Anti-Money Laundering and Countering Financing of Terrorism Act 2009

58 Risk assessment

(1)

Before conducting customer due diligence or establishing an AML/CFT programme, a reporting entity must first undertake an assessment of the risk of money laundering and the financing of terrorism (a risk assessment) that it may reasonably expect to face in the course of its business.

(2)

In assessing the risk, the reporting entity must have regard to the following:

(a)

the nature, size, and complexity of its business; and

(b)

the products and services it offers; and

(c)

the methods by which it delivers products and services to its customers; and

(d)

the types of customers it deals with; and

(e)

the countries it deals with; and

(f)

the institutions it deals with; and

(g)

any applicable guidance material produced by AML/CFT supervisors or the Commissioner relating to risk assessments; and

(h)

any other factors that may be provided for in regulations.

(3)

The risk assessment must be in writing and—

(a)

identify the risks faced by the reporting entity in the course of its business; and

(b)

describe how the reporting entity will ensure that the assessment remains current; and

(c)

enable the reporting entity to determine the level of risk involved in relation to relevant obligations under this Act and regulations.