Checklist for an Effective EWRA Documentation

Checklist for an Effective EWRA Documentation

Money Laundering, Terrorist Financing, and Proliferation Financing of Weapons of Mass Destruction are financial crimes that have far-reaching implications for the global economy. Designated Non-Financial Businesses and Professions and Virtual Asset Service Providers are required by the Federal Decree Law No. (20) of 2018 to implement a suitable AML/CFT program to counter such risks. One of the prerequisites for crafting an AML/CFT program is to perform ML/TF/PF Enterprise-Wide Risk assessment.

The Enterprise-Wide Risk Assessment methodology and its implementation must be documented, and relevant records pertaining to it must be preserved for 5 years for entities governed by the Ministry of Economy and 6 years for entities governed by the Financial Services Regulatory Authority (ADGM) or Dubai Financial Services Authority (DFSA).

It’s important for DNFBPs and VASPs to provide an overview of their business, products, services, and overall regulatory framework within which they operate. Further, they also need to identify and assess relevant ML/TF/PF risks and their likely impact on the entity.

Depending upon the risks associated with each risk factor, suitable controls are required to be implemented, and the net risk must be kept in check. The entities are also required to identify and assess their risk appetite. A formal risk appetite statement will help entities understand if they need to enforce more stringent controls where the risk exposure exceeds their level of risk appetite.

Here is the comprehensive checklist to help you meet the record-keeping requirements pertaining to the ML/TF/PF Business Risk Assessment.

Checklist for an Effective ML/TF/PF EWRA Documentation

  1. Provide a clear overview of your business. Including industry, products, services, size, management, complexity, geographies, customers, suppliers, technology, and regulatory framework
  2. Outline the ML/TF/PF risk assessment methodology
  3. Describe the pivotal role of ML/TF/PF EWRA in your ML/TF/PF risk mitigation strategy
  4. Describe the triggers requiring an update in EWRA
  5. Describe the inherent ML/TF/PF risk factors
  6. List down the likelihood and impact of various ML/TF/PF risks
  7. Describe the controls employed to counter ML/TF/PF risks
  8. Describe the methodology adopted to test the effectiveness of control measures
  9. Describe your reliance on the historical data and assumptions, if any
  10. Explain if some variables matter more in the risk assessment. List down and describe those variables.
  11. List the high-risk products and services, if any, and their % contribution to your business.
  12. Explain if compounded risk could be a variable in your risk assessment. Say, a PEP buying a high-risk product.
  13. Explain the staff training methodology around assessed risks and controls implemented
  14. Document your risk appetite statement
  15. Document gross risk, controls, and residual risk
  16. Document the controls to be implemented to keep residual risk in check
  17. Document the procedures for ML/TF/PF EWRA approval