out a large transaction (i.e. transaction above CTR threshold or below the threshold) Likely Moderate i) CDD shall be applied properly. ii) Verifying the genuineness of the data/ information of the client. iii) Transaction monitoring shall be done. iv) STR shall be submitted to CCU if any transaction found suspicious.
  • 26. Risk Registrar Risk Likelihood Impact Risk Score Treatment/ Action Retail Banking Customer A new customer Unlikely Minor 1 Low i) CDD shall be applied properly. ii) EDD shall also be applied for high risky clients & accounts opened without physical presence of the clients. Walk-in customer (beneficiary is government/semi government/autonomous body/ bank & NBFI Unlikely Minor 1 Low Obtaining proper KYC of the Remitter Walk-in customer (beneficiary is other than government/semi government/autonomous body/ bank & NBFI Likely Moderate 2 Medium i) Obtaining proper KYC of the remitter/ beneficiary ii) Reporting STR/ SAR if suspicious anything found. Non-Resident customer (Bangladeshi) Likely Major 3 High i) CDD shall be done ii) verification of necessary papers/ documents including work permit, passport & visa. iii) Transaction shall be allowed with constant monitoring of the account in case of High Risk nature. iv) STR shall be submitted to CCU if any transaction found suspicious. A new customer who wants to carry out a large transaction (i.e. transaction above CTR threshold or below the threshold) Likely Moderate 2 Medium i) CDD shall be applied properly. ii) Verifying the genuineness of the data/ information of the client. iii) Transaction monitoring shall be done. iv) STR shall be submitted to CCU if any transaction found suspicious.
  • 27. Risk Register (Summary) Sl. Risk Aspects Particulars # Questions 1 ML & TF Risk Register for Customer’s Retail Banking Customer 35 Wholesale Banking Customer 8 Khidmah Card Customer 4 International Trade Customer 10 Sub-total= 57 2 ML & TF Risk Register for Products & Services Retail Banking Product 15 Retail Privilege Facilities 2 SME Banking Product 7 Wholesale Banking Product 9 Khidmah Card Product 4 International Trade 5 Sub-total= 42 3 Risk Register for Businesses Practice/delivery methods or channels Online/BEFTN/BACH 4 Mobile Banking 3 Alternate Delivery Channel 6 International Trade 2 Sub-total= 15 4 Risk Register for Country/Jurisdiction 15 5 Register for Regulatory Risk 42 Grand Total= 171
  • 28. Consolidated Risk Assessment Report (example)
  • 29. Consolidated Risk Assessment Report (example)
  • 30. Consolidated Risk Assessment Report (example)
  • 31. Risk Assessment (Examples: Factor Weights)
  • 32. Risk Assessment (Exapmles: Factor Weights)
  • 33. Dependants of Risk Assessment Frequency  Methodology  Type & extent of interim validation  Result of the Risk Assessment  Material Change to the Risk Environment  Regulatory intervention  Trigger based Usually requires to submit assessment report annually
  • 34. Implication of Risk Assessment
