Entities – regulated entities – according to their activities, nature, size, and operations, must identify, evaluate, and understand their risks of money laundering and asset laundering (AML), financing of terrorism (FT) and the financing of proliferation of weapons of mass destruction (FPADM), with the objective of implementing controls aimed at ensuring that the identified risks are effectively mitigated.
Based on the assessment and identification of LDAFTFPADM risks as an initial step, regulated entities should apply a risk-based approach (RBA) to ensure that the controls and policies developed for the prevention of LDAFTFPADM are commensurate with the risks previously identified. The RBA should form an essential basis for the allocation of resources by regulated entities, with the general principle being to apply intensified measures for major risks and simplified measures for minor risks.
LDAFTFPADM risk analysis should be part of the procedures established by the compliance units, since, if well defined, it will allow us to identify the risk profile of each client and counterparty for the entity. There are many methods used to carry out a LDAFTFPADM risk analysis, one of the main ones being the elaboration of a risk matrix.
A risk matrix is a tool for identifying a variety of hazards inherent in an entity’s activities, and from which a diagnosis can be made of the main risks to which a company is exposed by its customers or counterparties. The first step in its preparation is to identify the risk factors under which customers and counterparties will be evaluated, which must be related to the type of activity of the entity. Among the main risk factors contained in a matrix are the following:
- Type of customers.
- Products and services.
- Geographical locations.
- Transactional profile.
Once the evaluation and identification of LDAFTFPADM’s risks has been carried out under the parameters defined above, a more exhaustive analysis of the results obtained must be performed to determine the controls and policies that will be implemented to mitigate the risks previously identified.
A risk matrix is a tool for identifying a variety of hazards inherent in an entity’s activities, and from which a diagnosis can be made of the main risks to which an entity is subject.
Therefore, based on all the aspects mentioned above, the importance of preparing a correct compliance matrix is evident in the controls implemented by the entity for the mitigation of LDAFTFPADM risks, being among its main objectives, to have controls proportional to the identified risks, which will have a close link with an efficient implementation of tangible and intangible resources in the operation of a company.