4.1. Obligations of the Risk-Based Approach
4.1.1. General Duty
A Relevant Person must take appropriate steps to identify and assess the risks of money laundering to which its business is exposed, and must establish and maintain policies, procedures, systems and controls to mitigateand manage the risks identified.
A Relevant Person must take appropriate steps to manage and mitigate country-wide risks, including those relevant for the Republic of Kazakhstan identified in the published reports and guidance given by the Financial Intelligence Unit of the Republic of Kazakhstan (the "FIU") regarding the FATF mutual evaluations and follow-up reports, and implement enhanced measures where higher risks are identified.
4.1.2. Nature and size of business
In deciding what steps are appropriate under AML 4.1.1, a Relevant Person must consider the size (as measured by the number of its employees, revenue, or market capitalisation, as appropriate) and nature of its business and the complexity of its activities.
4.1.3. Obligation to assess, manage and mitigate business and customer risks
In order to identify and assess the risks of money laundering a Relevant Person must conduct a business risk assessment and must also conduct customer risk assessments in accordance with Chapter 5 and keep these assessments up to date.
The risks of money laundering that may arise in relation to the development of new products and new business practices, including new delivery mechanisms, and the use of new or developing technologies for both new and pre-existing products must be identified and assessed by a Relevant Person prior to the launch or use of such products, practices and technologies.
A Relevant Person must take appropriate measures to manage and mitigate the risks identified in its risk assessments.