Why crypto firms should complete AML/CFT business risk assessments

In a time where the cryptocurrency industry is going from strength to strength, becoming authorised by a financial services regulator is the crucial aim for industry players.

For those firms that have been authorised, the next step for many is to be required to submit an AML/CFT business risk assessment (BWRA). Depending on the length of operation, companies may have already undertaken a BWRA where they have assessed the forms of financial crime risks to which the business could be exposed, and the controls needed to cut those risks.

In a recent post by RegTech Arctic Intelligence, the company highlighted four reasons why virtual asset services providers should take the time and invest the effort to complete a BWRA and keep it up to date.

Firstly, the company highlighted that completing a BWRA is not just about financial crime risks and controls, but also understanding how much financial crime risk a company is happy to work with. Arctic said, “If your business claims to have a ‘zero tolerance’ for financial crime, how does that translate in terms of the types of customers you accept, the products you promote and the jurisdictions you accept business from? What does this mean in terms of the sorts of controls you apply and when it will exit a relationship?”

The completion of a BWRA allows a business to set a baseline for its risk appetite, Arctic claims, rather than forcing managers to undertake the task of dealing with customers on a case-by-case basis – a highly time-consuming task – each time elevated financial crime risks are present.

The second reason cited by Arctic is that a firm’s BWRA is in their platform to justify tech spend, resource asks and other financing requests.

The company said, “Banks and other regulated institutions understand that it pays to pro-actively identify areas where controls need improvement or adjustment, rather than wait for the regulator to come calling. A solid BWRA that includes a clear roadmap describing work needed to bring controls up to an acceptable level, demonstrates the business has evaluated where resources are most needed to address the greatest financial crime risks. It provides AML/CFT teams with logical justification where those changes involve financial investment.”

By making sure such items are tracked and completed once approved, this allows companies to plan resourcing across their different teams who may need to be involved and prioritise the measures necessary to ensure that risks stat within their risk appetite.

Thirdly, Arctic underlined that a company’s BWRA is their ‘validation source’ for AML/CFT discussions.

The firm remarked, “A well-thought-out BWRA that is kept up to date is essential when it comes to discussions about your AML/CFT programme. This applies whether those discussions happen with members of management or an external party, such as a bank or a payment provider with whom you want to open an account.  Sending pages and pages of policies, procedures, PowerPoint presentations of operating models etc. as evidence that you have an AML/CFT compliance programme, forces an external stakeholder to try and interpret whether your AML/CFT programme is well thought out and relevant. In some cases, we have seen this backfire where external parties end up forming the view that the business has a greater exposure to FC risks, than is actually the case.”

The company added that by providing key stakeholders with a BWRA summary gives them a clear and concise view of the threats the firms have assessed and how they are mitigated. Further, this demonstrates the seriousness with which a business takes the detection and prevention of financial crime. Most importantly, however, it enables the firm to keep discussions about AML/CFT focused on how it prevents financial crime rather than the extent to which it understands its financial crime risk exposure.

The final key reason for Arctic is that a company’s BWRA acts as a ‘diviner’ of emerging risks.

Arctic stressed, “Your BWRA, when maintained in the right way, can act as a diviner of emerging risks that can arise from these types of changes.  Setting a baseline criterion for when it’s time to review the data used to conduct the BWRA can help the business to identify risks and vulnerabilities early and allow it to deal with them before actual financial crime manages to take place.  It allows the business to spot where new financial crime risks is creeping up, allowing it to address them as soon as possible, not just waiting once yearly only to then discover the risk has grown and not been effectively controlled.”

The company concluded, “Completing a BWRA offers several benefits to VASPs, beyond placing a “tick in the box” for one of their AML/CFT requirements. When maintained in an effective way, a BWRA can support a business in its growth, by providing it with the means to plan for and respond to FC risks that might compromise those plans. Harnessing good technology to complete and maintain a BWRA is a great way to do so. “

Copyright © 2022 RegTech Analyst

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst

Investors

The following investor(s) were tagged in this article.