National Risk Analysis (NRA)Framework

By

 Understanding the money laundering and terrorist financing risks is an essential part of developing and implementing a national anti-money laundering / countering the financing of terrorism (AML/CFT) regime.

A risk assessment allows countries to identify, assess and understand its money laundering and terrorist financing risks. Once these risks are properly understood, countries can apply AML/CFT measures that correspond to the level of risk, in other words: the risk-based approach (RBA).  The risk-based approach, which is central to the FATF Recommendations, enables countries to prioritise their resources and allocate them efficiently. 

The FATF has developed guidance which will assist countries in the conduct of risk assessment at the country or national level


The FATF Standard: FATF recommendation 1 :

 

Countries should identify, assess, and understand the money laundering and terrorist financing risks for the country, and should take action, including designating an authority or mechanism to coordinate actions to assess risks, and apply resources, aimed at ensuring the risks are mitigated effectively. Based on that assessment, countries should apply a risk-based approach (RBA) to ensure that measures to prevent or mitigate money laundering and terrorist financing are commensurate with the risks identified. This approach should be an essential foundation to efficient allocation of resources across the anti-money laundering and countering the financing of terrorism (AML/CFT) regime and the implementation of risk-based measures throughout the FATF Recommendations. Where countries identify higher risks, they should ensure that their AML/CFT regime adequately addresses such risks. Where countries identify lower risks, they may decide to allow simplified measures for some of the FATF Recommendations under certain conditions. Countries should require financial institutions and designated non-financial businesses and professions (DNFBPs) to identify, assess and take effective action to mitigate their money laundering and terrorist financing risks.

Identifying, assessing, and understanding ML/TF risks is an essential part of the implementation and development of a national AML/CFT system, which includes laws, regulations, enforcement and other measures to mitigate ML/TF risks. It assists in the prioritisation and efficient allocation of resources by authorities.

The results of a national risk assessment, whatever its scope, can also provide useful information to financial institutions and designated non-financial businesses and professions (DNFBPs) to support the conduct of their own risk assessments. Once ML/TF risks are properly understood, country authorities may apply AML/CFT measures in a way that ensures they are commensurate with those risks –i.e,.the risk-based approach (RBA)–which is central to the FATF standards as is set out in Recommendation 1, its interpretive note (INR 1), as well as in other Recommendations (e.g., Recommendations 10, 26 and 28).

Methodology

The terminology and methodology of the NRA are based in part on the guidance of the Financial Action Task Force (FATF), the international standard-setting body for AML/CFT safeguards. The following concepts are used in this risk assessment: 

Threats: For purposes of the NRA, threats are the predicate crimes that are associated with money laundering. The environment in which predicate offences are committed and the proceeds of crime are generated is relevant to understanding why, in some cases, specific crimes are associated with specific money laundering methods. 

Vulnerabilities: Vulnerabilities are what facilitate or create the opportunity for money laundering. They may relate to a specific financial sector or product or a weakness in law, regulation, supervision, or enforcement. 

Consequences: Consequences include harms or costs inflicted upon  citizens and the effect on the  economy, which provide further context on the nature of the threats. 

Risk: Risk is a function of threat, vulnerability, and consequence. It represents an overall assessment, taking into consideration the effect of mitigating measures including regulation, supervision, and enforcement


Some examples of specific ML/TF risk events (derived from the threats, vulnerabilities and consequences) identified at this stage might include the following:

1.      “Organised crime groups place proceeds of crime into the financial system through co-mingling cash with legitimate business takings.”

2.      “Narcotics trafficking groups use cash smuggling to move illegal proceeds over the border.”

3.      “Terrorist group X is known to raise funds via cash donations obtained within the country.”

4.      “Foreign terrorist groups uses domestic NPOs as fronts for terrorist financing activities.”

5.      “Foreign criminal groups launder foreign proceeds of crime in the country by investing in the domestic real estate sector.”

6.      “Criminals and terrorists exploit the lack of information on beneficial ownership and control of companies to obscure or hide links between them and legal persons controlled or owned by them.”

7.      “Terrorists / criminals move funds out of the country via informal money transfer businesses.”

8.      “Financial institutions fail to identify suspicious transactions because of poor monitoring systems.”

9.      “Law enforcement fails to investigate ML due to their focus on predicate crime only.”

10.  “Launderers avoid conviction due to poorly drafted ML laws.”

11.  “Law enforcement are unable to investigate some ML and TF cases due to poor information about beneficial ownership and control of companies used by launderers and financiers.”

12.  “Confiscation of proceeds of crime fails because law enforcement fail to use provisional measures to freeze or seize assets during investigations.”

13.  Another approach that may be used starts from a macro-level and tends to focus more on circumstances. Under this approach a list of risk factors (relating to threats and vulnerabilities, see Annexes I and II for some examples of risk factors) is identified for analysis. The list can be expanded or narrowed down depending on the scope of the ML/TF assessment.


