Internal Risk Assessment Guidance for ML/ TF Risks

Regulation Name: Internal Risk Assessment Guidance for ML/ TF Risks 

Publishing Date: 10 October 2024

Region: India

Agencies: Reserve Bank of India

On October 10, 2024, The Reserve Bank of India (RBI) has released the ‘Internal Risk Assessment Guidance for Money Laundering/Terrorist Financing Risks’ for its regulated entities (REs). As per the Reserve Bank’s Master Direction – Know Your Customer (KYC) Direction, 2016, regulated entities (REs) must periodically conduct a ‘Money Laundering and Terrorist Financing Risk Assessment’ to identify, assess, and mitigate ML, TF, and Proliferation Financing (PF) risks related to clients, regions, products, services, and transactions.

This Guidance Note is designed to assist REs, particularly AML/CFT/CPF practitioners, by providing key principles and methodologies to strengthen compliance and enhance the financial sector’s ability to detect and prevent ML/TF/PF. The tools and procedures outlined are indicative and should be read alongside relevant Reserve Bank instructions, which take precedence in case of inconsistencies.

Risk Factors

The following are key risk factors that regulated entities (REs) may consider during their Internal Risk Assessment (IRA). This is an indicative list, and REs should assess and define the specific risks they face.

 Customer Risk Factors: When evaluating risks associated with customers and their beneficial owners, REs should consider factors such as:

– Type of customer (individuals, companies, trusts, DNFBPs, NPOs, etc.).

– Complexity of the customer’s ownership or control structure.

– The customer’s occupation, profession, or industry.

– Politically Exposed Person (PEP) status as defined by regulatory guidance.

– Independent sources of information about the customer, such as credible adverse media reports.

 Country and Geographic Risk Factors: REs should assess risks related to:

– Jurisdictions associated with the customer or beneficial owner.

– Jurisdictions that are the primary places of business for the customer or beneficial owner.

– Jurisdictions where the customer or beneficial owner has personal, business, financial, or legal ties.

– The geographic areas in which the RE operates.

 Product, Service, and Transaction Risk Factors: REs should evaluate risks tied to their products, services, and transactions, including:

– The transparency or opacity of transactions.

– The complexity of the product, service, or transaction.

– The value or size of the product, service, or transaction.

 Delivery Channel Risk Factors: REs should consider the risks related to how products or services are delivered to customers, including:

– The extent of non-face-to-face interactions.

– The use of intermediaries like business correspondents, payment aggregators, or payment gateways, and the nature of these relationships.

– The vulnerability of these channels to potential misuse.

 Other Risk Factors: Additional considerations include:

– Results of sector-specific risk assessments and National Risk Assessments (NRA).

– The introduction of new products or services.

– Changes in internal systems for detecting AML-related alerts.

– Staff turnover in the AML compliance team.

– Enforcement actions taken by law enforcement agencies due to AML/CFT violations.

– Supervisory actions related to KYC, AML, or CFT compliance lapses.

Read the details here.

Read about the product: Transact Comply
Empower your organization with ZIGRAM’s integrated RegTech solutions – Book a Demo