Taking out a loan can feel like a big decision and it is! Often, an offer comes in the mail for...
The Reserve Bank of India issued a notification for an amendment to Master Direction on KYC (Know Your Customer) wherein the regulated entities must carry out money laundering and terrorist financing risk assessment exercises periodically. The first assessment is required to be carried out by 30 June 2020.
This concept arises from the recommendations of the Financial Action Task Force, also known as FATF. It has provided detailed guidance on Terrorist Financing risk assessment. As both Money Laundering and Terrorist Financing are linked the guidelines also covers the Money Laundering risk assessment.
Terrorist Financing is a form of a risk that functions through threat, vulnerability and consequence. It runs the risk that the funds or other assets are raised, stored or used for a terrorist or terrorist organization in the form of legitimate or illegitimate funds or any other assets.
The process of risk assessment of a financial sector entity like NBFC doesn’t need to be complicated, but it should be commensurate with the size and nature of its business. A simple risk assessment is enough for especially small or less complex NBFCs.
The risk assessment process by NBFCs based on the FATF guiding principles may be divided into the following stages:
The process of risk assessment shall begin with information collection on different variables such as information on the general criminal environment, terror financing and terror threats etc. Such information can be collected externally or internally.
The Directorate of Enforcement deals with the matters of Money Laundering and Terrorist Financing in India. It has the information and the list of terrorists. Moreover, the information can also be availed from the Central Bureau of Investigation (CBI).
Once the information is collected, the jurisdiction and the sector-specific threats must be identified based on such information. Although the identification of the threat must be based on the national level, it should not be limited to it only. It must be aligned with the size and nature of the business entity.
The NBFCs must look at the controls that are placed including the quality of risk management policy, functioning of internal functions etc.
In this process, it must be known how the identified threats are going to impact the entity. Factors like the nature, scale, diversity and complexity of their business must be considered while assessing the risks. Apart from it, the regulatory findings and the internal audit must also be considered.
The volume and size of its transaction must be kept in the picture while assessing the risk. The NBFCs must complement this information with the information received from internal as well as external sources.
When terrorist financing threats and their vulnerabilities are identified, then it is vital to know how these interact to form risks. It includes consideration of how domestic or foreign terrorist financing threats can take advantage of identified vulnerabilities. The analysis also consists of the assessment of potential consequences.
After the threats and vulnerabilities are analyzed, the NBFCs are required to develop and implement policies to mitigate the risks associated with the ML and TF. Customer Due Diligence (CDD) processes must be formed to understand and identify their customers by requiring them to collect information on their profession and the need for financial services by them.
Once the assessment is completed the impact of the risk must be recorded, and measures to mitigate the risks must be provided. The information forming the basis of the risk assessment process must be updated timely, and where there is a significant change in the information, the process of risk assessment must be carried out.