Anti-Money Laundering and Countering Financing of Terrorism Act 2009

58 Risk assessment


Before conducting customer due diligence or establishing an AML/CFT programme, a reporting entity must first undertake an assessment of the risk of money laundering and the financing of terrorism (a risk assessment) that it may reasonably expect to face in the course of its business.


In assessing the risk, the reporting entity must have regard to the following:


the nature, size, and complexity of its business; and


the products and services it offers; and


the methods by which it delivers products and services to its customers; and


the types of customers it deals with; and


the countries it deals with; and


the institutions it deals with; and


any applicable guidance material produced by AML/CFT supervisors or the Commissioner relating to risk assessments; and


any other factors that may be provided for in regulations.


The risk assessment must be in writing and—


identify the risks faced by the reporting entity in the course of its business; and


describe how the reporting entity will ensure that the assessment remains current; and


enable the reporting entity to determine the level of risk involved in relation to relevant obligations under this Act and regulations.