The Risk Based Policy & Procedures


Perhaps the biggest change to the Regulations is more a change in approach than in hard and fast rules. This is the encoding into the Regulations of the risk-sensitive approach, intended to provoke a proportionate response to any potential money laundering risk, in preference to the ‘tick-box’ approach. 

Most firms are already likely to have policy and procedures, however informal for the determination of reduction of the risks faced by the firm in relation to the professional/client relationship. This may range in simple terms range from a client who has excellent books and records, takes his obligations to compliance in a responsible manner and pays on time, to a lower determination of a client who has incomplete records, is always late submitting the information into the firm and there is a history of always having to chase for payment.

It is now a case of integrating these existing management policies and procedures into our anti-money laundering risk and management system. Some larger firms may wish to operate two separate management systems but regard should be had for the content and criteria of both. In both situations robust anti-money laundering policy and procedures help control our business in relation to safeguarding our reputation and our profitability.

By developing our risk profile, which is peculiar to our particular business, it will enable us to develop our risk based policies and allow us to operate, manage and mitigate our risk in the most effective way in relation to both cost and time requirements. In effect we are;-

Identifying the risks which are relevant to our business and designing and implementing controls to manage and mitigate these risks, and record their operation, and be able to demonstrate this to a supervisor.

The Regulations require the establishment of procedures that are appropriate and risk-sensitive:

‘Appropriate’ means that your policies and procedures should be reasonable, within the bounds of normal professional practice and ethics. You are not required to start an investigation of your client or ask for information that you as a accounting professional would not normally ask for.

‘Risk sensitive’ means a proportionate response to the risks that you can realistically predict to encounter. Put simply, while you should not be superficial in devising or implementing your policies and procedures, you should not be over-zealous. You should do more when circumstances suggest a higher risk, and less when they suggest a lower risk, but no more and no less than justified by the level of risk that you have assessed. Considering the broader picture, there are two distinct advantages to the risk sensitive approach. It allows you to:

  • dedicate less time, effort and expense in applying the Regulations in respect of the majority of your clients. Therefore focusing more resources in respect of the higher risk clients, which are in the minority.
  • more fairly balance competing interests:
    -society’s interests – not to be suffer crime and terrorism
    -your clients’ interests– not to have their privacy violated unnecessarily
    -your own interests – to help protect the accountant/client relationship and to follow your job description without unwieldy and oppressive bureaucracy.