The Institute of Continuous Professional Training and Education (ICPTE) offers an extensive variety of Pre-Recorded and Live Online Courses created by Professional and qualified Instructors with years of experience in their field.

ICPTE platform allows You the flexibility to watch online pre-recorded seminars at Your own convenience, at Your own pace, in Your own time and place. Start watching a seminar today and complete it at Your own time. You can have access from anywhere. We work with professional and qualified instructors with years of experience in their field.

Explore all seminars.

What is the purpose of a Risk Based Approach?

  • To comply with legal obligations
  • To pay highest attention when risk is greatest
  • To adopt a risk management process
  • To perform a risk analysis
  • To identify higher risk areas
  • To manage and mitigate ML/TF risks
  • To design proportionate procedures based on assessed risk
  • To establish reasonable controls
  • To exercise reasonable business judgement
  • To effectively manage potential money laundering and terrorist financing risks
  • To provide an appropriate and effective control structure to manage identifiable money laundering and terrorist financing risks

Comply with legal obligations

The application of risk based approach is fundamental to comply with the Law, the EU directive and the FATF recommendations. It forms the foundations on which the firms’ AML policies, controls and procedures, and more importantly firm’s CDD and staff training procedures should be based on. Therefore, it is of paramount importance for a holistic and dynamic risk-based approach to be used.

Greatest risks – highest attention

The principle is that resources should be directed in accordance with priorities so that the greatest risks receive the highest attention.

Risk management process

Adopting a risk-based approach implies the adoption of a risk management process for dealing with money laundering and terrorist financing. This process encompasses recognizing the existence of the risk(s), undertaking an assessment of the risk(s) and developing strategies to manage and mitigate the identified risks.

Risk analysis

A risk analysis must be performed to determine where the money laundering and terrorist financing risks are the greatest. Countries will need to identify the main vulnerabilities and address them accordingly.

Identification of higher risk – Customer, Product/Services, Delivery Channels, Geographical Locations

Firms will need to identify higher risk customers, products and services, including delivery channels, and geographical locations. These are not static assessments. They will change over time, depending on how circumstances develop, and how threats evolve.

Manage and mitigate ML/TF Risks

The strategies to manage and mitigate the identified money laundering and terrorist financing risks in financial institutions are typically aimed at preventing the activity from occurring through a mixture of preventing measures (e.g. appropriate CDD measures), detection (e.g. monitoring and suspicious transaction reporting), and record-keeping so as to facilitate investigations.

Procedures based on assessed risk

Proportionate procedures should be designed based on assessed risk. Higher risk areas should be subject to enhanced procedures. This would include measures such as enhanced customer due diligence checks and enhanced transaction monitoring. It also follows that in instances where risks are low, simplified or reduced controls may be applied.

Establishment of reasonable controls

There are no universally accepted methodologies that prescribe the nature and extent of a risk-based approach. However, an effective risk-based approach does involve identifying and categorizing money laundering risks and establishing reasonable controls based on risks identified.

Reasonable business judgement

An effective risk-based approach will allow Firms to exercise reasonable business judgement with respect to their customers. Application of a reasoned and well-articulated risk-based approach will justify the determinations of Firms with regard to managing potential money laundering and terrorist financing risks and allow Firms to exercise reasonable business judgement with respect to their customers.

Effective management of potential ML/TF risks

A risk-based approach should not be designed to prohibit Firms from engaging in transactions with customers or establishing relationships with potential customers, but rather it should assist Firms to effectively manage potential money laundering and terrorist financing risks.

Regardless of the strength and effectiveness of AML/CFT controls established by Firms, criminals will continue to attempt to move illicit funds through the financial sector undetected and will, from time to time, succeed.

A reasonably designed RBA

A reasonably designed and effectively implemented risk-based approach will provide an appropriate and effective control structure to manage identifiable money laundering and terrorist financing risks.

However, it must be recognized that any reasonably applied controls, including controls implemented as a result of a reasonably implemented risk-based approach will not identify and detect all instances of money laundering or terrorist financing.

