Risk Assessment

Question 1

What is Risk Assessment section in AML/CFT Act 2009?

Answer 1

Section 58

Question 2

What does it mean under ‘inherent risks’?

Answer 2

ML/FT risks business reasonably expects to face BEFORE applying any controls or mitigation.

Question 3

Does the Risk Assessment need to be done in writing? (Yes/No)

Answer 3

Yes

Question 4

Why conduct Risk Assessment at all?

Answer 4

Because the AML/CFT system takes risk based approach, hence a business would also need to take a risk based approach.

Question 5

Does high risk areas or customers stop a business from conducting transactions/business activities with that business/area? (Yes/No)

Answer 5

No

Question 6

What must be considered in the Risk Assessment under the Act (s.58)?

Answer 6

1. Nature, Size and Complexity of its business (NSC).
2. Products and Services offered (PS).
3. Methods by which the products/services delivery to its customers.
4. Types of customers deals with.
5. Institutions deals with.
6. Countries deals with.

Question 7

Other than ‘must consider factors’ under s.58, what are other things a business should consider for their Risk Assessment?

Answer 7

Wider context, such as NZ’s ML/FT risks (see National Risk Assessment) AND the business sector ML/FT risks (see Your Sector Risk Assessment).

Question 8

Does the business’ AML/CFT Program needs to be based on the initial Risk Assessment? (Yes/No)

Answer 8

Yes

Question 9

What is it mean under ‘Nature’?

Answer 9

What business sector you are in.
- Are you a ‘gatekeeper’ ?
- Are you a financial institution?

Question 10

What does it mean under ‘Size and Complexity’?

Answer 10

Are you operating complex and a large business or is it a fairly minor enterprise? (see Sector Risk Assessment for business size guide)

Question 11

The Risk Assessment must be independently auditer every … years (fill the gap).

Answer 11

3 years

Question 12

Does the Risk Assessment needs to be updated by the reporting entity? (Yes/No)

Answer 12

Yes. The Risk Assessment needs to describe how it will be kept up to date.

Question 13

What is ‘Residual’ risk?

Answer 13

Identified risks after the initial controls and mitigations have been put in place.

Question 14

What does it mean under ‘Products and Services’?

Answer 14

Could your products and/or services be exploited for ML/FT purpose.

Eg.

1. Offer Anonymity?
2. Disguise/conceal the beneficiary?
3. Conceal course of wealth/funds?
4. Across boarder transactions?

Question 15

What does it mean when we say ‘Delivery of Products and Services’?

Answer 15

Is there a risk of ML/FT on how your business on-boards customers and delivers your product/services.

Eg.

1. Non face to face customers (email only)?
2. Internet main platform for delivering services?
3. Indirect relationships (via intermediaries)?

Question 16

What does it mean ‘Types of Customers’?

Answer 16

Some customers are higher in risk for ML/FT activity. Certain customers will require EDD (high risk) while others simplified (low risk).

Eg.

1. Is it a trust (EDD required)?
2. Is beneficial owner been identified?
3. Is there complex business structure?
4. Are they PEP?

Question 17

What does it mean ‘Countries Deal With’?

Answer 17

Certain countries have a higher risk due to weak ML/FT measures, ineffective law enforcement agencies, high level of organised crime, and high level of corruption.

Question 18

What does it mean under ‘Institutions’?

Answer 18

Some present higher risk, such as banks, money remitters, and gatekeeper professionals.