Financial Crime World

Operational Risks and AML/CFT Controls: An Impact Analysis

The Central Bank of Kenya has emphasized the importance of assessing operational risks and their impact on Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CFT) controls. In a recent report, the bank highlighted the need for financial institutions to identify qualitative risk factors that directly or indirectly affect inherent risk.

Risk Factors

  • Significant strategy and operational changes
  • Structure of ownership/business
  • National risk assessments

These key qualitative risk factors can impact the likelihood of breakdowns in AML/CFT controls. Institutions must evaluate these risks to determine their inherent risk profile and develop policies, procedures, and processes to mitigate potential threats.

Detailed Analysis

A detailed analysis of data obtained during the identification stage is crucial in assessing ML/TF risk. This includes evaluating data on bank activities, such as:

  • Number of domestic and international funds transfers
  • Types of customers
  • Geographic locations

The analysis helps institutions understand their risk profile and develop targeted strategies to mitigate risks.

Risk Matrix

Institutions can use a risk matrix to assess risk levels and identify areas that require additional monitoring or attention. A risk matrix categorizes risks into:

  • Low-risk zones
  • Moderate-risk zones
  • High-risk zones

This allows institutions to prioritize efforts and resources effectively.

Evaluation of AML/CFT Program

Internal controls must be evaluated to determine their effectiveness in offsetting identified risks. Controls are programs, policies, or activities designed to prevent ML/TF risks from materializing. Each control is assessed for design and operating effectiveness, with ratings assigned based on predefined criteria.

Weighing and Scoring

A risk-based approach is used to calculate inherent risk, with each risk factor assigned a score reflecting its associated level of risk. Risk areas may be weighted to reflect their relative importance in the overall risk calculation.

Residual Risk

After considering inherent risk and control effectiveness, residual risk should be determined by balancing the level of inherent risk with the strength of risk management activities. Residual risk is used to indicate whether ML/TF risks are being adequately managed.

Reporting

The results of the ML/TF risk assessment should be presented to:

  • Senior management
  • The board
  • All business units and control functions

Reports can be presented in various formats, highlighting risks by factor recorded, such as:

  • Business division
  • Product type
  • Geography
  • Client types

Proposed action points should also be clearly indicated.

Annual Reporting

Institutions are required to submit an annual report on their ML/TF risk assessment results to the Central Bank of Kenya by December 31st of each year.

Contact Information

For further information or clarification, please contact:

The Director, Bank Supervision Department Central Bank of Kenya P. O. Box 60000 - 00200, Nairobi Tel: 2860000 Email: fin@centralbank.go.ke