Key Elements of an Effective EWRA Framework
Key Elements of an Effective EWRA Framework
Conducting an Enterprise-Wide Risk Assessment (EWRA) is a necessary step towards fulfilling an entity’s obligations under UAE’s anti-money laundering / countering the financing of terrorism (AML/CFT) laws, including the Federal Decree-Law No. (20) of 2018 and Cabinet Decision No. (10) of 2019 .
An EWRA framework is aimed at ensuring the mitigation of money laundering (ML), terrorism financing (TF) and proliferation financing (PF) risks that the entity may face. This infographic highlights the key elements that must be incorporated in the EWRA to make it effective and robust. The key elements of an effective EWRA framework are elaborated upon below.
1. Tailored to the nature and size of the business
EWRA must be tailored to the specific characteristics of the business, such as its nature and size. This is so that the unique risks associated with the business are recognised and addressed. Customising AML/CFT measures to these specific risks ensures that they are effectively prevented and mitigated. For example, a dealer in precious metals and stones would face different ML, TF and PF risks than a banking company.
2. Comprehensive ML/TF/PF risk Consideration
EWRA must take into Consideration ML/TF/PF risks posed by the following:
Customers:
While conducting the EWRA, entities must take into account the risks posed by their potential customers. For example, if an entity often provides services to politically exposed persons (PEPs) or persons from high-risk jurisdictions, the entity needs to manage the risks associated with such high-risk customers.
Products and Services:
The products and services offered by a business must be considered while conducting the EWRA. Certain financial products or services are exposed to a higher risk of ML, TF, and PF due to their nature, complexity, or how they are used. For example, products that allow for high-value transactions, anonymous transactions, or cash-based transactions are more exposed to the risks of ML, TF, or PF. These businesses need to adopt risk mitigation measures accordingly.
Transactions:
Businesses need to analyse the nature and volume of transactions they usually undertake, as well as the ML, TF, or ML risks posed by such transactions. For example, high-value transactions or cash-intensive transactions pose higher risks, and effective AML/CFT measures need to be adopted accordingly. Having an effective transaction monitoring mechanism in place helps detect any abnormalities that arise in the course of a business relationship and report such risks to regulatory authorities in a timely manner.
Delivery Channels:
Delivery channel risks are those that are associated with the medium through which client interaction occurs, and the products and services are provided. Firms need to consider the channel of interaction with the client, whether the client’s instructions were channelled through a third party, whether the interaction with the customer is face-to-face or non-face-to-face, etc. Further, online or remote delivery channels may pose increased exposure to risks due to anonymity or false identity. Therefore, these channels require increased risk mitigation and customer due diligence mechanisms.
Geography:
Entities need to consider the geographies on which their customers are based. For example, customers from geographies that are on the FATF blacklist can be classified as high-risk. The entities must put proper controls to mitigate such risks.
Technologies:
EWRA should assess the risks associated with the products and services delivered through the new and upcoming technologies. These technologies should be assessed to ensure that the systems are secure and up to date and can handle the evolving risks of ML, TF, and PF.
Other Relevant Risk Factors:
Other risks that the EWRA should take into consideration are third-party risks, such as those associated with the agents or intermediaries engaged by the entity, risks of not keeping with the dynamic AML/CFT laws and regulations, risks of inadequate ongoing monitoring mechanisms for customer relationships, transactions, etc.
3. Alignment with the National Risk Assessment (NRA)
National Risk Assessment (NRA) of the UAE is published by the National Anti-Money Laundering and Combatting Financing of Terrorism and Financing of Illegal Organizations Committee (NAMLCFTC) to provide a broad overview of the ML, TF or PF risks faced by UAE at the national level. NRA offers valuable insights into the country’s ML, TF, or PF vulnerabilities. While conducting their EWRA, entities should take the NRA of the UAE into account and incorporate its findings and suggestions.
4. Incorporation of the Sectoral Risk Assessment
Entities should consider the specific ML, TF or PF risks faced by the sector in which the entity operates. These specific risks are often assessed by the sector’s AML/CFT regulator. For example, the Central Bank of UAE releases its Sectoral Report on Money Laundering and Terrorism Financing Risk Assessment for entities operating in the financial sector of the UAE. Entities must incorporate the findings and suggestions of sector-specific risk assessments into their EWRA.
5. Regular Review and Updates
EWRAs must be regularly reviewed and updated through regular audits and health checks. ML, TF, and PF are constantly evolving, and so are the AML/CFT laws and regulations that deal with emerging threats. Regular reviews ensure that EWRAs are up to date with their AML/CFT compliance and have the ability to handle the emerging threats of ML, TF and PF. Regular reviews also ensure that any gaps in the AML/CFT program of the entity are identified and remediated.
6. Senior Management Approval
Senior management must be involved in the conducting of the EWRA and approve it after its completion. The participation of senior management ensures that the EWRA is conducted efficiently and in a timely manner. After the EWRA is conducted, the senior management should review and sign off on the same to formalise the EWRA and endorse its contents as an integral part of the entity’s internal AML/CFT program. The approval reinforces the importance of the EWRA.
Conclusion
An effective AML/CTF EWRA requires careful consideration of various factors that have been discussed in this infographic. Ensuring that these factors are incorporated into the EWRA sets the foundation for a comprehensive AML/CFT program. Therefore, these elements must be considered while conducting the EWRA process.