The prevention of money laundering and combating the financing of terrorism
2.11 A money laundering and terrorist financing risk assessment is a product or process based on a methodology, agreed by the parties involved, that attempts to identify, analyse and understand money laundering and terrorist financing risks. It serves as the first step in addressing the risks and, ideally, involves making judgments about threats, vulnerabilities and consequences.
2.12 Risk, therefore, is a function of three factors:
- threats – which are persons, or groups of people, objects or activities with the potential to cause harm, including criminals, terrorist groups and their facilitators, their funds, as well as past, present and future money laundering or terrorist financing activities
- vulnerabilities – which are those things that can be exploited by the threat or that may support or facilitate its activities and means focussing on the factors that represent weaknesses in AML/CTF systems or controls or certain features of a country, particular sector, financial product or type of service that make them attractive for money laundering and terrorist financing
- consequences – which refers to the impact or harm that money laundering or terrorist financing may cause, including the effect of the underlying criminal and terrorist activity on financial systems and institutions, the economy and society more generally.
2.13 The key to any risk assessment is that it adopts an approach that attempts to distinguish the extent of different risks to assist with prioritising mitigation efforts, rather than being a generic box-ticking exercise. The risk assessment process should consist of the following standard stages:
2.14 The identification process begins by developing an initial list of potential risks or risk factors when combating money laundering and terrorist financing. Risk factors are the specific threats or vulnerabilities that are the causes, sources or drivers of money laundering and terrorist financing risks. This list will be drawn from known or suspected threats or vulnerabilities. The identification process should be as comprehensive as possible, although newly identified or previously unidentified risks may also be considered at any stage in the process.
2.15 Analysis involves consideration of the nature, sources, likelihood, impact and consequences of the identified risks or risk factors. The aim of this stage is to gain a comprehensive understanding of each of the risks, as a combination of threat, vulnerability and consequence, in order to assign a relative value or importance to each of them. Risk analysis can be undertaken with varying degrees of detail, depending on the type of risk, the purpose of the risk assessment, and the information, data and resources available.
2.16 The evaluation stage involves assessing the risks analysed during the previous stage to determine priorities for addressing them, taking into account the purpose established at the beginning of the assessment process. These priorities can then contribute to development of a strategy for the mitigation of the risks.
2.17 Money laundering and terrorist financing risks may be measured using a number of factors. Application of risk categories to customers and situations can provide a strategy for managing potential risks by enabling casino operators to subject customers to proportionate controls and monitoring. The standard risk categories used by FATF for casinos are as follows:
- country or geographic risk
- customer risk
- transaction risk.
Casinos should also consider the risks posed by particular products they offer. (The risk categories used by the Commission in Money laundering and terrorist financing risk within the British gambling industry are customer, product and means of payment (as well as operator controls, and licensing and integrity controls).
Next chapter: Country/geographic risk