- Opening bank accounts
- AML consulting
- Business support
- Сompanies for sale
The risks of ML/TF (money laundering/terrorist financing) mean the possibility of causing damage to a legal entity and (or) the financial system through illegal money laundering or terrorist financing activities.
ML/TF risk assessment is a mandatory component of a system of internal rules that allows a particular company to clearly define all the procedures and processes for countering ML/TF. Article 21a of Act No. 253/2008 Coll., on selected measures against the legitimisation of the proceeds of crime and financing of terrorism (hereinafter referred to as the “AML/CFT Act”) states that all companies that are subject to this low and must have a written system of internal rules in place are also required to prepare a written risk assessment.
The information in this article applies only to the activities of companies that are registered and operate in the Czech Republic. At the same time, 90% of the information is applicable to other EU jurisdictions.
Under the requirements of Article 5 of Decree 67/2018 Coll., on selected requirements for the system of internal rules, procedures and control measures against the legitimisation of proceeds of crime and financing of terrorism (hereinafter referred to as the “Decree on the AML/CFT Act”), company, when assessing risks should always take into account:
Also, when developing a risk assessment system, it is necessary to pay special attention to the global assessments published by regulators and based on statistical data analysis in the AML/CFT area. Companies should consider the volume and types of information sources that will ensure that individual risk assessments correspond with the actual risks of the company. In particular, the Decree on the AML/CFT Act obliges institutions to always take into account:
In accordance with the AML/CFT Act, a written risk assessment must be prepared by:
The Financial Analytical Office has not developed or published any risk assessment templates but has posted on its website some basic guidelines to follow when preparing this document.
In particular, the ML/TF risk assessment should include at least:
Also, in the risk assessment, it is necessary to mention examples of signs of suspicious activity included in the system of internal rules. It is important that these signs should be indicative and not just normative. Simply put, signs of suspicious activity should be described and brought into the relevant mandatory part of the system of internal rules. However, these signs should be established from the risk assessment and directly related to the portfolio of products or services offered, on the one hand, and the threats typologies provided by products or services, on the other.
The Financial Analytical Office recommends, among other things, taking into account the risks of certain jurisdictions, both in relation to the origin (citizenship) of the client and regarding the destination of the transaction. Companies also should include the risk factor associated with distribution channels in the risk categorisation of new customers.
A comprehensive risk assessment methodology is considered to be the most effective.
Companies should pay significant attention to risk management and objectively assess measures to mitigate these risks. It is necessary to comprehensively assess how effective the measures applied concerning each identified risk factor are, as well as whether they reduce potential ML/TF risks.
If the applied measures are not enough to achieve the desired result, developing and implementing additional measures is necessary.
The risk assessment should be based on analysing all available quantitative and qualitative information. However, the FAÚ emphasises that in order to prevent ML/TF, risks of different nature should not be mixed: for example, money laundering risks are of a different nature than credit default risks.
An ML/TF risk assessment is a mandatory component of the system of internal rules, which is a clear set of instructions. It should set out all the processes, procedures and tools a company needs to fully comply with its AML/CFT obligations under the AML/CFT Act.
In most cases, this document should be in writing.
Developing a system of internal rules and a detailed risk assessment requires highly specialised AML/CFT knowledge and requirements imposed by the supervisory authorities – the Financial Analytical Office and the Czech National Bank. Consequently, the easiest and most logical solution is to commission the preparation of this document to professionals from COREDO, who have many years of experience and understand all the necessary nuances in detail.
The lack of a risk assessment system and a properly designed system of internal rules indicates a company’s non-compliance with the requirements of the AML/CFT Act, which, in turn, can lead to significant fines (up to 130 million CZK), reputational losses and increased attention from fraudsters and terrorists.