Description
Lesson 1: Definition and Purpose of EWRA
- Definition: EWRA is a strategic and comprehensive process used by financial institutions to identify, assess, and mitigate money laundering (ML) and terrorist financing (TF) risks across the entire organization.
- Purpose: It periodically evaluates potential risks across all business units, products, services, customer types, and geographic locations.
- The Risk Equation: Risk occurs when a threat (a person or group with harmful intent) takes advantage of a vulnerability (inherent features of a product or sector) to produce a consequence (harm to the financial system or society).
Lesson 2: Regulatory Requirements for EWRA
- Primary Law: Requirements are anchored in Law 20/2019, which details articles on customer due diligence, risk management, and internal controls.
- Implementing Regulations: These set specific obligations for regulated entities to assess risk and perform enhanced due diligence for higher-risk activities.
- Specific Jurisdictions: For entities within the QFC zone, compliance with the QFC AML/CFTR Rules is mandatory.
Lesson 3: Role of the Compliance Department
- Strategic Ownership: The Money Laundering Reporting Officer (MLRO) is responsible for independently performing the EWRA using the bank’s compliance governance framework.
- Centralization: While tactical mitigation may be delegated to business units (first line of defense), the overall strategic assessment is centralized under the Compliance Division.
- Key Responsibilities: Compliance ensures regulatory alignment, conducts training and awareness, and manages the ongoing monitoring and review of risks.
Lesson 4: Assessment of Risks (Inherent and Residual)
- Inherent Risk: This is the “natural” risk level present in a customer, product, or transaction before any controls are applied. It is determined by factors such as customer type, business activity, and geographic location.
- Vulnerability Assessment: Identifying vulnerabilities requires analyzing the size and complexity of business lines, the types of customers engaged, and the methods of service delivery (e.g., online vs. in-person).
- Residual Risk: This is the remaining risk exposure after accounting for the effectiveness of management controls.
- The Formula: Inherent Risk ± Controls = Residual Risk.
Lesson 5: Structured Data-Driven Risk Scoring Methodology
- Expert Judgment: Inherent risk scoring is grounded in professional judgment, subject matter expertise, and institutional knowledge rather than just numerical data.
- Rating Dimensions: Risks are rated based on their Likelihood (probability of occurrence) and Impact (magnitude of severity).
- Scoring Scales: Likelihood is rated from 1 (Rare) to 5 (Almost Certain), while Impact is rated from 1 (Insignificant) to 5 (Severe).
Lesson 6: Documentation and Reporting of EWRA Results
- Core Outputs: The EWRA process generates a Risk Assessment Report, a Risk Mitigation Plan, a Risk Register/Heat Map, and a Board/Management Summary.
- Board Oversight: Final results are presented annually to the Board Audit, Risk & Compliance Committee for acknowledgement.
- Application of Results: Findings are used to design triggers, red flags, and scenarios for account monitoring, ensuring high-risk customers receive deeper scrutiny
Reviews
There are no reviews yet.