From banks to real estate agents to car dealers – companies in these and other industries are required by the Money Laundering Act to prepare risk analysis for the prevention of money laundering and terrorist financing.
The risk analysis forms the basis for all money laundering prevention measures in a company and is an integral part of an effective risk management system within the company.
Conducting a Risk Analysis
As part of the risk analysis, the company-specific risks relating to money laundering and thus the vulnerability of the business operations are fully identified, categorized, and assessed.
First, a comprehensive inventory of the company is prepared. The inventory should include general data on the company, its location, its customer, sales, and product structure.
In the risk analysis, company-specific risks are identified and evaluated on the basis of internal as well as external sources.
Setting up Internal Security Measures
The internal security measures based on this derive, among other things, recommendations for action from the risk analysis:
Which payment methods are accepted? How often do customers pay in cash? Up to what amount do cash payments generally, take place?
These are examples of questions that should be asked as part of the inventory.
Clues About Risk Factors
In addition, suspicious activity reports that have already been filed can provide clues to risk factors. Once the risks have been identified, they must be specifically assessed:
- Does the company frequently conduct cash transactions, or do anonymous transactions take place? This represents a potentially higher risk, for example.
- Do customers reside in an EU member state or in a third country with well-functioning systems to prevent and combat money laundering? This again indicates a potentially lower risk.
Why are risk analyses so important?
Only a sound risk analysis will ensure that the right measures are in place to prevent money laundering and terrorist financing.
If the risk analysis identifies high risks, this does not mean that the company is not compliant. On the contrary, the company can respond to these risks by the right means.
Conversely, it also does not mean that companies are automatically compliant if they have identified low money laundering risks within their company but do not implement any safeguards.
A professional risk analysis pays off.