Implementing AML/CFT measures that address the risks and not tick boxes

The purpose of this paper is to discuss the implementation of effective risk‐based anti‐money laundering (AML)/combating the financing of terrorism (CFT) systems of control in order to properly address the risks facing the financial services industry. It seeks to argue that most systems of controls currently in place are ineffective and bureaucratic and do not address the real risks.

The paper outlines the recent history of AML/CFT measures and the underlying reasons for their adoption. It then argues that if risk‐based is to be adopted a methodology to address the risks must first be designed. The paper outlines the pre‐requisites for the design of such a system and the factors that need to be considered for implementation. The paper highlights the need for regulators to fall in line with the risk‐based approach and to pass back to senior management responsibility for the implementation of systems of control which are appropriate and proportionate.

Most of the current systems of control in AML/CFT are driven by regulatory requirements and not an understanding of the risk facing the firm.

The paper is original work of the Financial Services Commission in its entirety.