(AML-CFT Law Article 16.1(a) and AML-CFT Decision Article 4.1)

A well-documented assessment of the identified inherent risk factors (see Section 4.1, Risk Factors) is fundamental to the adoption and effective application of reasonable and proportionate ML/FT risk-mitigation measures. Thus, the result of such an ML/TF business risk assessment allows for a systematic categorisation and prioritization of inherent and residual ML/FT risks, which in turn allows FIs to determine the types and appropriate levels of AML/CFT resources needed for mitigation purposes.

An effective ML/TF business risk assessment is not necessarily a complex one. The principle of a risk-based approach means that FIs’ risk assessments should be commensurate with the nature and size of their businesses. FIs with smaller or less complex business models may have simpler risk assessments than those of institutions with larger or more complex business models, which may require more sophisticated risk assessments.