The Reserve Bank of India (RBI) has released the “Internal Risk Assessment Guidance for Money Laundering/ Terrorist Financing Risks” referred to as the “Guidance Note” to support its Regulated Entities’ (REs) Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) compliance efforts.

The Guidance Note is divided into three chapters, detailing the risk factors, broad principles, methodologies, risk mitigation plans, etc., that Regulated Entities should take into account while conducting their Internal Risk Assessment (IRA).

The following is a brief description of these chapters:

Chapter 1 of RBI’s Internal Risk Assessment Guidance for ML-TF Risks

This chapter outlines the Regulated Entities’ obligation to conduct an IRA and adopt a risk-based approach. It also provides key principles to be followed while conducting the internal risk assessment exercise. These principles include:

  • Conducting a dual-level IRA, that is, business level and individual level.
  • Using the IRA to determine the level of Customer Due Diligence (CDD) applicable to specific situations, customers, products, services, delivery channels.
  • Adopting two distinct steps during risk assessment: identification of money laundering and terrorism financing ML/TF risks and assessment of these risks and associated impact.
  • Considering a range of Inherent Risk factors and control risk types.
  • Incorporating the findings of internal sources (e.g. information from other verticals such as IT, cyber, etc) and external sources (e.g. National Risk Assessment, FATF reports, etc).
  • Avoiding a siloed approach.
  • Adopting a data oriented objective approach.
  • Conducting a group-wide assessment.
  • Properly documenting the IRA process to enable the stakeholder to get a comprehensive view.
  • Periodically reviewing the IRA.

Chapter 2 of RBI’s Internal Risk Assessment Guidance for ML-TF Risks

This chapter provides the ML/TF risk factors to be considered, and the broad steps involved in implementing the methodology that can be used to conduct the IRA. These broad steps are:

  • Identifying the general and specific ML/TF risk factors (Inherent Risks) and classifying the risk factors for risk categorisation.
  • Determining the Internal AML/CFT controls to be adopted to mitigate the risks identified.
  • Assessing Residual Risks.

Chapter 3 of RBI’s Internal Risk Assessment Guidance for ML-TF Risks

This chapter details the follow-up measures to be taken by regulated entities after conducting the IRA exercise. It also explains how to incorporate proliferation financing (PF) risks while conducting the IRA.

Download the Guidance for Money Laundering/ Terrorist Financing Risks to gain a comprehensive understanding of conducting and implementing a robust and effective IRA.

Download: RBI’s Internal Risk Assessment Guidance for ML-TF Risks