The assessment of the inherent risks in combination with the assessment of the AML/CFT controls, will result in the residual risks of an institution. The residual risk will inform the risk profile of an institution.
Inherent risks are ML/TF/PF risks intrinsic to a financial institution’s business activities before any AML/CFT controls are applied. With respect to AML/CFT, inherent risks are generally linked to these risk factors: customers, transactions, products and services, geographic areas, and delivery channels.
AML/CFT controls refers to the measures that an institution has in place to mitigate ML/TF/PF risks by way of policies, procedures and systems. Qquestionnaires or self-assessments tools with assigned weightings.
Residual risks are the ML/TF/PF risks of a financial institution after AML/CFT controls have been implemented. Determining the residual ML/TF/PF risks is an important part of the process of developing a risk profile of a financial institution. A risk profile will help categorize financial institutions into risk levels, allowing the supervisory authority to allocate resources and apply appropriate levels of oversight.
The relationship between the inherent risks, AML/CFT controls and the resulting residual risks can be depicted in a heatmap or matrix.
