RBI Directs Banks to Use All Sources for Risk Assessment

Mumbai, Oct 10 (PTI) The Reserve Bank of India on Thursday asked banks, NBFCs, and other entities regulated by it to use information obtained from all relevant internal and external sources for their risk assessment exercise.

Reserve Bank's Regulated entities (REs) have to carry out ‘Money Laundering and Terrorist Financing Risk Assessment' exercise periodically to identify, assess and take effective measures to mitigate their Money Laundering (ML), Terrorist Financing (TF) and Proliferation Financing (PF) risks for clients, countries or geographic areas, products, services, and transactions or delivery channels.

In this regard, the central bank has issued 'The Internal Risk Assessment Guidance for Money Laundering/ Terrorist Financing' for the REs, particularly for the dealing staff and the Anti-Money Laundering (AML)/ Countering Financing of Terrorism (CFT) / Counter Proliferation Financing (CPF) practitioners of the REs.

It specifies key principles for an internal risk assessment (IRA) exercise.

"The enterprise-level risk assessment forms the bedrock of RBA (Risk-Based Approach). It enables the REs to understand how and to what extent they are vulnerable to ML/TF/PF risks which help REs in determining the allocation of attention and AML/CFT resources necessary to mitigate that risk," the RBI said.

REs should use information obtained from all relevant internal and external sources for the IRA exercise, it said.

Internal sources include data/information from specific business relevant information from other related verticals of REs (such as fraud/cyber/IT risk management verticals).

"To properly understand the products/services and the associated ML/TF risks, the IRA team may include officials, for instance, from the product/service owner department, internal audit function, compliance function, etc," it said.

The central bank also emphasised that a siloed approach wherein only the AML team is involved in the IRA exercise should be avoided.

It further said REs may endeavor to adopt a data oriented objective approach to avert any kind of bias in the IRA exercise while quality of data inputs would need to be ensured so that the results are meaningful/useful.

RBI said that in an ever changing business environment and the increasing level of complexities in the banking and other financial products offered by banks and other regulated entities, there is always a likely exposure to the elevated money laundering, terrorist financing, or proliferation financing risks.

The risks are further multiplied as use of emergent technologies and newer methods of payments enter the scene, it added.