Despite disparities in sourcing and evidencing data against money laundering (ML) and terrorist financing (TF), technology is being proven to help companies complete the appropriate assessments.
This was one of the primary takeaways from Arctic Intelligence‘s latest report, which builds upon statistics portrayed in the company’s same report published the year previous.
The report, which includes a survey of 157 respondents from across 41 countries and anonymised inputs from its clients, provides insights into the level of maturity of enterprise-wide ML/TF risk assessments across different industry sectors and geographic regions.
The author hopes that its insights will assist organisations in better understanding ML/TF risks and the effectiveness of specific controls to reduce residual risk exposures.
In this light, the report indicates that although ML and TF laws apply to 30 different sectors across 200 Financial Action Task Force (FATF) member countries, no one industry standard makes clear how these businesses should apply a risk-based approach.
According to FATF’s official website, ‘A risk-based approach means that countries, competent authorities, and banks identify, assess, and understand the money laundering and terrorist financing risk to which they are exposed, and take the appropriate mitigation measures in accordance with the level of risk.’
Although regulators have done well to define what constitutes a risk, the regulated businesses have been left in the dark on how exactly to determine risk; the report suggests.
The how involves designing an appropriate ML/TF risk assessment methodology, determining the risks to assess, deciding what controls to implement that are appropriate and proportionate to managing the risks and testing the design and operational effectiveness of these controls
The company has sought to unpack the elements of how throughout its latest report, putting forward insights into how regulated businesses can become more in touch with their risk assessments.
When completing their risk assessments, 48 per cent of respondents find gathering risk assessment data and evidencing effectiveness the most challenging aspect, while 47 per cent said it was developing methodology and 32 per cent said it was actually understanding the regulatory obligations.
Given the growing importance of dynamic and industry-specific compliance solutions, the report has made clear that for those who choose to turn to technology, the time spent conducting assessments is significantly reduced.
According to the company’s own user base, the average time for a company using its platform to complete an assessment is 23.5 days.
But go without, and the process could take up to three months, as reported by 49 per cent, or up to six months, as reported by 13 per cent of respondents.
Just under a quarter said that they were unsure of how long the process takes to complete manually.
On a similar note, a third of survey respondents refresh their ML/TF risk assessment every year, while nine per cent refresh every two years. Surprisingly, eight per cent reported a refresh every six months and 33 per cent whenever a change occurs.
The report also explores the role of regtech in advocating risk management capabilities, the top-line inherent risks, control effectiveness and residual risk ratings.
