Financial Crime World

Implementing Risk-Based Customer Due Diligence (CDD) and Ongoing Monitoring (OM) under the German Money Laundering Act (GwG)

Overview

This guide provides a detailed framework for implementing risk-based customer due diligence (CDD) and ongoing monitoring (OM) under the German Money Laundering Act (GwG). The purpose of this guide is to outline the steps that obliged entities must take to identify, assess, and mitigate risks related to money laundering and terrorist financing.

Key Steps

Step 1: Risk Identification

To identify potential customers who may pose a higher risk, consider the following factors:

  • Business activities
  • Location
  • Existing knowledge or knowledge subsequently obtained by the undertaking
  • Analyze suspected cases in which the undertaking has been involved in the past
  • Exchange knowledge with anti-money laundering officers (AML officers) of other obliged entities

Step 2: Categorization and Weighting

Categorize identified risks into different risk groups using a three-level risk classification system:

  • High: all scenarios that are also included in this classification due to the high-risk classes defined by the legislation or based on the undertaking’s own risk assessment.
  • Medium: all scenarios that are not included in the high or low categories due to the undertaking’s own risk assessment.
  • Low: all scenarios where a low level of risk may be assumed.

Use various assessment methods, such as:

  • An assessment system subject to weightings for different risk factors
  • A fixed system where a high risk value for one individual factor is binding

Step 3: Risk Assessment

Assess the identified risks within the scope of the risk assessment using a three-level risk classification system (high, medium, low). Consider absolute criteria that automatically affect customer classification and/or entail specific safeguards. Document and justify risk-based deviations or exceptions.

Step 4: Implementation of Individual Prevention Measures

Implement individual internal safeguards based on the results of the risk assessment:

  • Determine prevention measures consistent with the risk assessment
  • Proceed carefully when implementing prevention measures for higher-risk customers

Step 5: Review and Development of Internal Safeguards

Review and develop internal safeguards while taking into consideration the outcome of the risk assessment:

  • Document changes made to the risk assessment
  • Provide the current version of the risk assessment to:
    • BaFin
    • Internal auditors (where applicable)
    • External auditors
    • The competent member of management

Conclusion

By following these steps, obliged entities can ensure that they are complying with the requirements of the GwG and mitigating risks related to money laundering and terrorist financing. This guide provides a comprehensive framework for implementing risk-based CDD and OM under the German Money Laundering Act.