Review by the Bank of Lithuania on proper business-wide money laundering and terrorist financing risk assessment
The Bank of Lithuania has published a review of business-wide money laundering and terrorist financing (ML/TF) risk assessments carried out by the financial market participants. It is based on findings from its supervisory activities as well as the analysis of risk assessments conducted by 20 financial market participants (banks, electronic money institutions and payment institutions). The review contains legislative requirements, key insights on risk assessments and examples of best practices and improper practices.
“Risk assessment is key to the prevention of money laundering and terrorist financing. While carrying out supervision and conducting inspections and investigations, we have noticed that financial market participants are facing practical challenges when assessing money laundering and terrorist financing risks. We hope that this review will draw attention of financial market participants to the importance of risk assessment and help them ensure it is more detailed and of better quality,” said Jekaterina Govina, Director of the Financial Market Supervision Service of the Bank of Lithuania.
Risk assessment should not be a formal box-ticking task: it should rather help the financial market participant to identify and understand the ML/TF risks which may arise during the performance of its activities, determine business areas with the highest risk and take adequate risk mitigation measures, set proper priorities and allocate the necessary resources (financial, IT, human, etc.).
Risk assessment should be proportionate to the scope and nature of each financial market participant’s business activities. In order to ensure that the identification of ML/TF risks is as comprehensive as possible, the financial market participant should assess all its products and services, including the ones offered in other countries, via intermediaries, etc. It is also necessary to take into account the volume and complexity of their activities, channels of provision of services, clients and their behaviour, the jurisdiction of operation and other important factors. It is important for the financial market participants to have a risk assessment procedure in place, to assess risks in case of important changes (e.g. when launching a new financial service) and to ensure that the information on their clients, products and operations which is used in the performance of risk assessment is up-to-date, objective and comprehensive and that proportionate risk management measures are taken after identifying and assessing risks.
It is particularly important that the management of financial institutions pays sufficient attention to risk assessment and risk mitigation measures. The focus of the top management on risk assessment and the implementation of the plan of risk management measures ensures that the managers make decisions based on information on the ML/TF risks and the effectiveness of risk management measures. It also raises understanding of the importance of risk assessment by the financial institution’s employees, allows to ensure that risk assessment is not a mere formal paperwork and encourages the fostering of risk management culture.