- General Risk Assessment
The documentation of the risk assessment should map out all potential threats, vulnerabilities, and risk factors that your business faces. The analysis should provide an overview of the risks for your company to be exploited for money laundering or terrorist financing. Each business is unique, and even if two companies are in the same industry, risks can vary depending on services, types of customers, and employee structure.
The goal of your internal procedures is to clarify for your staff how to work to prevent money laundering and terrorist financing. Procedures should be designed based on the general risk assessment and include guidelines for processes related to customer identification, monitoring of business relationships, reporting of suspected activities, and employee training.
- Know Your Customer (KYC)
Before initiating a new business relationship or conducting a single transaction that meets certain criteria, you must have sufficient knowledge (Know Your Customer/KYC) about the customer. This means identifying the customer's business purpose, verifying the customer's identity, and determining if there is any underlying beneficial owner or politically exposed person (PEP).
- Risk Classification of the customer
Based on the customer due diligence information, you should determine the risk level of the specific customer. This risk profile is created by conducting a comprehensive assessment of the customer, the purpose of the business relationship, and other risk indicators. The risk can be classified on a scale, such as low, medium, high, to clearly indicate the risk level.
- Continuous monitoring
Ongoing business relationships or multiple related transactions require constant monitoring. The two key aspects of continuous monitoring are keeping customer due care updated and being attentive to any deviations in the customer's behavior. All abnormal patterns should be documented and reviewed for suspicion of illegal activity.
If you detect signs that your own business could be exploited for money laundering, you are obligated to report this to the financial police.
- Employee training
Companies covered by the Money Laundering Act need to ensure that employees undergo training on measures to prevent money laundering and terrorist financing at least annually.
By being thorough in these aspects, companies can not only avoid criminal penalties but also contribute to creating a more transparent and secure financial environment.