How to use a risk-based approach to carry out a risk assessment of your business.
Businesses regulated by the Money Laundering Regulations must assess the risk that they could be used for money laundering, including terrorist financing.
You can decide which areas of your business are at risk and put in place measures to prevent money laundering occurring by using what’s known as a ‘risk-based’ approach.
This guide gives an overview of the risk-based approach and helps you to carry out a risk assessment of your business. It also outlines your day-to-day responsibilities under the Money Laundering Regulations.
The risk-based approach
Businesses that are covered by the Money Laundering Regulations have to use a risk-based approach to prevent money laundering. This involves following a number of steps.
You have to:
- identify the money laundering risks that are relevant to your business
- carry out a detailed risk assessment of your business, focusing on customer behaviour, delivery channels and so on
- carry out a risk assessment of your customers
- design and put in place controls to manage and reduce the impact of these risks
- monitor the controls and improve their efficiency
- keep records of what you did and why you did it
Advantages of the risk-based approach
You’re able to decide on the most cost-effective way to control the risks of money laundering when you follow the steps involved in the risk-based approach. This allows you to focus your efforts and resources where the risks are highest.
How to carry out a risk assessment
You can decide for yourself how to carry out your risk assessment. It might be quite simple or very sophisticated depending on:
- the size and structure of your business
- the range of activities your business carries out and the nature of the products and services it supplies
When you assess the risks of money laundering that apply to your business you need to consider:
- the types of customer you have
- where you and your customers are based
- your customers’ behaviour
- how customers come to your business
- the products you sell or the services you offer
- your delivery channels and payment processes, for example cash over the counter, cheques, electronic transfers or wire transfers
- where your customers’ funds come from or go to
Customers that might pose a risk
Your business might be at risk of money laundering from:
- new customers carrying out large, one-off transactions
- a customer who’s been introduced to you - because the person who introduced them to you may not have carried out ‘due diligence’ thoroughly
- customers who aren’t local to your business
- customers involved in a business that handles large amounts of cash
- businesses with a complicated ownership structure that could conceal underlying beneficiaries
- a customer - or group of customers - who makes regular transactions with the same individual or group of individuals
Customer behaviours that might suggest a risk
Behaviour that may indicate a potential risk could be when a customer:
- doesn’t want to give you identification, or gives you identification that isn’t satisfactory
- doesn’t want to reveal the name of a person they represent
- agrees to bear very high or uncommercial penalties or charges
- enters into transactions that don’t make commercial sense
- is involved in transactions where you can’t easily check where funds have come from
You must send a Suspicious Activity Report (SAR) to the National Crime Agency if you have any suspicion that a transaction relates to money laundering and/or terrorist financing and get a defence to protect you from a money laundering offence. You should always report before a transaction is made where possible. If your suspicion is raised after the transaction is completed you must send a SAR at the earliest opportunity.
Risks associated with your products and services
Depending on your business type there may be a risk:
- that inappropriate assets could be placed in your business, or moved from or through it
- from a product or service which allows the ownership of assets to be disguised
- when you supply services without meeting your customer face to face
The types of risk you need to identify will depend on the nature of your business. For example, ‘High Value Dealers’ need to be aware of the risk associated with cash sales of high value goods for more than 10,000 euros that can be either:
- sold through the black market - these are generally luxury items
- returned to the retailer in exchange for a legitimate cheque from them
Get more information
You can get more guidance on carrying out your risk assessment for:
- money service businesses
- high value dealers
- trust or company service providers
- estate agency businesses
- the Accountancy sector (PDF, 320KB) - from the Consultative Committee of Accountancy Bodies’ website
What to do when you’ve carried out your risk assessment
Once you’ve completed your risk assessment you need to:
- put in place policies, controls and procedures to reduce any risks of money laundering that you identified
- monitor your business on an ongoing basis to make sure your controls are effective
- identify and report any suspicious transactions or activities
Published: 23 October 2014
Updated: 26 June 2017
- Updated guide to explain that providers have to complete a risk assessment of customers and removed the section on the source of funds check.
- First published.