Incorporating Geographic Risk in CRA Methodology: A Step-by-Step Approach
A Ready Checklist for Evaluating Geographic Risk During Client Onboarding
Customer Risk Assessment (CRA), an important component of the Customer Due Diligence (CDD) process, requires Regulated Entities in UAE to consider various risk factors while assessing the financial crime risks a customer may pose to the business. One of these factors is Geographic Risk.
Geographic risk includes Money Laundering (ML), Terrorism Financing (TF), and Proliferation Financing (PF) risks emanating from the country which the client of a Regulated Entity is associated with.
In this infographic, we have outlined a systematic step-by-step approach for effectively managing country-related financial crime risks posed by a client of a Regulated Entity for effective Anti-Money Laundering (AML) compliance.
Step 1: Incorporate Geographic Risk Parameters in the Customer Risk Assessment Methodology
Regulated Entities need to define ML/TF and PF risk factors and assign relevant risk score, risk level, and weightage to them as a part of their CRA methodology. It must be aligned with the Enterprise-Wide Risk Assessment (EWRA) of the Regulated Entity. Geographic risk is one of the risk factors to be considered and included during the CRA process.
Assessing ML/TF and PF risks related to the country of the client is part of the geographic risks to be considered during the CRA process. Incorporating country related ML/TF and PF risk parameters helps Regulated Entity build accurate and relevant customer risk profiles.
We have detailed country-related ML/TF and PF risk parameters in our infographic on “Factoring Geographic Risk During Client Onboarding: A Checklist”
Step 2: Identify and Verify Client's Country-Related Information
Before onboarding, Regulated Entity should identify and verify a client’s country related information as a part of its Know Your Customer (KYC) process. This includes information about the following:
- Nationality or citizenship of the client
- Place of birth of the client (for clients that are individuals, or client’s Ultimate Beneficial Owners, and linked parties)
- Place of residency of the client
- Primary business location, headquarters, location of incorporation, or registration of the client (for legal persons)
- Jurisdictions from which the client conducts transactions with the Regulated Entity
Step 3: Perform Customer Risk Assessment
The Regulated Entity should use the information collected during the KYC process, Sanctions Screening, Politically Exposed Person (PEP) Screening, Adverse Media Screening results, and CRA methodology to conduct CRA for the client. This helps the Regulated Entity assess the financial crime risks emanating from the customer, while giving adequate weightage to country-related ML/TF and PF risk factors.
The CRA must be conducted by keeping in mind the specific country related information of the customer.
For example, a client was born in an FATF blacklisted country, but is a resident of country known to have effective AML/CFT/CPF regulations, would pose lower ML/TF and PF risks than a client that has the place of birth, nationality, and residence of an FATF Blacklisted country.
After conducting CRA, the Regulated Entity would understand the client’s ML/TF and PF risk profile.
Step 4: Adopt Risk-Based Customer Due Diligence Measures
The Regulated Entity should adopt ML/TF and PF risk control measures in accordance with the client’s risk profile. If the client has been assessed to pose high ML/TF and PF risks, Enhanced CDD measures should be adopted. If the clients have been assessed to pose low ML/TF and PF risk, Simplified CDD can be adopted. If the client’s level of ML/TF and PF risk is beyond the risk appetite of the Regulated Entity, the Regulated Entity may choose not to board the client.
Further, if the client, their activities, or the transactions they undertake are related to high-risk countries, High-Risk Country Transaction Report (HRC) or High-Risk Country Activity Report (HRCA) must be filed at the goAML portal.
High-risk Countries, as defined by the National Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organizations Committee (NAMLCFTC), are countries that have been Blacklisted by the FATF. Regulated Entity should also report any suspicions of ML/TF and PF that have been detected through the Suspicious Activity Report (SAR) or Suspicious Transaction Report (STR).
For example, consider a situation in which a Regulated Entity is approached by a client from a country Z to conduct a transaction on behalf of the client. During the CRA process, the Regulated Entity can use the country-specific ML/TF and PF risks parameters to assess the financial crime risks associated with country Z. If the Regulated Entity finds out that country Z is an FATF blacklisted country, it needs to file the HRC report. The Regulated Entity must also adopt EDD measures for the client. However, if the ML/TF and PF risks posed by the client are beyond what the Regulated Entity can manage, it can decide to offboard the client to derisk itself.
Step 5: Ensure Ongoing Monitoring
After onboarding the client, the Regulated Entity should ensure that it conducts ongoing monitoring of the business relationship with the client. This helps the Regulated Entity make sure that all client CDD information and their CRA are kept . For example, whenever the FATF Blacklists or Greylists a country, and the client is related to this country, the CRA of the client would change. Further, when a country the client is associated with gets Blacklisted by FATF, the Regulated Entity must file HRC or HRCA Report before continuing business relationship with the client. We have explained this in detail in this blog.
Factoring Country Risk During Client Onboarding: Final Thoughts
Implementing a structured approach to handling country-related ML/TF and PF risks enables Regulated Entities to enhance their AML risk management capabilities and ensure effective compliance with their AML/CFT/CPF obligations. By integrating a country risk rating framework into their CRA methodology, identifying and verifying country-related client information, performing CRA, adopting risk-based due diligence measures, and conducting ongoing monitoring, Regulated Entities can mitigate country-related ML/TF/PF risks effectively.
Related Posts
Confused with how to mitigate ML, FT, and PF risks within your Regulated Entity?