Risk-based Approach (RBA)

What is the Risk-based Approach (RBA)?

FATF Definition:

A RBA to AML/CFT means that countries, competent authorities and financial institutions, are expected to identify, assess and understand the ML/TF risks to which they are exposed and take AML/CFT measures commensurate to those risks in order to mitigate them effectively.

When assessing ML/TF risk, countries, competent authorities, and financial institutions should analyse and seek to understand how the ML/TF risks they identify affect them; the risk assessment therefore provides the basis for the risk-sensitive application of AML/CFT measures. The RBA is not a “zero failure” approach; there may be occasions where an institution has taken all reasonable measures to identify and mitigate AML/CFT risks, but it is still used for ML or TF purposes.

A RBA does not exempt countries, competent authorities and financial institutions from mitigating ML/TF risks where these risks are assessed as low.

The Rationale For A New Approach

In 2012, the FATF updated its Recommendations to strengthen global safeguards and to further protect the integrity of the financial system by providing governments with stronger tools to take action against financial crime.

One of the most important changes was the increased emphasis on the RBA to AML/CFT, especially in relation to preventive measures and supervision. Whereas the 2003 Recommendations provided for the application of a RBA in some areas, the 2012 Recommendations consider the RBA to be an ‘essential foundation’ of a country’s AML/CFT framework. This is an over-arching requirement applicable to all relevant FATF Recommendations.

According to the Introduction to the 40 Recommendations, the RBA ‘allows countries, within the framework of the FATF requirements, to adopt a more flexible set of measures in order to target their resources more effectively and apply preventive measures that are commensurate to the nature of risks, in order to focus their efforts in the most effective way’.

The application of a RBA is therefore not optional, but a prerequisite for the effective implementation of the FATF Standards.