AML Risk Assessments: Developing and Implementing a Plan for Your Organization

AML Risk Assessments How & Why

Anti-Money Laundering (AML) processes are designed to prevent illegal money transactions that  hide the source of funds earned from or funded for criminal activity. One of the best ways to improve your company’s security against these transactions is to develop a thorough risk assessment procedure. Although the law does not specifically require that you develop a risk assessment program, your company would be remiss if it did not.

Ignorance is not a defense when it comes to government-imposed money laundering and AML penalties. Your organization will suffer financial harm and reputational damage if you do not implement strong AML measures to lower your risk exposure. An AML risk assessment plan will help protect you from these financial crimes.

Are AML Risk Assessments Required?

Although risk assessment procedures are not specifically required by law, proper monitoring of customer accounts, individual transactions and all suspicious activity is. The Bank Secrecy Act (BSA) in the U.S. and other regulations around the world do mandate individual testing to assure compliance, so adopting a risk assessment procedure is a necessary step for financial institutions and other money-intensive companies at high risk for money laundering abuses. These businesses include liquor stores, casinos, convenience stores and parking garages.

AML risk assessments are an essential part of preventing financial crimes and following regulatory mandates. According to The Federal Financial Institutions Examination Council (FFIEC),  assessments should include identifying risk categories specific to the financial services organization, such as customers, services, locations and products. After identifying the key risk areas, organizations should put processes in place to evaluate the risk within each category. Doing so proves to regulators that the company is making a good-faith effort to thwart financial crimes.

How AML Risk Assessments Work

Risk assessments identify your organization’s areas of vulnerability, which lets you determine how to correct problems in your AML efforts. Your risk assessment structure will depend on the size and organization of your business and the types of products and services it offers.

Basic risk factor categories in AML you must consider while creating your risk assessment include:

  • Your customer types
  • The geographical locations of your customers and their organizations
  • Customer activities
  • The products and/or services you offer (business lines)
  • How customers find your company
  • How your company makes transactions — checks, wire transfers, cash, etc.
  • Origins of your customers’ funds

Assessing these factors will help you identify financial crimes such as terrorist financing, bribery and corruption. You can only avoid government sanctions and the wrath of FinCEN and other regulatory agencies by identifying risks and then taking steps to mitigate them.

When you run your money laundering risk assessment model, you will be able to determine a risk rating and risk range for your clients, judging if they are low, medium or high risk for money laundering. Taking this risk-based approach helps you nurture business relationships with legal clients and lower your overall risk of violating AML regulations.

What Are the Main Indicators of Money-Laundering Risk?

The main indicators of money-laundering risk for most businesses are products and services, customer profiles and geographic location.

Products and Services

The nature of your products and services helps dictate the level of risk for money laundering in your organization. For instance, if you deal with a high number of electronic payments, your risk rises. This is because criminals use websites to accept payments and then reroute the money through other websites for legitimate businesses such as bookstores or clothing retailers. The basic concept is the same as older financial crimes, but the digital nature of today’s money laundering makes it harder to trace and shut down.

Some companies have higher levels of suspicious activity and overall risk. Any business where lots of cash changes hands is vulnerable to money laundering. It’s fairly simple to falsify income versus expenditures so that the “dirty money” appears to have been earned legitimately.

ATMs, restaurants and casinos are popular choices of money launderers. New companies and new products can also more easily hide suspicious activity, making them higher risk because regulators have no information on either. The number of new enterprises is huge, so it takes time to catch up to new criminal efforts.


Certain customer types are at higher risk than others. If you work with many cash-intensive businesses, you are more prone to compliance issues because of their compromised behavior.  You must assume that at least some of these organizations are engaged in illegal activity.

Any company that deals with many high-profile clients such as politicians and entertainers is at risk for money laundering. These people are vulnerable to blackmail or might be trying to avoid government taxes. It pays to be alert to potential problems with these politically exposed persons (PEPs).

Often, excessive dealings with foreign entities are a red flag, especially if they are countries with lax financial laws. Laundering money through off-shore accounts is one historically successful way to avoid AML enforcement.

