Author: Monica Velasco
The new instructions approved by the Financial Investigation Unit of the FGR published in the Official Gazette No. 205, Volume 433 dated October 27, 2021, brings with it a series of changes for regulated entities, which are aimed at strengthening the activities of prevention, identification, monitoring and detection of money laundering, financing of terrorism and financing for the proliferation of weapons of mass destruction, hereinafter LDA/FT/FPADM.
Among these changes, it is possible to highlight the obligation imposed on all regulated entities to implement a risk-based approach (RBA), which, according to Article 4 of the aforementioned instructions, consists of identifying, assessing and understanding the AML/CFT/AML/CFT risks to which the regulated entities are exposed. The purpose of this is to apply resources aimed at their effective mitigation. The measures adopted must be proportional to the risks identified.
In this sense, risk analysis is the starting point for the subsequent creation and adoption of concrete measures, policies and actions. In this opportunity, we share a series of tips on the phases that should be included to perform a successful risk analysis (RBA):
a) IDENTIFY THE INHERENT RISK: The first phase in any analysis of risks associated with LDA/FT/FPADM is to identify the type of risk events to which we may be exposed and establish the probability of their occurrence and the impact they would have. Thus, the value assigned to the probability times the value assigned to the impact will result in the inherent risk.
b) EXISTING CONTROLS: In this phase, the type of existing controls will be identified and their effectiveness or non-existence will be rated. This result will also be reflected by assigning a value related to their effectiveness.
c) RESIDUAL RISK: It is the result between the value assigned to the effectiveness of existing controls and the inherent risk. This result, according to the risk appetite of each organization, will reflect whether the possible occurrence of the risk has a tolerable level of treatment. If not, policies and concrete actions should redirect the existing residual risk to a tolerable level.
d) RECOMMENDATIONS: It is the result between the value assigned to the effectiveness of existing controls and the inherent risk. This result, according to the risk appetite of each organization, will reflect whether the possible occurrence of the risk has a tolerable level of treatment. If not, the policies and concrete actions should redirect the existing residual risk to an appropriate level of treatment.
The application of the risk-based approach (RBA) has a multiplicity of benefits for regulated entities. Since, starting from an understanding of the context in which they develop, all members of the organization become aware of the risks to which they are exposed, which will lead to the proper implementation of the policies, measures and actions created.
In this sense, risk analysis becomes a cross-cutting pillar of the entire system of prevention, identification, monitoring and detection of risks associated with AML/CFT/ATF/ATF. If you have more questions or are looking for support for the implementation of risk analysis (RBA) within your company or organization, do not hesitate to write us: firstname.lastname@example.org