In order to ensure the highest quality of our services, we use small files called cookies. When using our website, the cookie files are downloaded onto your device. You can change the settings of your browser at any time. In addition, your use of our website is tantamount to your consent to the processing of your personal data provided by electronic means.

Back

Communication no. 36 on the risk assessment of the obligated institution

Being competent, pursuant to Article 12(1)(11) of the Act of 1 March 2018 on Counteracting Money Laundering and Financing of Terrorism (Journal of Laws of 2021, item 1132, as amended) – hereinafter referred to as the “AML Act”, to share knowledge and information regarding provisions on counteracting money laundering and financing of terrorism, the General Inspector of Financial Information – hereinafter referred to as the “General Inspector”, draws attention to the following issues.
 
I.    Selected provisions of the Act on Counteracting Money Laundering and Financing of Terrorism.
In the light of Article 27(1) of the AML Act, obligated institutions shall identify and assess the risk of money laundering and financing of terrorism relating to their business activities, taking into account risk factors relating to customers, countries or geographic areas, products, services, transactions or their delivery channels. These activities are proportional to the nature and size of the obligated institution.
Pursuant to Article 33(2) – (4) of the AML Act, obligated institutions shall identify the risk of money laundering and financing of terrorism related to business relationships or occasional transactions and assess the level of the identified risk. Obligated institutions shall document the identified risk of money laundering and financing of terrorism related to business relationships or occasional transactions and its assessment, taking into account, in particular, factors related to: type of customer; geographical area; purpose of the account; type of products, services and methods of their distribution; level of assets deposited by the customer or value of transactions performed; the purpose, regularity or duration of the business relationship.
 
II.    Difference between an overall risk assessment and individual risk assessment.  
The General Inspector reminds and emphasises that:
•    Article 27(1) of the AML Act concerns the identification and assessment of risk related to money laundering and financing of terrorism associated with the overall business activity of the obligated institution – irrespective of a specific and individual business relationship and a specific and individual occasional transaction (the so-called “overall risk assessment”),
•    Article 33(2) and (3) of the AML Act concerns the identification and assessment of the risk of money laundering and financing of terrorism associated with a specific and individual business relationship of the obligated institution and its customer or a specific and individual occasional transaction (the so-called “individual risk assessment”).
However, it must not be forgotten that the overall risk assessment affects the individual risk assessment and vice versa. When identifying and assessing the risk of money laundering and financing of terrorism associated with a specific business relationship or occasional transaction, the obligated institution should use information and conclusions drawn from the overall risk assessment. The conclusions drawn from carrying out individual risk assessments should feed into the ongoing updates of the overall risk assessment.
 
III.    Good practice regarding the risk assessment of the obligated institution.
The General Inspector points out that on 15 April 2020, the Polish Financial Supervision Authority published “Position of the Office of the Polish Financial Supervision Authority on the risk assessment of the obligated institution”.[1]
Although the above document was addressed to obligated institutions supervised by the Polish Financial Supervision Authority (financial market entities, e.g. banks), the good practice presented therein can be applied to all obligated institutions. It should also be taken into account that the activities related to the identification and assessment of risk of money laundering and financing of terrorism relating to the business activities of the obligated institution are proportional to its nature and size. Therefore, the General Inspector encourages those interested to read the document in question and to adapt the conclusions resulting therefrom to the scope and nature of business activity pursued.
 
IV.    Practical aspects of overall risk assessment.
Each obligated institution should know and understand the risk of money laundering and financing of terrorism to which it is exposed due to the nature and scope of its business activity.
It should be emphasised that the overall risk assessment must absolutely be adapted to the nature and scope of business activity carried out by the obligated institution. The General Inspector warns that the use of models of general risk assessment (for example those available in open sources) without their careful adaptation to the specific and individual nature and scope of its business activity exposes the obligated institution to being accused of having failed to comply with a statutory obligation. It is worth emphasising that obligated institutions that carry out similar business activity may identify completely different risks related to money laundering and financing of terrorism.
•    Example
As part of its business activity, the obligated institution establishes relations during a direct meeting with the customer as well as on a remote basis. The institution’s customers include customers based in a virtual office. In its overall risk assessment, the obligated institution has assumed, among others, that the risk associated with establishing a relationship during a direct meeting with a customer is assessed as normal. The risk assessment lacks provisions on the assessment of the risk associated with the provision of services (establishing a relationship) through a remote channel. According to the risk assessment, the risk associated with the relationship with a customer based in a virtual office is normal. Since the general risk assessment was prepared, the obligated institution has submitted notifications to the General Inspector regarding circumstances that may indicate a suspicion of committing money laundering or financing of terrorism. In most of the notifications, it was the customer’s seat (i.e. virtual office) that, along with other circumstances, prompted their submission.
•    Assessment of the steps taken by the obligated institution
The steps taken by the obligated institution should be assessed negatively. First of all, it should be indicated that the obligated institution failed to identify and assess the risk related to the provision of services (establishing business relationships) using a remote channel. Moreover, despite sending notifications to the General Inspector, the obligated institution did not update the overall risk assessment with regard to establishing and maintaining relationships with customers based in a virtual office. It should be assumed that considering the customer’s seat (virtual office) as one of the circumstances that may indicate a suspicion of committing money laundering or financing of terrorism should induce the verification of and change in the overall risk assessment (for example, the risk related to the relationship with a customer based in a virtual office should be increased).
The above example shows that obligated institutions should draw conclusions from their business activity (practices, knowledge and experience) and update their risk assessments on an ongoing basis.
 

{"register":{"columns":[]}}