MUMBAI: The Reserve Bank of India (RBI) on Thursday issued a directive to banks, Non-Banking Financial Companies (NBFCs), and other entities regulated by it, advising them to utilise information from all relevant internal and external sources for their risk assessment processes.
RBI-regulated entities (REs) are required to periodically conduct a ‘Money Laundering and Terrorist Financing Risk Assessment’ to identify, assess, and take effective measures to mitigate risks related to Money Laundering (ML), Terrorist Financing (TF), and Proliferation Financing (PF) across clients, countries or geographic areas, products, services, transactions, or delivery channels.
In line with this, the central bank has introduced 'The Internal Risk Assessment Guidance for Money Laundering/ Terrorist Financing' for REs, particularly targeting staff responsible for Anti-Money Laundering (AML), Countering Financing of Terrorism (CFT), and Counter Proliferation Financing (CPF).
The guidance outlines key principles for conducting an internal risk assessment (IRA) exercise.
"The enterprise-level risk assessment forms the bedrock of the Risk-Based Approach (RBA). It enables the REs to understand how and to what extent they are vulnerable to ML/TF/PF risks, which helps in determining the allocation of attention and AML/CFT resources necessary to mitigate that risk," the RBI noted.
The RBI highlighted that REs should use information from both internal and external sources for the IRA exercise. Internal sources may include business-specific data, along with relevant information from other verticals, such as fraud, cyber, and IT risk management departments.
“To properly understand the products/services and the associated ML/TF risks, the IRA team may include officials, for instance, from the product/service owner department, internal audit function, compliance function, etc.,” it stated.
The central bank also stressed the need to avoid a siloed approach where only the AML team is involved in the IRA exercise.
Additionally, REs are encouraged to adopt a data-oriented, objective approach to prevent any form of bias in the IRA process. Ensuring the quality of data inputs is critical to producing meaningful and useful results.
The RBI further noted that, given the ever-changing business environment and the increasing complexity of banking and financial products, there is always a potential exposure to heightened ML, TF, or PF risks. These risks are compounded by the use of emerging technologies and new methods of payment, the central bank added.