January 1, 2020 (MLN): The State Bank of Pakistan updated National Risk Assessment (NRA) on Money Laundering (ML) and Terrorist Financing (TF) in 2019. The SBP made obligatory regulations for Banks/ DFIs/ MFBs to concentrate regarding “know your customers” and “due diligence” for ML and TF.
In 2012, SBP had issued its Risk-Based Approach (RBA) guidelines on Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CFT). Subsequently, Pakistan committed an action plan with FATF in June 2018 and also undergone a Mutual Evaluation by Asia Pacific Group which was concluded in 2019.
It is prudent to highlight that FATF, the global finance system watchdog will hold a meeting in February 2020 regarding Pakistan’s deficiencies on AML/CFT.
In the context, findings of NRAs and developments, SBP is issuing updated guidance to its Regulated Entities (Res) for ensuring adoption of (Risk-Based Approach) RBA in line with international standards and best practices in areas: identification, assessment and understanding of ML/TF and Proliferation Financing (PF) risks, devising AML/CFT controls and preventive measures recommended by FATF for mitigation of ML/TF/PF risk.
Banks/DFIs/MFBs shall ensure an entity level internal risk assessment report covering ML/TF risks including Transnational TF, PF and other emerging risks to and from SBP’s REs. The assessment report would assess major international /domestic financial crimes and terrorist incidents which have a probability of posing ML/TF/PF risks to the entity, SBP REs and Pakistan’s financial sector.
The key features of this ML/TF risk assessment framework for Banks/ DFIs/ MFBs should provide an entity-wide assessment to measure inherent risk on both external and internal ML/ TF/ PF risk factors without taking into consideration the efficacy of effectiveness of controls.
It is pertinent to mention here that a matrix may be developed to quantify the risks as low, medium, high or any appropriate scale as without proper quantification of risks, it may be difficult to decide on the overall inherent risk for the REs.
After ensuring the effectiveness of controls design, quality of implementation and performance, The REs risk assessment framework should be able to quantify residual risks which are an outcome of the assessment of inherent risks and the effectiveness of internal control framework.
The process of identification and quantification of inherent risks, assessment of the effectiveness of AML/CFT controls and residual risks would support risk-taking decisions of REs such as:
- Decision for taking customer(s) on-board with the required level of control(s).
- Decisions for refusal of financial service(s).
- Decision for the launching of product/service/delivery channel.
- Decision for selecting the geographical location to operate.
- Decisions for the upgrade of systems and controls etc.
For identification and assessment of the ML/ TF/ PF risks to which REs are exposed and devising proportionate mitigating measures, REs should ensure adequate coverage as per the requirements and relevance to their operational and business model/needs which include
- The nature, scale, diversity and complexity of their business
- Their target markets as per their approved risk appetite
- The customers' risk profile
- The jurisdictions REs are exposed to, either through their own activities or the activities of customers, especially jurisdictions with relatively higher levels of corruption or organized crime and/or deficient in term of AML/ CFT controls and listed by FATF
- The distribution channels, including the extent to which the REs deals directly with the customer or the extent to which it relies on
- The internal audit and regulatory findings
- The volume, size and complexity of its transactions, considering the usual activity of the banks/DFIs/MFBs and the profile of their customers etc.
REs may complement the above with information/guidance obtained from relevant internal and external sources suitable for identification and mitigation of ML/ TF/ PF risks posed to their entities considering adequate coverage as per the requirements/relevance to their operational and business model/needs.
Copyright Mettis Link News
31878
