Risk assessment

Banks, insurance companies and other financial firms must perform an assessment of the risk of the products and services they offer being used for money laundering or terrorist financing. The firm must also assess the scope of this risk.

When the firm performs a general risk assessment, it must take account, among other things, of the following factors:

  • type of products and services offered
  • customers and distribution channels
  • geographic risk factors.

It might also be worth looking at analyses and measures for monitoring and reporting conducted at the firm. Further guidance is provided in the annexes of the fourth Money Laundering Directive, which addresses factors and indicators for high and low risk, respectively. FATF's website contains a number of reports on the risk of money laundering and terrorist financing in areas such as private banking and correspondent bank relations. The European Banking Authority (EBA) has prepared guidelines on risk factors in financial services.

Due consideration must also be given to information brought to light in the firm's reporting to the Financial Intelligence Unit on suspicious activities and transactions. Information received by the firm from authorities, for instance on commonplace methods for laundering money and financing terrorism, shall also be taken into account.

Scope of the risk assessment is determined by size and business

The scope of the general risk assessment is determined by the size and nature of the business. 'Size refers, for example, to sales, number of employees, number of operational units, etc. 'Nature' refers, for example, to the type of business conducted, the goods or services provided, and the extent of their complexity. The scope of the general risk assessment can thus vary from firm to firm.

The risk assessment must be up-to-date

The general risk assessment must be documented. It must also be evaluated regularly and updated as needed. It must be evaluated at least once a year. Before the firm offers new or materially modified products and services, the risk assessment must also be updated.
The firm's risk assessment forms the basis of the firm's procedures, guidelines and other measures against money laundering and terrorist financing. It is therefore crucial that it is up to date.

Read more


Last reviewed: 2023-03-10