AMLG 3.1.2 Approach to risk mitigation must be based on suitable methodology

(1) The intensity of a firm's approach to the mitigation of its money laundering and terrorism financing risks must be based on a suitable methodology (a threat assessment methodology) that addresses the risks that it faces.
(2) A firm must be able to demonstrate that its threat assessment methodology:
(a) includes:
(i) identifying the purpose and intended nature of the business relationship with each customer; and
(ii) assessing the risk profile of the business relationship by scoring the relationship;
(b) is suitable for the size, complexity and nature of the firm's business;
(c) is designed to enable the firm:
(i) to identify and recognise any changes in its money laundering and terrorism financing risks; and
(ii) to change its threat assessment methodology as needed; and
(d) includes assessing risks posed by:
(i) new products and services; and
(ii) new or developing technologies.
(3) A firm must also be able to demonstrate that its practice matches its threat assessment methodology.
Derived by QFCRA RM/2019-9 (as from 1st February 2020)