• AML-C.2 AML-C.2 Risk Assessment

    • AML-C.2.1

      [This Paragraph was deleted in January 2022].

      Deleted: January 2022
      Added: January 2020

    • AML-C.2.2

      [This Paragraph was deleted in January 2022].

      Deleted: January 2022
      Added: January 2020

    • AML-C.2.3

      [This Paragraph was deleted in January 2022].

      Deleted: January 2022
      Added: January 2020

    • AML-C.2.4

      [This Paragraph was deleted in January 2022].

      Deleted: January 2022
      Added: January 2020

    • AML-C.2.5

      [This Paragraph was deleted in January 2022].

      Deleted: January 2022
      Added: January 2020

    • AML-C.2.6

      [This Paragraph was deleted in January 2022].

      Deleted: January 2022
      Added: January 2020

    • AML-C.2.7

      Capital Market Licensees must ensure that it takes measures to identify, assess, monitor, manage and mitigate ML/TF/PF risks to which it is exposed and that the measures taken are commensurate with the nature, scale and complexities of its activities. The risk assessment must enable the licensee to understand how, and to what extent, it is vulnerable to ML/TF/PF.

       

      Added: January 2022

    • AML-C.2.8

      In the context of the risk assessment, “proliferation financing risk” refers to the potential breach, non-implementation or evasion of the targeted financial sanctions obligations referred to in FATF Recommendation 7.

       

      Added: January 2022

    • AML-C.2.9

      The risk assessment must be properly documented, regularly updated and communicated to the capital market licensees senior management. Licensees must have in place policies, controls and procedures, which are approved by senior management, to enable them to manage and mitigate the risks that have been identified. In conducting its risk assessments, the capital market licensees must consider quantitative and qualitative information obtained from the relevant internal and external sources to identify, manage and mitigate these risks. This must include consideration of the risk and threat assessments using, national risk assessments, sectorial risk assessments, crime statistics, typologies, risk indicators, red flags, guidance and advisories issued by inter-governmental organisations, national competent authorities and the FATF, and AML/CFT/CPF mutual evaluation and follow-up reports by the FATF or associated assessment bodies.

      Amended: January 2023
      Added: January 2022

    • AML-C.2.10

      Capital Market Licensees must assess country/geographic risk, customer/investor risk, product/ service/ transactions risk and distribution channel risk taking into consideration the appropriate factors in identifying and assessing the ML/TF/PF risks, including the following:

      a) The nature, scale, diversity and complexity of its business, products and target markets;
      b) Products, services and transactions that inherently provide more anonymity, ability to pool underlying customers/funds, cash-based, face-to-face, non face-to-face, domestic or cross-border;
      c) The volume and size of its transactions, nature of activity and the profile of its customers;
      d) The proportion of customers identified as high risk;
      e) Its target markets and the jurisdictions it is exposed to, either through its own activities or the activities of customers, especially jurisdictions with relatively higher levels of corruption or organised crime, and/or deficient AML/CFT/CPF controls and listed by FATF;
      f) The complexity of the transaction chain (e.g. complex layers of intermediaries and sub intermediaries or distribution channels that may anonymise or obscure the chain of transactions) and types of distributors or intermediaries;
      g) The distribution channels, including the extent to which the Capital market licensee deals directly with the customer and the extent to which it relies (or is allowed to rely) on third parties to conduct CDD and the use of technology; and
      h) Internal audit, external audit or regulatory inspection findings.

       

      Added: January 2022

    • Country/Geographic risk

      • AML-C.2.11

        Country/geographic area risk, in conjunction with other risk factors, provides useful information as to potential ML/TF/PF risks. Factors that may be considered as indicators of higher risk include:

        (a) Countries identified by credible sources, such as mutual evaluation or detailed assessment reports or published follow-up reports, as not having adequate AML/CFT/CPF systems;
        (b) Countries or geographic areas identified by credible sources as providing funding or support for terrorist activities, or that have designated terrorist organisations operating within their country;
        (c) Countries identified by credible sources as having significant levels of corruption or organized crime or other criminal activity, including source or transit countries for illegal drugs, human trafficking and smuggling and illegal gambling;
        (d) Countries subject to sanctions, embargoes or similar measures issued by international organisations such as the United Nations Organisation; and
        (e) Countries identified by credible sources as having weak governance, law enforcement, and regulatory regimes, including countries identified by the FATF statements as having weak AML/CFT/CPF regimes, and for which financial institutions should give special attention to business relationships and transactions.

