Project Description


“If you don’t invest in risk management, it doesn’t matter which business you are in, it is a risky business.” – Gary Cohn

Whilst the specific requirements have been developed and refined over the last 12 years the need for businesses in the regulated sector to separately risk assess the business, the use of technology and each individual client for the risk of money laundering or terrorist financing has been around since 2008.

It would be true though to say that the focus of the regulator up until recently has largely been on the risk assessments of customers and clients.  In recent years, however, the regulator has been placing a greater emphasis on the importance of the business and technological risk assessments as evidenced by some of the more recent civil penalties.

The risk-based approach is central to the effective implementation of the AML/CFT Code. Applied appropriately businesses in the regulated sector identify, assess, and understand the money laundering and terrorist financing risks to which they are exposed, and take AML/CFT measures commensurate to those risks in order to mitigate them effectively, thereby enabling businesses to focus their resources where the risks are higher.

The development of the ML/TF risk assessment is a key starting point for the application of the risk based approach as the intensity and depth of risk mitigation measures including customer due diligence depends on the ML/TF risks faced by the business.

As with any other risk management system there are significant benefits to be gained from adopting an appropriate risk-based approach to money laundering and terrorist financing including:

  • Meeting the statutory and legal obligations on the business
  • To facilitate better strategic decision making which takes into account the risk of ML/TF and expected impact on compliance costs when considering new markets and product development
  • Enable the business to focus their resources where the risks are higher, thereby reducing the costs of compliance
  • Enable the business to take on legitimate business from the more profitable high risk jurisdictions with the appropriate controls
  • Know your customer practices enable the business to understand how and why their products and services are being consumed leading to enhanced market knowledge and improved product development
  • Increase the quality of business undertaken
  • Reduce operational costs arising from poor quality business and therefore reduce the potential volatility of earnings
  • Protect the reputation of the business and the wider Isle of Man plc

However, spending too much time assessing and managing unlikely risks can divert resources that could be used more profitably.  The risk assessments required by the AML/CFT Code should be commensurate with the nature, size and complexity of the business. This means that a simple risk assessment might be enough for smaller or less complex businesses, and that where entities are part of a group, risk assessments should take into account group-wide risk appetites and frameworks.

At Rowany Solutions we recognise and agree with FATF that tt is also important to recognise that adoption of the risk based approach can not be a “zero failure” approach; there may be occasions where a business has taken all reasonable measures to identify and mitigate AML/CFT risks, but it is still used for ML or TF purposes.  In these instances it is important to be able to demonstrate compliance with the AML/CFT Code and the documentation, maintenance and review of the risk assessments are a key part of that evidence.

Rowany AML Risk Solutions can assist in the development of tailored assessment methodologies appropriate for the nature, scale and complexity of the business helping clients to assess the threats to their business and to identify how the company may be vulnerable to the exploitation of its products and services by criminals.  Understanding these two critical aspects of risk is key to protecting your business from the significant reputational harm of regulatory action or adverse press.
Alternatively, we can provide an independent third party evaluation of the company’s current business and technological risk assessments for compliance with the AML/CFT Code.


Contact Francesca on 200740 to see how we might be able to help.

Keep up to date with the latest news from Rowany and hear about our projects, performance and people.

Sign up to our newsletter to keep informed

Newsletter Signup