Source: FATF


Determination of Size or Seriousness of the Risk

Having considered the influence of the broad environmental factors on each identified risk the analysis stage can move on to attempting to determine the size or seriousness of each risk. Often this may mean determining the size or seriousness of the risk in relative terms to other risks. This can be done by using different techniques, for example:

1.      If doing this holistically, those involved in the risk analysis might collectively rank or categorise each of the identified risks in terms of their degree and relative importance.

2.      More formal analytical techniques can involve identifying the nature and extent of the consequences of each risk along with the likelihood that the risk may materialise and combining those results to determine a level of risk, which is often presented through the use of a matrix. The actual processes used to identify consequences and determine likelihood can also vary: Some countries may choose to employ more formal techniques such as surveys of experts or statistical analysis of the frequency of past ML or TF risk related activity. Others may choose to rely on the conclusions of a group discussion or workshop to help develop this information


Performance of Countries regarding NRA

 

FATF data from April 2022 show that only 11 countries, or 8.5 percent of those assessed, are fully compliant with Recommendation 1 on “identifying, assessing and understanding” money laundering risks. Three countries are fully non-compliant — the DRC, Haiti and Madagascar — and the rest have significant room for improvement.

Sadly, when it comes to the effectiveness of countries’ efforts to assess ML/TF risks, according to the FATF’s Immediate Outcomes, not even one country achieves the highest mark. A quarter of countries are scored as having “negligible” effectiveness, with the remaining 75 percent still requiring major improvements.

Here are some common reasons for such a situation:

  • A full NRA is not entirely conducted or not approved by the authorities. The assessment is limited to several industries.
  • Several actors from the private or public sectors do not participate in the assessment (real estate agents, car dealers, lawyers, investigators, etc.).
  • A risk-based approach is not applied. This includes not having a mechanism to deal with high-risk situations or to implement simplified procedures for low-risk situations.
  • Financial institutions are not required to document their risk assessments or update them. They may not have appropriate mechanisms to share this information with relative authorities.
  • Results of the NRAs are not well disseminated.
  • The  lack of data.

 

Issues with data availability

 

The availability of data and their quality may vary from country to country. A 2022 World Bank report on NRAs in eight advanced countries pointed out worryingly that “most NRAs relied on just one or two data sources. The quality of the data sources was never systematically assessed.”


The FATF recommends not to rely exclusively on quantitative information but also include qualitative information such as expert judgements, private-sector inputs, case studies, typology studies, surveys and perception indexes. This is especially important for “low-capacity countries with limited data on criminal investigations or financial transactions.” 

Perhaps due to difficulties in accessing data on terrorist financing, countries tend to underestimate their TF risks.

Unlike with the identification of national hazard or disaster risks, the probability/likelihood of ML/TF “events” is not a major factor. This is due to the specifics of financial crimes and the inability to predict them reliably.

The FATF Mutual Evaluations

The FATF conducts mutual evaluations of its members’ levels of implementation of the FATF Recommendations on an ongoing basis. These are peer reviews, where members from different countries assess another country. The FATF Methodology for assessing compliance with the FATF Recommendations and the effectiveness of AML/CFT systems sets out the evaluation process.  

Assessments focus on two areas, effectiveness and technical compliance.  

  • The emphasis of any assessment is on effectiveness.  A country must demonstrate that, in the context of the risks it is exposed to, it has an effective framework to protect the financial system from abuse.   The assessment team will look at 11 key areas, or immediate outcomes, to determine the level of effectiveness of a country's efforts.  
  • The assessment also looks at whether a country has met all the technical requirements of each of the 40 FATF Recommendations in its laws, regulations and other legal instruments to combat money laundering, and the financing of terrorism and proliferation.  

A mutual evaluation report provides an in-depth description and analysis of a country’s system for preventing criminal abuse of the financial system as well as focused recommendations to the country to further strengthen its system.  

The Methodology will be used by the FATF, the FATF-Style Regional Bodies (FSRBs) and other assessment bodies such as the IMF and the World Bank.   The Methodology was adopted on 22 February 2013, and regularly updated;  (see also 'Information on updates made to the FATF Methodology').

Revision of the FATF Assessment Methodology

The FATF amended its assessment methodology in 2022. The FATF commenced its 5th round of evaluations under this amended methodology in 2024 and FATF-Style Regional Bodies will also progressively use this methodology once they complete their previous round of evaluations.

The 2013 FATF Methodology for assessing compliance with the FATF Recommendations and the effectiveness of AML/CFT systems and the Procedures for the FATF Fourth Round of AML/CFT Mutual Evaluations will continue to apply to countries being evaluated under the previous round of evaluations and related follow-up processes.


NRA — different methodologies


There is no single or universal methodology for conducting an NRA, as the recent World Bank analysis pointed out. The NRA framework  within the overall FATF guidance has been developed by World Bank, IMF, The Basel AML Index, Wolfberg Group  etc. in their quest for promoting AML/CFT processes in the  interconnected global economy.



The World Bank, FATF and International Monetary Fund have suggested several different guidelines, tools or principles for the evaluation process. 

