FMA releases new AML/CFT sector risk assessment
Yesterday, the Financial Markets Authority (FMA) released a new report, the ‘Anti Money Laundering and Countering Financing of Terrorism Sector Risk Assessment 2021’ (Sector Risk Assessment). The Sector Risk Assessment evaluates the money laundering and terrorism financing (ML/TF) risks posed specifically to the sectors supervised by the FMA, and updates and replaces the Sector Risk Assessment previously issued in 2017.
Who needs to read it? Why?
This update will be of significance to all reporting entities supervised by the FMA, as they must carry out an individual risk assessment of their business under section 58 of the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (AML/CFT Act). The FMA has explicitly stated in the Sector Risk Assessment that they expect reporting entities to review the updated Sector Risk Assessment and information for their relevant sector, review their own individual risk assessments, and to incorporate any new risks and findings into their assessment. Ultimately, the Sector Risk Assessment is intended to improve businesses’ understanding of the ML/TF risks in their sector, as well as identify trends and emerging issues.
Reporting entities supervised by either the Reserve Bank of New Zealand or the Department of Internal Affairs (DIA) will also find the Sector Risk Assessment of value, as the risks referred to may relate to their customers as well. The other AML/CFT supervisors periodically also publish similar risk assessments for the sectors they supervise.
What does it cover?
In total, the FMA supervises reporting entities in ten sectors under the AML/CFT Act. Each of the ten sectors is assigned a risk rating, which is an assessment of the inherent risks of ML/TF in that sector, that ranges from Low, to Medium-Low, to Medium-High, to High.
A snapshot of the risk ratings has been extracted from the Sector Risk Assessment, and is presented below:
In summary, none of the risk ratings for sectors that were included in the 2017 Sector Risk Assessment have changed. As the FMA has stated, “[t]he Climate for REs, including customer base and methods of payment and delivery, has not changed significantly”. The FMA has also clarified that the details contained in the National Risk Assessment 2019 have not influenced the risk rating classification for any of the sectors supervised by them.
The FMA has, however, included Virtual Asset Service Providers (VASPs) in its Sector Risk Assessment for the very first time. Nevertheless, as the FMA supervises only a very limited number of VASPs (with the DIA being the primary supervisor), they have largely deferred to the risk rating promulgated by the DIA (who have classified the ML/TF risks associated with VASPs as high), in their Sector Risk Assessment. The FMA notes for instance that “We expect all REs to familiarise themselves with the risks and vulnerabilities associated with VASPs and virtual assets, and incorporate this into your risk assessments where appropriate. At a minimum, REs should closely read the DIA’s sector risk assessment and guidance on VASPs”.
Reporting entities will want to remain abreast of the risks identified by their supervisors as being of particular concern for their sectors. Reporting entities should consider whether their risk assessments and AML/CFT programmes should be updated accordingly.
Sector Risk Assessments like these also provide an invaluable insight into the supervisors’ perspectives on these risks, particularly where they have been recently updated. FMA-supervised reporting entities should make use of this opportunity to refine their compliance.
If you have any questions in relation to the Sector Risk Assessment or are considering how it may impact your individual risk assessment or compliance programme, please contact one of our experts.