Distorted graph and sound waves over a blue background

Managing the new landscape of AML risk assessment in financial institutions

October 13, 2022

Managing the new landscape of AML risk assessment in financial institutions

Synopsis
4 Minute Read

As FINTRAC becomes more stringent in its reviews of your risk framework, your risk assessment processes need to evolve with the landscape.

Partner - Financial Services Institutions Leader

According to Canada’s Anti-Money Laundering (AML) Legislation, the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and associated regulations, financial institutions, including banks and credit unions, must conduct a risk assessment of their respective money laundering (ML) and terrorist financing (TF) risks.

The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) is the government regulator saddled with the responsibility for enforcing this legislation, which includes examining how Canadian financial institutions conduct risk assessments of their business activities and client relationships. FINTRAC primarily uses its examination approach and methodology to assess the effectiveness of the risk assessment frameworks for regulated entities.

As the landscape of money laundering, fraud, terrorist financing, and financial irregularities becomes increasingly complex, FINTRAC is adapting its review process accordingly. Its compliance examinations are becoming more thorough and financial institutions are expected to meet these higher standards relative to their respective ML/TF risks. Therefore, the risk mitigation measures and processes that may have satisfied FINTRAC in the past may not be sufficient today.

Against the backdrop of the evolving AML regulatory landscape, here is what you need to know about FINTRAC’s enhanced risk assessment expectations.

Mastering your automated AML compliance tools

When FINTRAC reviews your risk assessment compliance, it expects you to adequately and reliably speak to every element of your institution’s risk assessment framework. For example, FINTRAC may ask you about:

  • Your financial institution’s decision process and the parameters for assigning certain risk scores to all aspects of the bank’s or credit union’s business and its client relationships;
  • The technologies used to assess risks for individual clients and transactions, and how these have been customized to fit your institution’s business model and its unique client base; and
  • Any unique elements of the business that poses a high risk, and the documented rationale to support this assessment.

FINTRAC’s expectations are clear on the use of automated AML compliance tools to fulfill your regulatory obligations. While these tools are designed with the capacity to accommodate a broad range of risk assessment needs, you are expected to customize these tools to suit your unique business model. These customization considerations should take the following into account:

  • Products and services;
  • Delivery channels;
  • Geographies;
  • New development and technologies; and
  • Other relevant risks to the business.

Solely relying on the off-the-shelf capabilities of these automated AML compliance tools, as well as your understanding of industry benchmarks and norms from your competitors, may be inadequate during a FINTRAC examination of your risk assessment framework if the specific risks to your business are not adequately identified and mitigated.

For example, if your institution does business in an area that is a hotbed for human trafficking, you would be expected to have processes incorporated specifically designed to address human trafficking. These would include customized AML transaction monitoring rules with suspicious transactions connected to it, including the requisite competency training for staff.

It is also imperative that client risk ratings presented by your automated AML compliance tool are consistent with your documented client risk rating methodology. Inconsistencies could negatively impact your ability to detect clients that pose a high risk of money laundering or terrorist financing. This can have a significant impact on FINTRAC’s assessment of the effectiveness of your risk assessment framework. Failure to apply enhanced due diligence measures, where appropriate, might lead to undetected suspicious transactions, thereby preventing you from fulfilling your suspicious transaction reporting obligations.

The evolving landscape and the risks of not adapting

In response to the increasing prevalence of new products and services, evolving transaction types, and technological innovation, FINTRAC is compelled to raise its review standards, and its expectations for your compliance program. Virtual currencies, crowdfunding platforms, payment service providers, Exchange-traded funds (ETFs) and mobile retail investing apps all present enhanced layers of risk and complexity and FINTRAC must evolve its standards to accommodate these changes to the financial services ecosystem. These innovations and developments have been increasing in popularity, a trend catalyzed by the COVID pandemic.

It is imperative that your risk assessment framework considers these inherent risks associated with your business activities, including having a plan for any future adoptions of new technology.

Best practices

Financial institutions best poised to address the new realities of enhanced risk assessments and perform well in a FINTRAC examination, share several characteristics.

Human capital

Whether you build your AML compliance tool in-house or implement a third-party solution, one of the best investments you can make is ensuring your staff members are trained and equipped on how to effectively use it, and can answer questions related to its functionality.

Compliance staff members responsible for enhanced due diligence and customer risk rating consistency must be trained to understand each facet of the automated AML compliance tools at their disposal, including relevant exceptions.

Your governance and senior management framework overseeing AML and risk assessment must also be designed to receive timely and effective correspondence and reporting from the compliance team to enable them to make informed decisions on training, onboarding, and to provide other additional support to the team.

Convergence

Convergence refers to creating and managing the link between governance, risk, and compliance. This requires you to foster effective communications and collaboration between disparate organizational teams whose responsibilities and functions may overlap or where there may be dependencies.

Understanding your risk factors, and the parameters around your risk rating systems, is crucial across these teams; it creates a feedback loop that helps determine your real risks, and how to recognize them. Having different departments working in multiple silos increases the potential for communication breakdowns and a misalignment between expectations versus delivery.

Know Your Customer (KYC) consistency

It is also important to ensure your primary core banking software/system is programmed to feed your AML compliance tool with the most up-to-date information on client KYC, including key factors, such as occupation and address. For example, a high-risk occupation can alter a client’s risk rating if it’s accurately identified, based on your risk rating methodology. However, if this information is not available to your AML compliance tool in real time, or within a reasonable timeframe, it may lead to your risk assessment procedures not identifying high-risk client relationships.

Unbiased external advisors

Do not wait until you receive a phone call from FINTRAC to complete an examination of your compliance program, including an effectiveness review of your risk assessment framework. An external third party can look at your current risk ecosystem and risk profile, point out gaps in your processes, and give recommendations to improve. This proactive approach enables you to face your next FINTRAC examination with more confidence and peace of mind.

Contact us

If you are struggling to adapt to the new realities of risk assessment or are concerned about answering the questions FINTRAC will ask at your next examination, you are not alone. Our AML advisory team can help you identify your needs and execute a plan to improve your risk assessment process. 

Mondiu Jaiyesimi , CAMS, CBP, FIS, MSc.
Manager, Forensics
647-475-4500
[email protected]

Steven Luckie
Partner - Financial Services Institutions Leader
416-515-3837
[email protected]

Insights

  • Confidence

    November 28, 2022

    What you need to know about the CRA’s self-assessment tax audit process

    How do you prepare when the CRA requests an audit of specific expenses or deductions you’ve made?

  • Performance

    November 28, 2022

    Managing your farm’s living and dynamic budget

    Consider your farm’s budget as more than just a limit on your spending. When done properly, budgeting on your farm can be liberating, not limiting.

  • Performance

    November 25, 2022

    Managing your farm in an era of rising interest rates

    Rising interest rates present new challenges to farmers, but using the right strategies allows you to stay in control and navigate this period of change.