A critical component of this framework under the new AML/CF program rule would be the establishment of a
risk assessment process (RA process). The RA process must meticulously identify, evaluate, and document the financial institution’s risks related to money laundering, terrorist financing, and other illicit finance activities. The proposed rule says this includes considering the following elements:
- AML/CFT priorities: The risk assessment process must consider FinCEN’s AML/CFT priorities to ensure that the institution’s risk assessments align with national priorities. This will be a dynamic process as events in the global environment evolve.
- Business activity risks: The AML risk assessment process must also consider the specific risks associated with the financial institution’s business activities, including:
- Products
- Services
- Distribution channels (defined as the methods and tools through which a financial institution opens accounts and provides products or services)
- Customers
- Intermediaries, and
- Geographic locations (including IP addresses and device logins).
Including distribution channels in the risk assessment process is a new requirement. Intermediaries refer to the variety of financial relationships beyond customers and counterparties that allow activities by, at, or through the institution.
- Regulatory reporting: The risk assessment process must include reviewing and evaluating reports filed by the financial institution (such as SARs, CTRs, and Form 8300) to ensure compliance with regulatory requirements. This analysis can assist in identifying known or detected threat patterns or trends to incorporate into the risk assessment.
The risk assessment process is not static, according to the proposed rule, although it did not specify a frequency for updates. Once finalized, the new AML/CFT rule would require periodic updates, particularly when there are material changes to the financial institution’s risk profile related to money laundering, terrorist financing, or changes to the
FinCEN national priorities. This expectation for ongoing assessments requires current, complete, and accurate information to ensure that the financial institution’s AML/CFT program remains responsive and effective in addressing emerging risks.