Guidance

Risk assess your business for money laundering supervision

How to use a risk-based approach to carry out compulsory risk assessments of your business.

Businesses regulated by the Money Laundering Regulations must assess the risk that they could be used for money laundering, including terrorist financing.

You can decide which areas of your business are at risk and put in place measures to prevent money laundering occurring by using what’s known as a ‘risk-based’ approach.

This guide gives an overview of the risk-based approach and helps you to carry out a risk assessment of your business. It also outlines your day-to-day responsibilities under the Money Laundering Regulations.

The risk-based approach

Businesses that are covered by the Money Laundering Regulations have to use a risk-based approach to prevent money laundering. This involves following a number of steps.

You have to:

  • identify the money laundering risks that are relevant to your business
  • carry out a detailed risk assessment of your business, focusing on customer behaviour, delivery channels and so on
  • carry out a risk assessment of your customers
  • design and put in place controls to manage and reduce the impact of these risks
  • monitor the controls and improve their efficiency
  • keep records of what you did and why you did it

Advantages of the risk-based approach

You’re able to decide on the most cost-effective way to control the risks of money laundering when you follow the steps involved in the risk-based approach. This allows you to focus your efforts and resources where the risks are highest.

How to carry out a risk assessment

You can decide for yourself how to carry out your risk assessment. It might be quite simple or very sophisticated depending on:

  • the size and structure of your business
  • the range of activities your business carries out and the nature of the products and services it supplies

When you assess the risks of money laundering that apply to your business you need to consider:

  • the types of customer you have
  • where you and your customers are based
  • your customers’ behaviour
  • how customers come to your business
  • the products you sell or the services you offer
  • your delivery channels and payment processes, for example cash over the counter, cheques, electronic transfers or wire transfers
  • where your customers’ funds come from or go to

Customers that might pose a risk

Your business might be at risk of money laundering from:

  • new customers carrying out large, one-off transactions
  • a customer who’s been introduced to you - because the person who introduced them to you may not have carried out ‘due diligence’ thoroughly
  • customers who are not local to your business
  • customers involved in a business that handles large amounts of cash
  • businesses with a complicated ownership structure that could conceal underlying beneficiaries
  • a customer - or group of customers - who makes regular transactions with the same individual or group of individuals

Customer behaviours that might suggest a risk

Behaviour that may indicate a potential risk could be when a customer:

  • does not want to give you identification, or gives you identification that is not satisfactory
  • does not want to reveal the name of a person they represent
  • agrees to bear very high or uncommercial penalties or charges
  • enters into transactions that do not make commercial sense
  • is involved in transactions where you cannot easily check where funds have come from

You must send a Suspicious Activity Report (SAR) to the National Crime Agency if you have any suspicion that a transaction relates to money laundering and/or terrorist financing and get a defence to protect you from a money laundering offence. You should always report before a transaction is made where possible. If your suspicion is raised after the transaction is completed you must send a SAR at the earliest opportunity.

Risks associated with your products and services

Depending on your business type there may be a risk:

  • that inappropriate assets could be placed in your business, or moved from or through it
  • from a product or service which allows the ownership of assets to be disguised
  • when you supply services without meeting your customer face to face

The types of risk you need to identify will depend on the nature of your business. For example, ‘High Value Dealers’ need to be aware of the risk associated with cash sales of high value goods for more than 10,000 euros that can be either:

  • sold through the black market - these are generally luxury items
  • returned to the retailer in exchange for a legitimate cheque from them

Get more information

You can get more guidance on carrying out your risk assessment for:

What to do when you’ve carried out your risk assessment

Once you’ve completed your risk assessment you need to:

  • put in place policies, controls and procedures to reduce any risks of money laundering that you identified
  • monitor your business on an ongoing basis to make sure your controls are effective
  • identify and report any suspicious transactions or activities

Updates to this page

Published 23 October 2014
Last updated 4 August 2021 + show all updates
  1. A link to Art market participants guidance for money laundering supervision has been added.

  2. Updated guide to explain that providers have to complete a risk assessment of customers and removed the section on the source of funds check.

  3. First published.

Sign up for emails or print this page