Financial Institutions (FIs) are at an inherit risk of facilitating money laundering and terrorist financing as well as being exposed to broader financial crime. Governments seek to mitigate these risks within the financial system by placing specific legal requirements on FIs through regulation. Most money laundering regulations are developed from inter-governmental organisations and bodies who form and develop policies to identify and combat money laundering.

Regulated FIs have to conform to Anti-Money Laundering (AML) regulations which include controls regarding governance. Whilst all FIs are exposed to a level of risk in relation to money laundering certain institutions, such as payment institutions are exposed to less risk than banks and credit institutions.

The level of risk an FI will be exposed to in relation to money laundering will depend on the nature of the business they undertake, the nature of their clients and the locations they operate in. These risks can be mitigated by having a clearly defined and effective AML Risk Framework.

An effective AML risk framework must have board level ownership and oversight. Setting the correct “tone from the top” is a key element in setting out the parameters of an effective AML risk framework as well as instilling the correct level of awareness and control within the organisation.

Objective of an AML Risk Framework

To ensure that an institution is always fully compliant with the relevant legislation relating to financial crime and money laundering, and acts in a reputable way considering the interests of the wider community, the regulator and its customers, the FI should define and regularly review the parameters of its risk framework as well as the relevant AML policies and procedures. These documents will describe at a strategic level and guide at an operational level, the management of risk related controls created for identifying and preventing financial crime within the relevant businesses.

Implementation & monitoring

The interpretation of the AML Risk Framework into appropriate policies is the responsibility of the MLRO (or equivalent). These policies should be reviewed on a regular basis and must be aligned to the specific risk of the FI, current regulations as well as industry best practice.

A regular and independent maturity assessment of these policies will maintain their effectiveness, impartiality and alignment to the risk framework of the organisation and should reduce the risk of the FI being used for, or exposed to, money laundering and/or terrorist financing.

This Insight is an introduction to a whitepaper “Key Elements of an Effective AML Risk Framework” which will be published in December 2019.

We work with key stakeholders from the board level down to understand, assess and review the financial crime compliance framework currently in place. This involves:

  • Review of board level governance

  • Review of Governance Framework with specific focus on AML controls

  • Review of current policies and procedures

  • Regulatory rules mapping of the institutions regulatory permissions against current regulations and the FCA Handbook.


By Tom Griffiths, Associate Director at Lysis Group