Entire Section

  • AML 4 AML 4 Applying a Risk-Based Approach

    Figure 1. The Risk-Based Approach (RBA)

    Derived from RM117/2013 [VER9/07-13]

    • AML 4.1 AML 4.1 The Risk-Based Approach

      • AML 4.1.1 AML 4.1.1

        A Relevant Person must:

        (a) assess and address its AML risks under this module by reviewing the risks to which the person is exposed as a result of the nature of its business, customers, products, services and any other matters which are relevant in the context of money laundering and then adopting a proportionate approach to mitigate those risks; and
        (b) ensure that, when undertaking any risk-based assessment for the purposes of complying with a requirement of this module, such assessment is:
        (i) objective and proportionate to the risks;
        (ii) based on reasonable grounds;
        (iii) properly documented; and
        (iv) reviewed and updated at appropriate intervals.
        Derived from RM117/2013 [VER9/07-13]
        [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]

        • AML 4.1.1 Guidance

          1. Rule 4.1.1 requires a Relevant Person to adopt an approach to AML which is proportionate to the risks. This is called the "risk-based approach" ("RBA") and is illustrated in figure 1 above. The DFSA expects the RBA to be a key part of the Relevant Person's money laundering compliance culture and to cascade down from the senior management to the rest of the organisation. Embedding the RBA within its business allows a Relevant Person to make decisions and allocate AML resources in the most efficient and effective way.
          2. In implementing the RBA, a Relevant Person is expected to have in place processes to identify and assess money laundering risks. After the risk assessment, the Relevant Person is expected to monitor, manage and mitigate the risks in a way that is proportionate to the Relevant Person's exposure to those money laundering risks. The general principle is that where there are higher risks of money laundering, a Relevant Person is required to take enhanced measures to manage and mitigate those risks, and that, correspondingly, when the risks are lower, simplified measures are permitted.
          3. The RBA discourages a "tick-box" approach to AML. Instead a Relevant Person is required to assess relevant money laundering risks and adopt a proportionate response to such risks. The outcome of using the RBA is akin to using a sliding scale, where the type of CDD undertaken on each customer will ultimately depend on the outcome of the risk-based assessment made of such customer under this chapter.
          4. The Rules regarding record-keeping for the purposes of this module are in section 14.4. These Rules apply in relation to Rule 4.1.1(b)(iii).
          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]