Risk-based action can only be taken once the risk inherent in each operator’s business has been identified.
All operators to which the Anti-Money Laundering Act applies have a duty to identify and analyse the risk of money laundering and terrorist financing inherent in their business and to document their findings. Risk assessments must be reviewed at regular intervals. Regional State Administrative Agencies can ask operators for copies of their risk assessments and any revised versions. If you are asked to submit a copy, please do so promptly.
The objective of risk-based assessment is to make each operator understand its role in combating money laundering. Risk-based assessment helps operators to identify priorities and plan procedures and follow-up consistently with the risk of money laundering and terrorist financing inherent in their business.
The Anti-Money Laundering Act applies to a wide range of operators, and the risks can be very different in different industries. The aim is to save low-risk operators from excessive bureaucracy while also ensuring that high-risk operators have sufficient safeguards in place.
Your risk-based assessment should cover at least the following:
- Identification and analysis of the risk of money laundering and terrorist financing inherent in your business
- Analysis of your customers and services and the geographical scope of your business Incorporation of information about risks from different sources
- Analysis of the significance of different kinds of risks in your business
- Identification and deployment of ways to minimise and manage risks and to track changes in risk levels
- Documentation of your risk management procedures.
We recommend that you familiarise yourself with our risk assessment manual, which explains the objectives of the risk-based approach and the assessment procedure in more detail. A link to the manual is provided at the bottom of this page. The law does not stipulate the format of risk assessments, which means that operators can design the format and layout of their documents themselves. However, we have prepared a template that you can use when producing your own risk assessment. You can find the link to the template at the bottom of this page under the risk assessment manual.
Regional State Administrative Agencies’ risk assessments
Regional State Administrative Agencies also need to assess the risks associated with the operators that fall within our enforcement authority. We use our risk assessments to plan our enforcement action. We publish a summary of the risks we have identified, which operators can use as the basis for their own risk assessments.
We receive information about the risks that various industries face with the help of our enforcement work and risk assessments completed by the operators we supervise. We use this information to prepare our supervisor-specific risk assessment. A link to our summary of risks is provided at the bottom of this page.
Nationwide risk assessments are prepared by the competent ministries. Nationwide risk assessment is designed to identify and analyse national risks of money laundering and terrorist financing. Operators can also consult nationwide risk assessments as part of their own risk assessment work.