Are High-Security Checks Worth It?

Last Updated: April 17, 2023 by Sam Holland
Money launderers can make unwitting accomplices of any business they interact with, and thus expose those entities to their own legal woes. These criminals frequently make victims of organizations in the money service and ecommerce space, and that’s why anti-money laundering risk assessments are so important to all kinds of businesses worldwide.
Such assessments are carried out in a variety of ways, and the best ones see the risk assessor considering the latest trends in money laundering, as well as what mistakes leave businesses open to suspicious customers and transactions.
In fact, ensuring your organization has the best possible AML risk assessment will also help ensure it has the best possible cyber insurance coverage.
Let’s focus on what AML risk assessments are and how they’re conducted.
An AML (anti-money laundering) risk assessment is the process by which an organization assesses the extent to which it is both protected from and vulnerable to money laundering operations. This can – and should – be carried out regularly via internal controls, AML software and third parties.
The assessment is carried out differently from organization to organization and the industry guidance they choose to follow, but it should be as holistic as possible – that means assessing the AML efficacy of all manner of organizational risk categories, such as business operations, customer bases, and human factors.
AML risk assessments can and should be ongoing processes because the activities of money launderers and AML precautions develop over time. For reasons that will be made clearer in the next section, such risk assessments can be optional but may also be required by certain financial authorities.
Not necessarily. Whether your organization will be required to carry out an AML risk assessment hinges on whether you are in an industry and a jurisdiction where you could face penalties for refusing to do such an assessment.
While many organizations take it upon themselves to do optional AML risk assessments to meet their own business goals, other organizations may only do them when they are legally required to by one or more authorities. Nevertheless, regardless of the context, it is very rare that an organization can successfully claim exemption from carrying out and disclosing an AML risk assessment if the authorities legally demand it.
It is also useful to note that, although the AML risk assessment itself is often not required by law, many components that help to make up a complete AML risk assessment are in fact required. For instance, a staple part of such a risk assessment is an accurate list of company transactions – and this is essential both in the eyes of the law and in terms of your organization’s operations and overall success.
The below table shows two core examples in which an AML risk assessment is a requirement, and two other examples where it is simply optional.
When an AML Risk Assessment Is a Requirement | When an AML Risk Assessment Is Not a Requirement |
When under legal scrutiny The organization is being investigated by a governing authority, such as a financial crime (FinCen) unit – or FCU for short – that is assessing the effectiveness of the AML risk management program as part of an audit or financial crime investigation. The governing body will order any vulnerabilities to be addressed. | When it’s a business strategy The organization takes it upon itself to collate its financial records to help the staff make an overall analysis of their level of vulnerability to money laundering and how to improve business safety accordingly. |
When the given jurisdiction and/or the organization’s compliance demands it The organization operates in a regulated vertical where AML risk assessment is a requirement. For example, that organization may fall within verticals that offer the most risk for money laundering, such as running a bank. In the UK and US, this requirement is enforced by such financial bodies as the Financial Conduct Authority (FCA) and the Financial Crimes Enforcement Network (FinCEN), respectively. | When the organization is low-risk in terms of its money laundering susceptibility The organization has a small cash flow and – unlike such entities as banks and foreign exchange services – its operations have little, if any, association with typical money laundering activities. Often, organizations such as these will not be legally required to even carry out, let alone disclose to the authorities, an AML risk assessment. Even low-risk businesses are not generally exempt from carrying out AML risk assessments – but they are much less likely to draw regulators’ scrutiny compared to high-risk verticals, such as casinos. |
There are many other factors that dictate whether an AML risk assessment is a requirement or just an option, and the best way to determine which extreme applies is to research the background of each organization on a case-by-case basis.
One important point to remember is that AML regulations and AML risk assessment requirements are different things: You may need organizational change to comply with AML regulations, but whether you’re required to do an AML risk assessment itself is determined by the nature of your organization and its specific circumstances.
You conduct an AML risk assessment by determining risk factors, gathering the relevant information accordingly, and then compiling the results and reaching conclusions about your organization’s money laundering risk level.