Therefore, regulators, law enforcement and judicial authorities must take into account and give due consideration to the Firm’s well reasoned risk-based approach. When Firms do not effectively mitigate the risks due to a failure to implement an adequate risk-based approach or failure of a risk-based programme that was not adequate in its design, regulators, law enforcement or judicial authorities should take necessary action, including imposing penalties, or other appropriate enforcement/regulatory remedies.

Why RBA is useful for firms?

The application of RBA assists firms to identify the areas of operations where ML / TF risks emanate and assess those risks. Consequently, Licensed Firms are able to focus and distribute their resources and efforts in ways that improve their AML / CFT controls and mitigate more effectively their ML / TF risks.

In addition to the above a risk-based approach:

a) recognises that the money laundering or terrorist financing threat varies across customers, countries, services and financial instruments;

b) allows the board of directors to differentiate between customers of the Obliged Entity in a way that matches the risk of its particular business;

c) allows the board of directors to apply its own approach in the formulation of policies, procedures and controls in response to the Obliged Entity’s particular circumstances and characteristics;

d) helps to produce a more cost effective system; and

e) promotes the prioritisation of effort and actions of the Obliged Entity in response to the likelihood of money laundering or terrorist financing occurring through the use of services provided by the Obliged Entity.

What are the main benefits of the RBA?

  • RBA requires Firms to engage with AML thoughtfully
  • RBA helps Firms to better manage their risks and cost-benefits (you do not have to apply the same resources everywhere)
  • RBA helps Firms to focus on real AML/CFT risks (rather than rigid checklist compliance) which allows for:
    • Better risk mitigation
    • Better cost-benefit
  • RBA provides flexibility to adapt to risks that change over time
  • RBA is less inconvenience to the majority of legitimate customers
  • With RBA there is no single blueprint for the launderer to discover and find a way around
  • With RBA Firms are better placed to assess their own individual ML/TF risk exposure

Higher Risk … More resources

The benefits of an RBA are that an entity can target resources to the areas of highest risk of ML/TF, ensure compliance costs are proportionate to the risks faced by the Firm, the impact on clients is minimised, where possible, and the Firm is more likely to have the flexibility to respond to emerging ML/TF risks.

Benefits for all parties

The adoption of a risk-based approach to combating money laundering and terrorist financing can yield benefits for all parties including the public.

Efficient and effective use of resources

Applied effectively, the risk-based approach should allow Firms and supervisory authorities to be more efficient and effective in their use of resources and minimise burdens on customers. Focusing on higher risk threats should mean that beneficial outcomes can be achieved more effectively.

Cost effectiveness

The risk-based approach is not designed to be an easy option, nor is it necessarily the cheapest; this approach is about maximising benefits and not cost cutting. This is why we seek a more risk-based regime, to ensure money invested in money laundering prevention is done so effectively and efficiently, reducing wastage, concentrating on real risk and maximising the benefits to society.


The FCA neither expects nor desires a zero failure regime as that would certainly be disproportionate. What we want to see is firms taking reasonable steps to identify and strengthen the weak links in their defences. Proportionate spending targeted at the real weak points in our systems means that it becomes more difficult for criminals to launder their ill-gotten gains.


The risk-based approach recognises that a lot of the expertise in assessing risk lies with the firms because are firms who have the knowledge and experience of their customers and products. Good risk-based regulation requires firms’ senior management to manage risk and use their knowledge of their firm to develop systems that uniquely address the specific risks that they face.

Development of appropriate RBA for your organisation

Efforts to combat money laundering and terrorist financing should also be flexible in order to adapt as risks evolve. As such, Firms will use their judgment, knowledge and expertise to develop an appropriate risk-based approach for their particular organisation, structure and business activities.

According to the UK FCA: “A truly risk-based system will display a number of positive attributes: cost effectiveness, flexibility and proportionality. These features are essential for a regulatory regime that seeks to deliver value for money while successfully disrupting the criminals who would seek to use our financial system.”

    Relevant online seminars:

    Risk-Based Approach for Administrative Service Providers (ASPs)

    Identifying ML/TF risk factors and business-wide and individual risk assessments