Distorted graph and sound waves over a blue background

Managing the new landscape of anti-money laundering risk assessment in financial institutions

Managing the new landscape of anti-money laundering risk assessment in financial institutions

4 Minute Read

As FINTRAC becomes more stringent in its reviews of your risk framework, your risk assessment processes need to evolve with the landscape.

Senior Manager, AML Regulatory Compliance and Forensics
Partner - Financial Services Institutions Leader

According to Canada's Anti-Money Laundering (AML) Legislation, the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and associated regulations, financial institutions, including banks and credit unions, must conduct a risk assessment of their respective money laundering risks (ML) and terrorist financing (TF) risks.

The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) is the government regulator saddled with the responsibility for enforcing this legislation, which includes examining how Canadian financial institutions conduct risk assessments of their business activities and client relationships. FINTRAC primarily uses its examination approach and methodology to assess the effectiveness of the risk assessment frameworks for regulated entities.

As the landscape of money laundering, fraud, terrorist financing, and financial irregularities becomes increasingly complex, FINTRAC is adapting its review process accordingly. Its compliance examinations are becoming more thorough and financial institutions are expected to meet these higher standards relative to their respective ML/TF risks. Therefore, the risk mitigation measures and processes that may have satisfied FINTRAC in the past may not be sufficient today.

The basics of anti-money laundering legislation

Anti-money laundering legislation, often referred to as AML, is a series of laws and regulations designed to combat the act of taking illegal funds and making them appear as legitimate income. These laws were designed to make it easier for organizations to understand their role in AML efforts and how they can effectively combat financial crime.

Different industries have different responsibilities. Financial institutions have one of the highest levels of responsibility given their proximity to funds.

The regulatory landscape and anti-money laundering laws are constantly evolving to meet the new methods of global money laundering. Here is what you need to know about FINTRAC's enhanced risk assessment expectations.

Mastering your automated anti-money laundering compliance tools

When FINTRAC reviews your risk assessment compliance, it expects you to adequately and reliably speak to every element of your institution's risk assessment framework. For example, FINTRAC may ask you about:

  • Your financial institution's decision process and the parameters for assigning certain risk scores to all aspects of the bank's or credit union's business and its client relationships;
  • The technologies used to assess risks for individual clients and transactions, and how these have been customized to fit your institution's business model and its unique client base; and
  • Any unique elements of the business that poses a high risk, and the documented rationale to support this assessment.

FINTRAC's expectations are clear on the use of automated AML compliance tools to fulfill your regulatory obligations. While these tools are designed with the capacity to accommodate a broad range of risk assessment needs, you are expected to customize these tools to suit your unique business model. These customization considerations should take the following into account:

  • Products and services;
  • Delivery channels;
  • Geographies;
  • New development and technologies; and
  • Other relevant risks to the business.

Solely relying on the off-the-shelf capabilities of these automated AML compliance tools, as well as your understanding of industry benchmarks and norms from your competitors, may be inadequate during a FINTRAC examination of your risk assessment framework if the specific risks to your business are not adequately identified and mitigated.

For example, if your institution does business in an area that is a hotbed for human and drug trafficking either, you would be expected to have processes incorporated specifically designed to address human trafficking. These would include customized AML transaction monitoring rules with suspicious transactions connected to it, including the requisite competency training for staff.

It is also imperative that client risk ratings presented by your automated AML compliance tool are consistent with your documented client risk rating methodology. Inconsistencies could negatively impact your ability to detect suspicious transaction reports from clients that pose a high risk of money laundering or terrorist financing. This can have a significant impact on FINTRAC's assessment of the effectiveness of your risk assessment framework. Failure to apply enhanced due diligence measures, where appropriate, might lead to undetected suspicious transactions, thereby preventing you from fulfilling your suspicious transaction reporting obligations.

The evolving landscape and the risks of not adapting

In response to the increasing prevalence of new products and services, evolving transaction types, and technological innovation, FINTRAC is compelled to raise its review standards, adjust and its expectations for your compliance program. Virtual currencies, crowdfunding platforms, trade-based money laundering, payment service providers, Exchange-traded funds (ETFs), and mobile retail investing apps all present enhanced layers of risk and complexity and FINTRAC must evolve its standards to accommodate these changes to the financial services ecosystem. These innovations and developments have been increasing in popularity, a trend catalyzed by the COVID pandemic.

It is imperative that your risk assessment framework considers these inherent risks associated with your business activities, including having a plan for any future adoptions of new technology, so you can continue to prevent potential money laundering, and financial crimes.

Best practices

Financial institutions best poised to address the new realities of enhanced risk assessments and perform well in a FINTRAC examination share several characteristics.

Human capital

Whether you build your AML compliance tool in-house or implement a third-party solution, one of the best investments you can make is ensuring your staff members are trained and equipped on how to effectively use it and can answer questions related to its functionality.

Compliance staff members responsible for enhanced customer due diligence, and customer risk rating consistency must be trained to understand each facet of the automated AML compliance tools at their disposal, including relevant exceptions.

Your governance and senior management framework overseeing AML and risk assessment must also be designed to receive timely and effective correspondence and reporting from the compliance team to enable them to make informed decisions on training, and onboarding, and to provide other additional support to the team.


Convergence refers to creating and managing the link between governance, risk, and compliance. This requires you to foster effective communications and collaboration between disparate organizational teams whose responsibilities and functions may overlap or where there may be dependencies.

Understanding your risk factors, and the parameters around your risk rating systems, is crucial across these teams; it creates a feedback loop that helps determine your real risks, and how to recognize them. Having different departments working in multiple silos increases the potential for communication breakdowns and a misalignment between expectations versus delivery.

Know Your Customer (KYC) consistency

It is also important to ensure your primary core banking software/system is programmed to feed your AML compliance tool with the most up-to-date information on client KYC, including key factors, such as occupation and address. For example, a high-risk occupation can alter a client's risk rating if it's accurately identified, based on your risk rating methodology. However, if this information is not available to your AML compliance tool in real-time, or within a reasonable timeframe, it may lead to your risk assessment procedures not identifying high-risk client relationships.

Unbiased external advisors

Do not wait until you receive a phone call from FINTRAC to complete an examination of your compliance program, including an effectiveness review of your risk assessment framework. An external third party can look at your current risk ecosystem and risk profile, point out gaps in your processes, and give recommendations to improve. This proactive approach enables you to face your next FINTRAC examination with more confidence and peace of mind.

Contact us

If you are struggling to adapt to the new realities of risk assessment or are concerned about answering the questions FINTRAC will ask at your next examination, you are not alone. Our AML advisory team can help you identify your needs and execute a plan to improve your risk assessment process. 

Mondiu Jaiyesimi , CAMS, CBP, FIS, MSc.
Manager, Forensics
[email protected]

Steven Luckie
Partner - Financial Services Institutions Leader
[email protected]


  • Progress

    Your farm succession plan isn’t complete until it exists in writing

    The average age of farmers in Canada is increasing. Having a written succession plan becomes more important as you age, to help secure your legacy, protect your farm operation, and reduce conflict.

  • Progress

    How SMARTPro Helps Enhance Practice Value

    Learn how to get your practice into a ready state for a sale with SMARTPro.

  • April 10, 2024

    Unlock board value: key strategies for strong governance

    In the face of ever-present change and rapidly evolving challenges, having a solid board of directors can be a game-changer for your organization.