You need to carefully assess customers who have a history of suspicious transactions, a cloudy background and no obvious way of earning income. They are an inherent risk to your compliance efforts. Know Your Customer (KYC) is a legal requirement and not just a suggestion. If you do not carefully monitor your customer risk, you may face crippling fines.

Geographic Location

The “where” is as important as the “who.” If your clients do business in certain geographical areas, you need to look at their transactions more closely. While some offshore investment is done simply to pay lower taxes legally, many countries qualify as high financial crime areas, particularly high drug trafficking areas. For instance, Haiti has the top ranking on the Basel AML Index partly because of government turmoil and partly because of its drug trade. Other countries and jurisdictions at the top of the index include:

  • Chad
  • Myanmar
  • The Democratic Republic of Congo
  • Republic of Congo
  • Mozambique
  • Gabon

If your clients show a high level of financial activity connected to those areas, they may be a serious problem for your organization. Your organization should regularly review this index and update your AML risk assessment methodology accordingly.

How to Conduct an AML Risk Assessment

You now know why you need to build an effective AML risk assessment system and understand the basic categories of risk. But how do you build a model that works for your company? Consider the following necessary steps to conduct a successful AML risk assessment.

Step 1: Get Organized and Hire a Compliance Officer

Your risk assessment process should rely on several basic elements. First, you need a compliance officer who is well-versed in AML regulations and how they apply to your organization. This compliance officer will be central to carrying out your risk management.

You will also need internal controls that include a formal document detailing your risk assessment procedure that has been approved by your board of directors. The risk assessment policy should include what risk level is acceptable for clients and how the financial activity will be monitored.

Step 2: Create AML Procedures

Once your risk assessment policy has been finalized, you will work with the compliance officer to institute procedures to practice customer due diligence, transaction monitoring and geographical location awareness.

Risk profiles are key to an effective policy. You will need to pay particular attention to higher-risk transactions and clients’ business relationships.

Step 3: Repeat the Process Annually

FINRA, a highly regarded, independent, non-government agency, dictates that many clients run independent testing every year, so an annual risk assessment for everyone is probably a good idea. At the very least, you should run one every two years. Doing so will lower your risk of money laundering activity and help you meet regulatory requirements. Your risk scores (low risk, high risk, highest risk) will then be up-to-date and help keep you compliant with AML regulations.

AML Risk Assessment FAQs

What is the role of beneficial ownership in AML risk assessments?

Beneficial ownership refers to identifying the individuals who ultimately own or control a legal entity. Assessing beneficial ownership helps financial institutions understand the potential risks associated with the entity’s ownership structure and determine the appropriate level of due diligence required.

How does ongoing monitoring contribute to AML risk assessments?

Ongoing monitoring involves regularly reviewing customer risk profiles to make sure they are still suitable to do business with. It helps financial institutions identify changes in customer behavior or patterns that may indicate potential money laundering or terrorist financing risks.

How does customer onboarding impact AML risk assessments?

Onboarding refers to the process of accepting and establishing a new customer relationship. A robust onboarding process includes conducting thorough AML risk assessments on new customers to ensure compliance with regulations and mitigate the risk of engaging in illicit activities.

Understanding the Importance of AML Risk Assessments

The necessity of a risk-based approach is clear. A risk assessment helps keep you safe from money-laundering schemes run by financial criminals. Without a plan in place, you risk your company’s reputation and financial health.

Creating an AML compliance program procedure is essential, but it doesn’t have to be difficult. Jumio’s AML Screening solution can quickly help you construct an effective risk assessment methodology that is cost-efficient and easy to implement.

To understand how Jumio can help with AML risk assessment, request information from a specialist today.

Originally published December 30, 2021


Get the latest updates from the Identity and Beyond blog, delivered to your inbox.

    Yes, I would like to receive periodic updates from the Jumio blog as well as marketing communications regarding Jumio products, services, and events. I can unsubscribe at any time.

    Jumio values your privacy. To learn more, visit our Privacy Statement.