         

        Added: January 2022

    • Customer/Investor risk

      • AML-C.2.12

        Categories of customers which may indicate a higher risk include:

        (a) The business relationship is conducted in unusual circumstances (e.g. significant unexplained geographic distance between the financial institution and the customer).
        (b) Non-resident customers;
        (c) Legal persons or arrangements that are personal asset-holding vehicles;
        (d) Companies that have nominee shareholders or shares in bearer form;
        (e) Businesses that are cash-intensive;
        (f) The ownership structure of the company appears unusual or excessively complex given the nature of the company’s business;
        (g) Customer is sanctioned by the relevant national competent authority for non-compliance with the applicable AML/CFT/CPF regime and is not engaging in remediation to improve its compliance;
        (h) Customer is a PEP or customer’s family members, or close associates are PEPs (including where a beneficial owner of a customer is a PEP);
        (i) Customer resides in or whose primary source of income originates from high-risk jurisdictions;
        (j) Customer resides in countries considered to be uncooperative in providing beneficial ownership information; customer has been mentioned in negative news reports from credible media, particularly those related to predicate offences for AML/CFT/CPF or to financial crimes;
        (k) Customer’s transactions indicate a potential connection with criminal involvement, typologies or red flags provided in reports produced by the FATF or national competent authorities;
        (l) Customer is engaged in, or derives wealth or revenues from, a high-risk cash-intensive business;
        (m) The number of STRs and their potential concentration on particular client groups;
        (n) Customers who have sanction exposure; and
        (o) Customer has a non-transparent ownership structure.

         

        Added: January 2022

    • Product/Service/Transactions risk

      • AML-C.2.13

        An overall risk assessment should include determining the potential risks presented by product, service, transaction or the delivery channel of the Capital market licensees. A Capital market licensees should assess, using an RBA, the extent to which the offering of its product, service, transaction or the delivery channel presents potential vulnerabilities to placement, layering or integration of criminal proceeds into the financial system.

         

        Added: January 2022

      • AML-C.2.14

        Determining the risks of product, service, transaction or the delivery channel offered to customers may include a consideration of their attributes, as well as any associated risk mitigation measures. Products and services that may indicate a higher risk include:

        (a) Private banking;
        (b) Anonymous transactions (which may include cash);
        (c) Non-face-to-face business relationships or transactions;
        (d) Payment received from unknown or un-associated third parties;
        (e) Products or services that may inherently favour anonymity or obscure information about underlying customer transactions;
        (f) The geographical reach of the product or service offered, such as those emanating from higher risk jurisdictions;
        (g) Products with unusual complexity or structure and with no obvious economic purpose;
        (h) Products or services that permit the unrestricted or anonymous transfer of value (by payment or change of asset ownership) to an unrelated third party, particularly those residing in a higher risk jurisdiction; and
        (i) Use of new technologies or payment methods not used in the normal course of business by the conventional bank licensee.

         

        Added: January 2022

    • Distribution channel risk

      • AML-C.2.15

        A customer may request transactions that pose an inherently higher risk to the conventional bank licensee. Factors that may be considered as indicators of higher risk include:

        (a) A request is made to transfer funds to a higher risk jurisdiction/country/region without a reasonable business purpose provided; and
        (b) A transaction is requested to be executed, where the licensee is made aware that the transaction will be cleared/settled through an unregulated entity.

         

        Added: January 2022

      • AML-C.2.16

        Capital market licensees should analyse the specific risk factors, which arise from the use of intermediaries and their services. Intermediaries’ involvement may vary with respect to the activity they undertake and their relationship with the Capital market licensees. Capital market licensees should understand who the intermediary is and perform a risk assessment on the intermediary prior to establishing a business relationship. Licensees and intermediaries should establish clearly their respective responsibilities for compliance with applicable regulation.

         

        Added: January 2022