What are the key components of an effective methodology for conducting business-wide risk assessments for money laundering?
Abstract
This paper explores the core components of an effective methodology for conducting business-wide risk assessments (BWRAs) for money laundering (ML), terrorist financing (TF) and proliferation financing (PF), a key regulatory requirement central to the UK’s Money Laundering Regulations (MLR) 2017. Despite the long-standing emphasis on the risk-based approach (RBA) in both UK and international standards, recent enforcement actions by the Financial Conduct Authority (FCA) reveal persistent weaknesses in regulated firms’ implementation of this obligation. Through a diagnostic framework grounded in ISO 31000, the international standard for risk management, this paper analyses FCA enforcement notices issued over the past decade to identify thematic failings in risk assessment, risk treatment and governance. The paper then evaluates the extent to which current industry guidance, namely the Joint Money Laundering Steering Group (JMLSG) Guidance Notes, adequately addresses these shortcomings. The findings suggest that although the guidance aligns with regulatory expectations, it disproportionately emphasises customer due diligence (CDD) at the expense of broader risk governance and fails to distinguish clearly between key risk assessment elements: identification, analysis and evaluation. The paper argues for a more holistic, process-oriented approach to BWRAs, with enhanced guidance on risk mapping, iterative control calibration and the integration of customer and transaction-level assessments into firm-wide risk management. Readers will gain practical insights into how to strengthen the effectiveness of their BWRAs by aligning them more closely with established risk management standards and by interpreting enforcement findings through a process-focused lens, thereby enhancing regulatory compliance and financial crime risk mitigation. This article is also included in The Business & Management Collection which can be accessed at https://hstalks.com/business/.
The full article is available to subscribers to the journal.
Author's Biography
Matt Russell is a Senior Executive at Avyse Partners, with over two decades of experience advising on financial crime risk and compliance across the financial services and corporate sectors. His work spans the full spectrum of financial crime risk domains, including anti-money laundering, fraud, bribery and corruption, sanctions compliance, market abuse and tax evasion. He has supported clients through the assessment, design and implementation of proportionate systems and controls, tailored to their specific risk exposures and regulatory obligations. Matt has acted for a broad range of institutions, both in advisory and skilled person capacities, and has also supported regulatory and enforcement agencies directly. Notably, he was appointed as the Financial Conduct Authority’s expert witness in its first criminal prosecution of a bank under the UK Money Laundering Regulations. Drawing on extensive engagement with regulated firms, Matt brings a practical and outcome-focused perspective to improving financial crime compliance. He has observed the persistent disconnect between the resources committed to financial crime controls and the continued scrutiny and sanctions levied by regulators. His current work seeks to bridge this gap, helping firms to reassess the effectiveness of their frameworks and move beyond compliance for its own sake towards risk management approaches that are truly fit for purpose.
