A Risk-Based Approach (RBA) is central to the effective implementation of the Know Your Customer (KYC) and Anti-Money Laundering (AML) compliance framework. This modern terrorist financing and money laundering risk assessment control is a vital technique that enables AML compliance for businesses around the world. RBAs are a key regulation in the Financial Action Task Force’s (FATF’s) recommendations and enable firms to properly ascertain the associated AML risk of their users.
Where Does the RBA Come From?
In the mid-1990s, KYC and AML risk assessment laws were still very much in development. What is now known as a Risk-Based Approach was then a Rule-Based Approach. This was ultimately a rigid regulation, as the nuances of independent businesses were not taken into consideration, meaning financial institutions had to abide by certain rules that simply weren’t effective.
The effect was that all consumers were subjected to the same KYC and AML controls, regardless of the industry they were participating in or their associated risk profile. This ultimately impacted industry and business growth, resulting in the development of the Risk-Based Approach.
Post-2000: A Risk-Based Approach
The RBA was coined by the Financial Services Authority (FSA) in 2000, although the body is now called the Financial Conduct Authority (FCA), the UK’s chief financial regulator. In 2012, under a revision of FATF Recommendations, the organization formally adopted an RBA as a key ruling. 
The components of a Risk-Based Approach
The RBA requires financial institutions to conduct AML risk assessments that are proportionate to the level of associated risk a company faces. Associated risk can change based on geographic locations the company operates in and onboard clients from, the industry they operate in and the services they provide, and many others.
Initial Risk Assessment
The initial AML risk assessment identifies a client’s associated risk factors, including identification, background AML screening, and continuous monitoring to ascertain a risk score. There are different compliance levels in each of these categories. For example, firms operating in higher-risk industries, such as Virtual Asset Service Providers (VASPs or crypto exchanges), must perform the highest level of identification and AML risk assessment screening.
Proportional Response
Once the identification and AML risk assessment has been conducted, businesses must allocate resources according to the level of risk posed. Customer types can vary significantly, for instance, if a consumer was found to have political connections through a Politically Exposed Person (PEP) screening, they would be subject to Enhanced Due Diligence (EDD) rather than basic Customer Due Diligence (CDD). This approach allows businesses to implement the rule in a way that best fits their operations.
Ongoing Monitoring
Continuous monitoring is a key element of the RBA, as it ensures that customers’ levels of risk do not change. Conducting an ongoing AML risk assessment means that a business is made aware if a client’s situation changes. If this were the case, further AML controls might be required, such as transaction screening or monitoring to report on transaction data and suspicious activity.
Flexible Framework over time
Lastly, firms must be flexible in their approach to adhering to the Risk-Based Approach. This allows businesses to update their AML program, thus enhancing their AML risk assessment as time goes on. Such an approach creates a dynamic regulatory environment, where institutions can react to new regulations or new fraudulent methodologies.
EU’s Anti-Money Laundering Directives
The European Union (EU) has adopted several directives incorporating FATF’s AML/KYC recommendations, including an RBA framework. The most recent directive, added in 2020, is the 6th Anti-Money Laundering Directive (6AMLD). The Member States have transposed these directives into national legislation and now govern financial institutions operating in their jurisdiction as regulations.
The EU system of AML is decentralized – within each EU member state lies a Financial Intelligence Unit (FIU). The FIUs are small units responsible for collecting Suspicious Transaction Reports (STRs) and prosecuting suspected money laundering cases.
The EU’s framework emphasises the role played by mandated agencies to determine the extent of the risk of money laundering that transactions present. Depending on the degree of risk, experts implement unique forms of customer due diligence. They are expected to file an STR with their national FIU to decide that the transaction is suspicious. The role played by professionals is, therefore, paramount to the efficiency of the broader AML mechanism.
The UK and FCA Risk-Based Approach Adoption
The UK adopted the RBA into its Anti-Money Laundering and Counter-Terrorist Financing (AML/CTF) with the introduction of its Money Laundering Regulations (MLRs) in 2007. The MLRs in 2017 further cemented an RBA framework into the UK’s core AML legislation.
Businesses were required to perform risk assessments, conduct CDD to proportionate to risk levels and apply EDD where necessary. In the aftermath of Brexit, the UK was forced to publish its own independent set of AML legislation, much of which reflected the policies of the FATF and EU Directives.
The Success of the Risk-Based Approach
The adoption of a Risk-Based Approach by regulatory authorities has demonstrated its suitability as an AML risk assessment control. The key successes of the RBA are:
Efficiency and Resource Allocation
The RBA helps financial institutions allocate their resources more effectively. Instead of applying a blanket level of scrutiny to all clients, banks and other financial institutions can focus their efforts on high-risk customers or transactions. This targeted approach has saved significant time and money for institutions by reducing unnecessary compliance efforts for low-risk cases
Improved Compliance with Evolving Risks
The RBA provides the flexibility needed to adapt to evolving risks, including the rise of new technologies, cryptocurrencies, and complex international transactions. This adaptability has made it a cornerstone of modern AML strategies, as it allows institutions to stay compliant with regulations while managing changing business landscapes
Scalability for Growing Businesses
One of the biggest advantages of the RBA is its scalability. As businesses grow or expand into new markets, they can adjust their AML controls to match the risks of the new environment. This allows firms to engage with higher-risk clients or operate in riskier regions without compromising compliance
Reduced Regulatory Risk
By implementing the RBA, institutions demonstrate to regulators that they understand the specific risks they face and are taking appropriate action to mitigate them. This reduces the likelihood of penalties or fines for non-compliance and improves relationships with regulatory bodies
Support for Business Innovation
The RBA has also supported the development of new, high-risk sectors—such as the cannabis and cryptocurrency industries—by allowing financial institutions to engage with them responsibly. This tailored approach helps institutions manage the unique risks associated with these sectors while still supporting their business growth.
About ComplyCube’s AML Risk Assessment Solutions
ComplyCube offers an unparalleled solution for flexible and customizable AML risk assessment controls, enabling partnered firms to adhere to the RBA framework with ease. It offers comprehensive client identification through document and biometric verification, CDD and multi-bureau verification, AML screening, and ongoing monitoring.
These solutions offer a complete compliance package built for total coverage and flexibility under one roof. For institutions interested in learning more about these solutions, contact a compliance specialist today
