What is a Risk Based Approach (RBA) in Anti-Money Laundering (AML) Compliance?
An RBA in AML Compliance is a methodology that focuses on identifying, assessing, and mitigating money laundering and terrorist financing risks in a way that is proportional to the level of risk associated with customers, transactions, and business relationships.
The Wolfsburg Group, which is by no doubt one of the financial world’s leading advocacy groups, has published numerous reviews, reports, and recommendations on various Anti-Money Laundering topics regarding the Banking world. In the Wolfsburg report of 2019 (readily available on the Wolfsburg Group website) regarding using a Risk Based approach in Sanctions Screening, one of the key takeaways was the following statement:
“Where a risk-based approach may be appropriate, notwithstanding the strict liability nature of sanctions compliance”
In breaking down the sentence in the Wolfsburg report, we understand that the application of a risk-based approach in the context of sanctions compliance is subject to strict liability. Yet, what is the actual meaning of Strict Liability in Sanctions AML Compliance? This is rather simple, since under strict liability, an entity can be held responsible for violations regardless of whether there was intent, negligence, or knowledge of the violation. In other words, this means that companies or individuals may face penalties if they breach sanctions, even unintentionally.
An important follow-up question is: do we truly understand what a Risk-Based Approach is?
I can confidently state that most of the industry does not. The common miscomputation of a Risk-Based Approach is deciding on laxing the controls in sanction screening, such as changing to a Higher Threshold thus reducing Alerts and False Positives, yet this would not be a Risk-Based Approach but a clear violation of the law. Where in fact, a risk-based approach involves prioritizing resources and efforts based on the likelihood and potential impact of a violation within the law framework.
Coming back to the sentence, understanding the key Idea behind it is that it acknowledges that while sanctions compliance typically imposes strict liability (requiring absolute adherence), it may still be practical or appropriate to use a risk-based approach. For instance, organizations might prioritize higher-risk transactions, geographies, or clients for enhanced due diligence while applying less scrutiny to low-risk areas. In summary, the sentence implies that despite the uncompromising nature of sanctions compliance (strict liability), a risk-based strategy might still be relevant and defensible when managing compliance efforts effectively in resolving alerts and implementing additional information to dispose effectively of alerts, but the Compliance Framework must take above all a Strick Liability approach.
Article by Gideon Drori, Fincom’s Co-Founder and CEO
About Fincom
Fincom is a leading provider of compliance solutions that include OFAC/Sanctions screening, Sanctions Screening for Trade Finance, Verification of Payee (VOP), Auditing tools, Perpetual KYC (pKYC), Sanctions Screening for ACH transactions, and more. Through innovative technology and comprehensive service offerings, the company enables Financial Institutions, Insurance Firms, Fintechs, and others to efficiently navigate complex regulatory requirements while ensuring compliance with global standards. Fincom’s commitment to accuracy, efficiency, and customer-focused innovation positions it at the forefront of the rapidly evolving compliance technology sector.
