Financial Institutions (“FIs”) are required to take a risk-based approach in their BSA/AML compliance programs. The risk-based approach provides FIs with a large degree of flexibility in determining their risk thresholds for certain types of customers and transactions. FIs are also required to document their approach by developing a Customer Risk Rating (“CRR”) methodology. International transactions carry different amounts of risk, depending on the jurisdiction. In order to evaluate the risks associated with connections to these jurisdictions, FIs should establish a country risk rating methodology to identify higher risk countries.
FIs typically use a high-risk country list for two primary purposes. The first purpose is to assign customers with a risk score as part of the institution’s due diligence processes. Institutions that have nonresidential aliens (“NRAs”) as customers can use the country of origin to assign a risk rating to the customer. The second purpose is for transaction monitoring to identify transactions that require further investigation. By identifying transactions involving countries of higher risk, the institution can dedicate additional resources to evaluate whether the transaction is suspicious.
A good country risk rating methodology should incorporate an analysis of the factors that contribute to a country’s risk. International jurisdictions pose two types of risks. The first involves the country’s susceptibility to predicate offenses that typically result in money laundering, such as corruption and illegal drug trade. The second type of risk is the country’s adherence to law and order, such as governance and corporate transparency. A country’s history of sanctions is also a critical environmental risk that should be incorporated into the FI’s country risk rating methodology. An evaluation of both risk categories form the foundation required to identify a country’s AML risk.
FIs have access to a wealth of legitimate resources that can help them build their risk rating model. Publicly-available lists from government agencies provide information and scoring mechanisms that can be used to identify countries more vulnerable to illicit funds. Some of the most commonly used lists include the US Department of State’s International Narcotics Control Strategy Report (“INCSR”), and sanctions lists from the Office of Foreign Asset Control (“OFAC”). The INCSR is published on an annual basis in two volumes, one for drug manufacturing and one for money laundering.
In addition to US government agencies, FIs can turn to nongovernmental organizations (“NGOs”), such as the World Bank, Transparency International, and Tax Justice Network to collect information relating to the predicate offenses or threat environment within a specified country. Transparency International publishes the Corruption Perceptions Index on an annual basis, which extracts data from 13 sources to assess the quality of the country’s governance and accountability in relation to corruption. The Tax Justice Network’s Financial Secrecy Index takes on new importance in light of recent focus on tax evasion and the use of offshore secrecy havens.
FIs may also choose to consult international sources such as the Financial Action Task Force (“FATF”) guidance, or European Union (“EU”) Tax Haven Blacklist to consider additional factors when assigning a risk score to a specific country. The EU Tax Haven Blacklist evaluates transparency, fair tax competition, and real economic activity.
After identifying the sources that will be used in the country risk rating methodology, the FI should implement processes to update the list on an annual basis, at minimum, to ensure the most current reports are being utilized. An accurate assessment of a country’s AML risks for countries is critical to developing a model that measures customer and transactional risks.
Our Financial Crimes Advisory practice has helped multiple institutions develop a country risk rating methodology to address emerging financial crime threats. Let us help you develop a proactive approach to address the global threat environment.