To thoroughly implement the risk-based approach to anti-money laundering and counter-terrorist financing (AML/CFT), and enhance the ability of incorporated financial institutions to identify money laundering and terrorist financing (ML/TF) risks, the Anti-Money Laundering Bureau (AMLB) of the People’s Bank of China (PBC) recently developed and released the Guidance on the Self-Assessment by Incorporated Financial Institutions on ML/TF Risks (hereinafter referred to as the Guidance).
The Guidance, applicable to all kinds of financial institutions and non-bank payment institutions, offers instructions to the institutions on carrying out risk self-assessment and putting self-assessment results into effective use. The assessment framework outlined in the Guidance composes of two major parts, namely inherent risks and ML/TF risk controls. Inherent risks are assessed from four dimensions, namely geographical factors, customer bases, types of products and businesses, and types of sales channels, while the assessment of risk controls covers three levels, including the assessment of AML/CFT internal control basis and environment, ML/TF risk management mechanisms, as well as special control measures targeting inherent risks of all kinds. As stressed in the Guidance, senior management should be responsible for the self-assessment of incorporated financial institutions with extensive participation of various departments. The financial institutions should lead and finish risk self-assessment themselves, and ensure that the third-party professional institutions hired optionally for risk self-assessment only play a supporting role. The Guidance encourages the institutions to appropriately design and optimize the categorization of assessment items as well as relevant indicators based on their business operations, and calls for the institutions which hold duties in this regard to innovate the methodologies of risk self-assessment and establish routinized assessment systems and information systems. In addition, it allows small and medium-sized entities which hold duties in this regard to adopt simplified assessment methodologies, and appropriately relaxes the time frame for full-scope self-assessments.
The self-assessment of ML/TF risks is not only fundamental for financial institutions to develop ML/TF risk control policies and measures, but also a key stage for them to transfer from passively meeting compliance requirements to proactively managing ML/TF risks with regard to their performance of AML/CFT duties. As required, all types of financial institutions and non-bank payment institutions should formulate or revise their risk self-assessment policies based on the requirements of the Guidance within 2021, and complete a full-scope risk self-assessment that complies with the Guidance by end-2022. In the next step, the PBC will, in exercising AML/CFT regulation, further intensify the supervision, guidance, and inspection of financial institutions in their implementation of the Guidance, and take the quality of risk self-assessment as a key respect in evaluating the effectiveness of their AML/CFT work, with a special focus placed on the rationality of assessment methodologies and indicators, the importance attached to risk self-assessment by senior management, the participation of relevant departments, and the use of self-assessment results.
