In my last blog, I talked about the elements of an AML risk assessment program for banks.  We believe that a mature AML risk assessment program provides banks with the opportunity to identify and plan for emerging risks and changes in the bank’s risk profile. The program should be based upon a clear, consistent, data-driven methodology, used across the enterprise to quantify AML risks in an easily reportable way.

Our own research, and our work with clients in this area, have helped us to document best practices in designing and implementing such programs.  These consist of:

  • Governance and Framework – Ideally, there should be a single, enterprise-wide operating model which is consistent across lines of business and geographies, with ownership within the business.  The framework should incorporate formally defined structures, taxonomies, and reporting forums for senior management review of risk assessment outputs.
  • People – The program should include a variety of subject matter specialists from the lines of business and from areas such as Financial Crimes Compliance to create a broader view of AML risk and issue management.  While the program should leverage a dedicated team, it should also, as appropriate, use a center of excellence and/or a factory model, with offshore capability to help reduce costs.
  • Process – The AML risk assessment process should be clear, globally consistent and standardized across all lines of business and geographies.  It should use standard language and taxonomies to describe risk factors and should, where possible, incorporate both automated scoring and judgmental decision-making.
  • Data and Technology – The AML risk assessment should incorporate technologies that facilitate the automation of data feeds, reducing ad hoc data requests and data collation periods.  Standard risk factors should be clearly defined, along with the data elements required to measure risk factors.  In addition, trend analysis of control environments can help the team make improvements in controls as needed.



Different banks are at very different stages of maturity in terms of AML risk assessment capabilities.  In my next blog, I will look at the three major stages of development:  rudimentary, operational, and high performing.

For more information, view our presentation on how financial services firms can set-up an effective AML risk assessment program.

AML Risk Assessment Process

Submit a Comment

Your email address will not be published. Required fields are marked *