MODULE 3 SAQ

AML UNIT 8 SAQ

Question 1
What is risk methodology?

Answer: Risk methodology is the approach (processes) that guide the risk assessment, i.e., it is the recipe
for designing the risk assessment.

Question 2
What is an ML/TF risk assessment?

Answer: A risk assessment is the mechanism that can be used to construct an organisation’s risk-based
approach to managing ML/TF risks. It often maps onto the organisation’s general risk framework and
focuses on the risks associated with the business lines, jurisdictions of operation, customer base and risk
appetite.

Question 3

What do you understand by the term ’risk appetite’?

Answer: It relates to the level of risk that an organisation is prepared to accept. It represents a balance
between the potential commercial benefits and the compliance costs of conducting that business activity,
as well as legal and regulatory risk considerations.

1
Question 4
List five factors that should be considered when designing AML/CFT systems and controls within an
organisation.

Answer:

i. Customer, product and jurisdiction risks

ii. Distribution channels (face to face and non-face to face)

iii. Complexity and volume of transactions

iv. Process and system workflows

v. Operating environment

vi. Outsourced operations

vii. Agency, supplier and other third party relationships

Question 5

Under the ISO 30001-2009 principles, what are the key steps in the organisational risk management
process?

Answer:

i. Risk identification

ii. Risk analysis

iii. Risk evaluation

iv. Risk treatment

Question 6
Outline some of the key components of a successful risk assessment methodology.
Answer:

i. It is supported by a clear statement of the operational procedures

ii. Leverages on both internal and external information

iii. Easy to update and manage

iv. Can be used by, and easily explained to, staff working in the business units of the firm

2
Question 7

Outline the key steps in a risk assessment methodology.

Answer:

i. Identify inherent money laundering and terrorism financing risks

ii. Assess risks, specifically the impact if a risk materialises and the likelihood that it will

iii. Review risk mitigants and controls that are systemic, or that operate through people and policies

iv. Agree an absolute or residual risk that is high to low, or other means of measuring and demonstrating
levels of perceived risks

v. Obtain agreement on this assessment from senior management and that the risks are within the risk
appetite set by the board

vi. Exit any relationships or activities that are not acceptable

vii. Document all of the steps above

AML UNIT 9 SAQ

Question 1

What is required in a framework of systems and controls to manage firms risks?

Answer:

• Effective systems, controls and policies

• A clear policy for customer CDD requirements
• Robust transaction activity monitoring
• A clear and documented reporting process
• A comprehensive compliance monitoring and reporting process
• Relevant and timely staff training to maintain risk awareness
• A process for ensuring that the firm stays up to date with legal and regulatory changes as well as trends
in AML/CFT typologies.
• Regular review and oversight of the framework and results by senior management

3
Question 2

Outline the benefits to a firm of a risk-based approach.

Answer:

• It allows the firm to concentrate finite resources on areas of greatest risk

• It contributes to cost effectiveness of compliance activities
• It requires that senior management are responsible for considering all risks to a firm and that appropriate
controls are applied
• It supports a more commercially sensitive response to risk management
• It requires the firm’s senior management to take responsibility for the management of firm risks.

Question 3

What does a firm need to consider when drawing up a business-risk profile?

Feedback

Answer:

• The skills, knowledge and experience of the firm’s senior management and staff
• The complexity and control structure of the firm
• The firm’s product portfolio
• The nature of the firm’s customer base
• The quality and implementation of internal business processes
• The geographical spread of the firm and its operations
• The distribution channels used
• The level of outsourcing to be used
• The risk appetite of the business.

4
Question 4

Identify the various risks a firm faces for non-compliance with AML/CFT regulations and laws.

Answer: Some suggested risks are listed below.

• Criminal action against the firm and senior management

• Regulatory enforcement
• Legal action
• Reputational damage
• Concentration risk because of failures in sectors or products for example
• Operational disruption and costs
• Financial costs, direct and indirect
• Commercial losses due to customer dissatisfaction
• Civil liability under US anti-terrorism laws and other regulatory action

Question 5

Who is accountable and responsible for a firm’s AML/CFT strategy and policies?

Answer: All the following parties have their role to play in setting and implementing a firm’s AML/CFT
strategy and policy.

• the board or governing body

• senior management
• the compliance officers
• the MLRO
• supervisors and department managers
• audit and compliance departments
• staff – i.e., you.

5
Question 6

How do you assess the effectiveness of your strategy for combating ML and TF?

Answer: There should be a continual review process covering:

• procedures to identify changes in customers’ characteristics

• vulnerabilities of new products and services
• staff training and awareness
• monitoring of compliance reports and subsequent actions to be taken
• engagement of senior management
• the status of communication and relationship with your regulator and law enforcement agencies
• number and frequency of regulatory breaches and confirmed criminal conduct
• new product development
• results of quality assurance monitoring including technology tests
• complaints from stakeholders and customers