Financial institutions should identify, analyze and assess the risks of enterprise-wide money laundering and terrorist financing(ML/TF) throughout the company themselves, and prepare for enterprise-wide risk assessment and management process with implementation of improvement measures to mitigate the risks in the ML/TF by reflecting the results of the risk assessment.
Based on guidelines provided by the International Financial Action Task Force (FATF) and the domestic supervisory institution, financial institutions on their own should introduce an RBA risk assessment system of money laundering and terrorist financing, and report KoFIU indicators and RBA risk assessment results to KoFIU regularly.
- Purpose/ Scope, Explanation of FATF Recommendations
- Explanation of the Risks on Money Laundering and Terrorist Financing
- Risk Assessment Process with Identification, Classification, Factors, and Analysis of Risks for Risk Assessment of Financial Institutions on Their Own, Establishment of Internal Controls, and Operational Definitions
- Risk Assessment Cycle, Organization Composition, Definition of Relationship with Operational Risk, Risk Assessment Considerations
- Establishment of Strategies for Improvement of Policies, Procedures and Control Activities to Mitigate Risks
- Examples of Improvement Measures on Each Business Area Including Customer Due Diligence, Monitoring, Internal Control, Training etc.
- Definitions of Inherent Risk Indicators and Operational Risk Indicators for the Financial Investment Risk Assessment of KoFIU
Operating Procedures to identify, analyze and assess risks of the financial institution's own ML / TF
Implementing improvement measures in money laundering policies, procedures and control activities to mitigate the risks of ML / TF according to risk assessment results.
KoFIU comprehensively assesses the ML/TF risks of financial institutions by taking into consideration both quantitative and qualitative indicators.
To that end, financial institutions calculate inherent risk indicators and operational risk indicators, and write risk assessment result reports, and send them to KoFIU regularly.