Based on information from the Wolfsberg Group, the frequency of AML risk assessments varies a great deal, especially given the number of factors that determine how often they should occur. These factors include the methodology, workload, significant security breaches, and the results of the assessment itself. Depending on what the assessment determines, an escalated schedule for the next one may seem necessary.
Nevertheless, while organizations and jurisdictions have different factors and criteria that shape how best to conduct AML risk assessments, the key to a strong assessment is in carrying out diligent manual research. Anyone conducting such an AML assessment for an organization should be prepared to interview the staff, read up on the anti-money laundering regulations in place, monitor the entity’s financial transactions closely, and implement a rigorous training and awareness program, among other things.
When conducting an anti-money laundering risk assessment, there are core dynamics that need to be assessed which each form the basis of determining the organization’s risk level:
The below infographic shows some of the key questions that an AML risk assessor should consider in terms of these three core dynamics.
This concerns how the AML risk assessment fares when it focuses on the process of signing up new customers and setting up their accounts. The risk level that comes from customer onboarding can be mitigated by ensuring that the best-practice KYC checks are in place as a large part of a greater risk assessment program.
There is a significant money laundering risk that comes when organizations don’t have stringent Know Your Customer (KYC) precautions in operation. As such, anyone who conducts an AML risk assessment will be carefully inspecting the safeguards that are in place to protect the organization and its customers from suspicious new accounts.
There is a multitude of ways that risk assessments can hone in on potential money laundering risks throughout the customer onboarding process, but a focus on KYC helps build a strong foundation for combating suspicious applications.
In fact, if the organization is a high-risk vertical like a casino, the risk assessor may need to go to extra lengths to ensure that the business asks for the following examples of personally identifiable information (PII) before each customer can be signed up to the business:
On top of this, the risk assessor may wish to bolster the efficacy and stringency of their AML risk assessment by going further and looking for the most up-to-date approaches to PII, such as biometric verification and self-sovereign identity (SSI) checks.
Ultimately, acting on the need for KYC best practices and PII where applicable will help build a comprehensive profile of account applicants, and will support the risk assessor in determining another part of their AML risk assessment, known as the customer risk assessment. This is where further checks that are specific to the individual arise, such as customer due diligence – and, in the case of the more high-risk customers – enhanced due diligence.
Learn more about your customers and their risk levels by partnering with SEON and leveraging its real-time data enrichment, whitebox machine learning, and advanced APIs.
Book a Demo
Let’s have a closer look at the necessary actions to achieve the process, and at all stages, the assessor must always remember to document their methodology and the experience throughout the process.
Each step-by-step process will vary depending on the organization, jurisdiction, and a multitude of other factors. However, the core stages can be summarized in the following three-part list: identify, evaluate, and utilize. Let’s take a closer look.
Again, you should keep a record of your AML risk assessment methodology and your processes and observations throughout these stages. By doing so, you will be able to show your workings if or when an AML audit/investigation is called for, and you will also help yourself to improve the process for the next time an AML risk assessment is in the best interests of the organization.
AML risk assessments are helped by SEON thanks to its KYC AML transaction monitoring system, which determines the extent to which an exchange is suspicious or legitimate and assigns a fraud risk score accordingly.
Let’s take a look at the below animation that shows the system working its magic!
As shown above, when a user enters a prospective customer’s email address, SEON’s software is able to determine whether that account is connected to a lack of social and digital footprints.
On top of this, SEON also checks if the person’s digital profile matches up to the identity verification and KYC checks. Plus, the software also checks whether the user is on other online accounts, such as Netflix and LinkedIn, because – especially nowadays – it is suspicious that someone would not be on at least one of these kinds of major accounts.
All in all, SEON is well-equipped to tackle suspicious accounts and help you determine the AML risk levels of your customers accordingly.
Sources
Showing all with `` tag
Click here
Sam is SEON's Fraud Content Writer. He has a background in writing and editing content for a range of tech and engineering publications which has led him to gain a strong interest in cyber security. At SEON, Sam enjoys writing about cutting-edge solutions to fraud attempts and cyber attacks, such as transaction monitoring and machine learning.
The top stories of the month delivered straight to your inbox