Regulatory Alerts2018-03-26
Guidance Note on Money Laundering Risk Assessment
Part III: Risk Assessment Methodology 3.1 Identification of ML/TF Risks 3.1.1 External Risk Factors 3.1.2 Internal Risk Factors 3.1.3 Other Qualitative Risk Factors 3.2 Detailed Analysis 3.2.1 Likelihood versus Impact Matrix 3.2.2 Risk Matrix 3.2.3 Evaluation of the AML/CFT Program 3.3 Scoring and Weights 3.4 Residual Risk 4. Reporting 4.1 Reports to Management 4.2 Report to Cbk Below is a summary of the risk assessment methodology according to CBK: The Central Bank of Kenya (CBK) expects regulated entities to carry out a risk-based approach for anti-money laundering and countering financing of terrorism (AML/CFT). The following sections outline the risk assessment framework required under AML/CFT regulations. 3.1 Identification of ML/TF Risks: The process begins with the identification of money laundering and terrorist financing risks associated with the entity's operations, products, or services. This is achieved by considering both external factors (e.g., geographical risk indicators, customer behavior) as well as internal factors (e.g., transaction monitoring, employee conduct). 3.1.1 External Risk Factors: These are the risks originating from external environment which influence or affect the entity's operations. They may include legal or regulatory changes, national risk assessments, industry trends, or macroeconomic conditions. 3.1.2 Internal Risk Factors: These are the inherent risks within the institution that originate due to its business activities, products, and services, as well as the characteristics of its clients and geographical locations of their transactions. 3.1.3 Other Qualitative Risk Factors: These include additional risk factors directly or indirectly impacting inherent risks, such as significant strategy/operational changes, national risk assessments, and other factors that may influence or affect the institution's AML/CFT framework. 3.2 Detailed Analysis: Once the risks have been identified, a more detailed analysis of the data is conducted to better understand the institution's ML/TF risk profile. This includes evaluating data pertaining to the bank's activities (e.g., number of domestic and international funds transfers, types of customers, geographic locations of business areas and customer transactions). 3.2.1 Likelihood versus Impact Matrix: A likelihood vs impact matrix can be used to help determine the level of effort or monitoring required for the identified inherent risks. 3.2.2 Risk Matrix: This is another methodology that helps in assessing and categorizing risk. By using a risk matrix, an institution can identify which risk categories are low-risk, acceptable risk, or high/unacceptable risk of money laundering and terrorism financing. 3.2.3 Evaluation of the AML/CFT Program: The next step involves evaluating the internal controls in place to determine how effectively they offset the identified risks. Controls are programmes, policies, or activities that institutions put in preventing and investigating financial crimes. 3. Scoring and Weights: Institutions are expected to develop a scoring and weights model based on their business operations and risk profiles.