4.2. Business Risk Assessment by Relevant Persons
4.2.1. Risk factors to be considered for business risk assessment
In carrying out a business risk assessment as required under AML 4.1.1 a Relevant Person must take into account risk factors including:
- (a) its customers;
- (b) the countries or geographic areas in which it operates;
- (c) its products or services;
- (d) its transactions;
- (e) its delivery mechanisms, channels and partners;
- (f) the development of new products and new business practices, including new delivery mechanisms, channels and partners; and
- (g) the use of new or developing technologies for both new and pre-existing products.
4.2.2. Use of the business risk assessment
A Relevant Person must use the information obtained from its business risk assessment to:
- (a) develop and maintain the policies, procedures, systems and controls required by AML 4.1.1;
- (b) ensure that its policies, procedures, systems and controls adequately mitigate the risks identified;
- (c) assess the effectiveness of its policies, procedures, systems and controls ;
- (d) assist in allocation and prioritisation of AML resources; and
- (e) assist in the carrying out of customer risk assessments under Chapter 5.