Many countries use the World Bank’s tool for conducting an NRA. This consists of eight modules, covering topics such as financial product risk and sectoral vulnerabilities. It replaces an earlier NRA tool that used a matrix approach to assesses threats and vulnerabilities in five different areas. The World Bank may provide technical assistance for countries to launch an NRA.


The Basel AML Index, the Basel Institute’s tool for assessing ML/TF risks around the world, does not include NRAs as a standalone factor in ranking countries. This because FATF data — which already takes into account a country’s NRA — is a core element of the Basel AML Index methodology.

NRAs are, however, the main basis of special reports on ML/TF risks in smaller jurisdictions including Jersey, Guernsey, Isle of Man, Gibraltar and the Cayman Islands. These are available to Expert Edition Plus subscribers. Expert Edition and Expert Edition Plus subscriptions are free for most organisations outside the private sector.


An example of National Risk Assessment of ML/TF risks faced by Israel is accessible on this link  

 Happy Reading


Those who read this, also read

1. Country  Risk Analysis Framework : IMF

2. Country  Risk Assessment Framework: World Bank

3. Country Risk Analysis: The Basel AML Index

4 Framework for Country Risk Analysis : FATF


Formerly Faculty for Finance & Associate Dean, IBS-Kochi MBA (Banking & Finance – CUSAT);CFA. Accredited Management Teacher from CME of AIMA, Delhi has been in Management Education from 1988. Exposure is in the field of Mutual Funds, Market Research, Project Report preparation & evaluation, Advertising & NGO Activities. This Chief Manager, UTI Asset Management Co Pvt. Ltd(1992-2003), Mumbai. Undergone training in Case Study method of teaching under Mr. Trevor Williams and Mr. Scott M Andrews conducted by the ECCH, UK . Published Books & Book Review, Series of academic articles and maintains a column on MFs under "Fund scan" in Business Manorama since January 2007,Contributes "Portfolio Doctor" column for 'Sampadyam' a wealth mgt publication in Malayalam from manorama group since February 2007, Listed her case studies at asiacase.com.Presented papers in national & international conferences on Mutual Funds. Faculty Member @ ASIET, Kalady from 2010 to June 2019. Dean @ SNGIST, N Paravur, Ernakulam from Sep 2019 -Jan 2021, I continue my efforts to spread the knowledge in area of Finance and contribute to Management Education

Comments

Post a Comment

Popular posts from this blog

National Risk Assessment (NRA): India

By
  India's National Risk Assessment (NRA) is  an ongoing exercise to identify sectors that are vulnerable to money laundering and terrorist financing (ML/TF) .  The NRA is based on recommendations from the Financial Action Task Force (FATF) and helps inform policy-making, resource allocation, and the implementation of effective AML/CFT measures. The NRA also ensures that national strategies address both domestic and international threats. The NRA provides a foundation for informed policy-making, resource allocation, and the implementation of effective AML/CFT measures . It ensures that national strategies are aligned with the specific risk landscape of the country and that they address both domestic and international threats. The subject matter of NRA  was discussed in the Anti-Money Laundering Steering Committee (AMLSC) set up with the approval of Finance Minister, and it was decided to conduct the NRA following the World Bank methodology. The Methodology requi...
Read more

Customer Due Diligence(CDD) : Individuals

By
Image
This post is based on RBI Master Circular dated Feb 25, 2016 updated on Jan 04, 2024  Part I - Customer Due Diligence (CDD) Procedure in case of Individuals For undertaking CDD, REs shall obtain the following from an individual while establishing an account-based relationship or while dealing with the individual who is a beneficial owner, authorised signatory or the power of attorney holder related to any legal entity: (a)     the Aadhaar number where,   (i) He is desirous of receiving any benefit or subsidy under any scheme notified under section 7 of the Aadhaar (Targeted Delivery of Financial and Other subsidies, Benefits and Services) Act, 2016 (18 of 2016); or (ii) He decides to submit his Aadhaar number voluntarily to a bank or any RE notified under first proviso to sub-section (1) of section 11A of the PML Act; or (aa) the proof of possession of Aadhaar number where offline verification can be carried out; or (ab) the proof of possession of Aa...
Read more

Periodic Updation of Customer Risk Profile

By
1. Preparation of Customer Profile from KYC Data In the initial years of KYC, RBI has been following a handholding approach as can be seen from their circular dated July 2009 and that of Feb 25, 2016 as updated on Jan 04, 2024. RBI requires REs to conduct risk profiling and risk categorization and periodic updation.  Extracts from RBI MD dated July 01, 2009 under Customer Acceptance Policy a)ii) Parameters of risk perception are clearly defined in terms of the nature of business activity , location of customer  and his clients, mode of payments, volume of turnover, social and financial status etc. to enable categorisation of customers into low, medium and high risk (banks may choose any suitable nomenclature viz. level I, level II and level III). Customers requiring very high level of monitoring, e.g. Politically Exposed Persons (PEPs) may, if considered necessary, be categorised even higher; b). Banks should prepare a profile for each new customer based on risk categorisatio...
Read more