Four steps to a risk-based approach to AML in auditing and accounting

The EU's Anti-Money Laundering Directives (AMLDs) require auditors and accountants to implement a risk-based approach to anti-money laundering. In this article, we will discuss four steps to take to adopt a risk-based approach.
Man in a white shirt sitting at a desk with a pen in his hand, looking into the distance.

The EU's Anti-Money Laundering Directives (AMLDs) require auditors and accountants to use a risk-based approach against money laundering and terrorist financing.

This approach entails adopting compliance measures according to the specific risks encountered. It is a flexible and structured approach to managing the risks of money laundering and terrorist financing.

A risk-based approach requires a high level of preparation, which can present some challenges. 

To effectively implement a risk-based approach, you must consider the following four steps: 

Step 1: Identify money laundering and terrorist financing risks

The first step is identifying the scope of the business's audit and accounting services and their potential risks, such as being involved in or facilitating money laundering.

The scope should look at internal and external factors, such as:

  • the nature and scope of the services;
  • client profile and behaviour;
  • geographical location and jurisdiction;
  • regulations and expectations;
  • industry practices and standards;
  • and trends.

Step 2: Evaluate the risk level

The second step towards adopting a risk-based approach to anti-money laundering is to assess the level and nature of the risks.

This involves risk assessments measuring the likelihood and impact of each risk relating to processes, activities or assets. The risk assessments should be documented and based on a consistent and transparent methodology.

The risk assessments should then be approved by management and other stakeholders.

Step 3: Reduce the risks

The third step is to implement a risk-based programme that includes:

  • Know-your-customer: You need to identify the background of all customers and understand the nature and purpose of each business relationship. Remember that there should be enhanced due diligence for high-risk customers, such as politically exposed persons. 
  • Reporting: The company should report all suspicious or unusual transactions and behaviour to the relevant authorities.
  • Training: A supervised entity should ensure regular staff training on the risks of money laundering and terrorist financing and compliance measures.
  • Internal controls: Compliance processes should be properly implemented and monitored. This includes various measures, such as policies, procedures, roles and responsibilities, reporting, accountability and independent reviews.

Step 4: Monitor the risks and measures

The fourth step is to continuously review the risks and effectiveness of the implemented measures.

You should also keep up-to-date with the changes in financial crime risks and adapt your compliance processes and practices accordingly.

Next steps

To successfully put in place a risk-based approach, you need to adopt continuous improvement practices, such as:

  • Regularly follow the recommendations from relevant authorities and stakeholders.
  • Use tools that can facilitate identifying and assessing financial crime risks, such as basic information gathering and documentation systems and screening when onboarding new customers.
  • Seek advice and guidance from actors with experience and knowledge of a risk-based approach.
  • Develop internal awareness of risk and mitigation through procedures, knowledge and values.