The Financial Action Task Force (FATF) is an important global money laundering and terrorist financing watchdog. As one of the most influential intergovernmental organization, the FATF sets international standards in the implementation of legal, regulatory and operational measures for combating any threats to the integrity of the international financial system. The FATF ensures a global response to prevent crime and terrorism by monitoring countries to ensure that standards are implemented fully and effectively. The FATF also holds countries accountable for non-compliance, carrying the power to sanction such countries and severely hinder their international and financial relations.

To combat money laundering and terrorist financing, FATF has advocated the use of a risk-based approach for the effective implementation of FATF recommendations – a comprehensive and consistent framework of measures that countries should adopt.

What is RBA and why is it important?

A risk-based approach requires different countries, financial institutions and competent authorities to identify, assess and understand the money laundering and terrorist financing risks to which they are exposed and take preventive AML/CFT measures that are commensurate to those risks. RBA promotes flexibility in the adoption of measures within the framework of the FATF requirements.  

RBA is considered to be a prerequisite – an overarching foundation for all relevant FATF’s recommendations in a country. FATF standards necessitate nationals to have a robust AML/CFT system and the extent to which a country’s legal and institutional framework is producing the expected results will be assessed. As such, one of the criteria for assessment will be their risk-based prevention and mitigation. Therefore it is mandatory to have AML/CFT supervision and enforcement to be in adherence to the FATF standards and this cannot be undervalued.

Effective supervision by regulators as well as supervisors is essential because financial services play an important role in deterring money laundering and terrorism financing from flowing into the international financial system.

How to implement RBA?

RBA can be implemented by firstly having a risk assessment system in place. The level of risk for each customer is calculated after screening and customers are typically split into low, medium and high risk levels. From there, enhanced measures can be taken in a situation where the risks are higher and reduced to simplified measures when the risks are lower. For example, conducting Enhanced Due Diligence (EDD) on customers with high risk. 

Companies can then prioritize and focus their efforts in a more effective way when they allocate resources and apply preventive measures that are commensurate to the nature of risks. This approach serves to avoid the consequence of inappropriate de-risking behaviour – where institutions choose to exit a relationship with a client instead of managing these risky clients. 

In addition to risk assessment, risk controls should be put in place as a mitigating measure, and to ensure that all risks are properly managed. One such important control is ongoing monitoring, whereby customers are re-screened based on a frequency tagged to their risk level, as such allowing the company to keep up with possible new changes in a customer’s risk profile over time. 

Transaction monitoring is the next step of risk assessment after determining risk profiles of each customer. This requires financial institutions to proactively monitor transactions to keep up with any changes in risks surrounding a customer and to report unusual transactions based on analysis and comparison against the customer’s risk profile.

Guidances that outline the design and implementation of this approach for different financial industries such as banks, virtual currencies, and securities sectors, etc can be found on the FATF website. These guidances serve to provide effective supervision and enforcement by AML/CFT supervisors in the financial and law sector. Apart from these financial institutions, the nation should extend this to other institutions, sectors or activities if they pose a higher risk of money laundering and terrorist financing. Lastly, the guidance also clarifies the interplay with the role of law enforcement agencies.

Automating with Advanced Solutions

With the need for risk assessment to be conducted accurately and consistently, manual controls can be highly inefficient. Implementing a robust compliance solution can allow risk assessment to be automated and risks to be easily identified. Regtank offers a comprehensive solution that takes into consideration the RBA, to help businesses manage risks and AML processes in the most effective way possible.

Contact us at for a demo!