  • 35. Implications µwgK cÖK…wZ SuywKi gvÎv ‡¯‹vi 26 ‡dªBU/wkwcs/Kv‡M©v G‡R›U D”P 3 27 wjwRsdvBbvÝ †Kv¤úvbx ga¨g 3 28 BÝy¨‡iÝ/‡eªvKv‡iRG‡RÝx ga¨g 3 29 ag©xq cÖwZôvb/ms¯’v ga¨g 3 30 we‡bv`bKvix cÖwZôvb/cvK© ga¨g 3 31 ‡gvUi cvU©m Gi e¨emv ga¨g 3 32 ZvgvK I wmMv‡i‡Uie¨emv ga¨g 3 33 Drcv`bKvix cÖwZôvb ga¨g 3 34 PvKzix (†eZb wnmve e¨vZxZAb¨ wnmve) ga¨g 3 35 QvÎ ga¨g 3 36 M„wnYx ga¨g 3 37 A‡Uv cÖvBgvix (bZzb Mvox) ga¨g 2 38 †`vKv‡bi gvwjK (LyPiv) wb¤œ 2 39 e¨emv-G‡R›U wb¤œ 2 40 ¶z`ª e¨emvqx(evwl©K Uvb©Ifvi 50 j¶ UvKvi bx‡P) wb¤œ 2 41 evox wbg©vY mvgMÖxie¨emv wb¤œ 2 42 md&UIq¨vie¨emv wb¤œ 2 43 PvKzix (ïaygvΆeZb wnmve) wb¤œ 1 44 PvKzix n‡Z AemiMÖnYKvix wb¤œ 1 45 K…wlRxex wb¤œ 1 46 Ab¨vb¨.....(aiYAbymv‡i e¨vsKwi¯‹ †¯‹vi cÖ`vb Ki‡e) `ªóe¨:KYCm¤úv`bKvixKg©KZ©vMªvn‡Kie¨emv‡qi ev†ckvi cªK…wZ,e¨emv‡qi GjvKv,e¨emv‡qi AvKvi, wnmv‡eicÖK…Zmyweav‡fvMx cÖf„wZ welqmg~nwe‡ePbvq wb‡q MÖvnK†f‡`27-46µwg‡KD‡jwLZ †ckvi †¶‡Î ewb©Z†¯‹vi A‡c¶vD”PZi †¯‹vi cÖ`vb Ki‡Z cv KYC m¤úv`bKvix Kg©KZ©vMªvn‡Ki e¨emv‡qi ev †ckvicªK…wZ, e¨emv‡qi GjvKv, e¨emv‡qi AvKvi, wnmv‡ei cÖK…Z myweav‡fvMx cÖf„wZ welqmg~n we‡ePbvq wb‡q MÖvnK†f‡` 27-46µwg‡K D‡jwLZ †ckvi †¶‡Î ewb©Z
  • 36. Implications  Improve policy & procedures  Effective Risk Based Framework  Informed decision about Risk Appetite on the basis of Residual Risk  Alignment of compliance with Risk Profile  Risk mitigation strategies and resource allocation  Regulatory reporting for remediation efforts across the FIs  Charging 1.5% of MCR for risk rating below “satisfactory” under SRP
  • 37. Investigation of Risk Assessment
  • 38. Considerations of Investigations  Identification of all areas of business and responsibilities of business units  Effectiveness of systems and internal controls  Inherent risk of existing, new, potential class of customers, geographies, products, services and systems  Reflection of changed events like expansion, new markets, new products, new core data processing and systems  Whether crossed the assets size of defined large bank  Whether assessment has been done on qualitative and quantitative data  Frequency of risk assessment review  Whether risk assessment is communicated to the business units and the Board of Directors  Whether regulatory changes have been warranted
  • 39. Major Areas of Investigation  AML Corporate Governance; Management Oversight and Accountability  Policies and Procedures  Know Your Client (“KYC”); Client Due Diligence (“CDD”); Enhanced Due Diligence (“EDD”)  Previous Other Risk Assessments (local and enterprise-wide)  Management Information/Reporting  Record Keeping and Retention  Designated AML Compliance Officer/Unit  Detection and SAR filing  Monitoring and Controls  Training  Independent Testing and Oversight (including recent Internal Audit or Other Material Findings)  Other Controls/Others
  • 40. Report Contents of Internal Control  Key Risk Indicators (KRIs)  High Risk Processes  Compliance Initiatives  AML Program Deficiencies  Volume SAR, STR & CTR filed  Accounts closed due to suspicious activity  Customer Identification Program (CIP) Violations  High Risk Accounts  Completed and outstanding training  Source of alerts reported and investigations completed
  • 41. Technical Considerations  Configuration of the AML Software  Logics behind the alert generation  Alert Management  Change Control Procedure  How data is imported from the CBS  Independent validation of the software  Gap analysis of the AML software  Volume of false positive and false negative  Risk of failure of the AML software, hardware and data
  • 43. Glory is to You, O Allah, and praise is to You. I bear witness that there is none worthy of worship but You. I seek Your forgiveness and repent to You. Kaffara-e-Majlish