Risk Based vs Rule Based

Money laundering is a global problem as it is financial crime.  This articles aims to show you what the difference between the risk based approach and the rule based approach is:

There are currently 2 different types of approaches

1. Risk based approach (such as that in Europe and much of Asia)
2. Rule based approach

Risk Based Approach- Europe & Asia

A risk-based approach is designed to move away from a rule-based system, and away from a ‘checklist’ mentality surrounding compliance. It aims to ensure a strong level of senior management buy-in and an understanding of ‘risk-ownership’. It operates on the principal that in order to be effective, the regulatory regime must be set up in such a way that ensures senior management understands the risks involved in making certain commercial decisions, in entering specific markets or releasing new products. It aims to focus efforts on areas considered to bear a higher risk of being misused for money laundering. A non-exhaustive example of the types of risk assessed in building a risk profile of a customer, portfolio or product launch include: Customer Risk, Geographical Risk, Product related risk, Transaction related risk, Process related risk, Industry related risk and more.

Having determined the appropriate risk category or score of a particular client, market, product or process, companies are then required to implement a control and mitigation framework to ensure that each level of risk is appropriately mitigated to a level matching the risk appetite of the company in question. The outcoming of these mitigating measures need to be monitored regularly and should be documented in an audit-ready way.

Rule Based Approach

The rule-based approach, such as that widely in operation in North America, focuses on more specific do’s and don’ts. While not always 100% black and white, the focus in on allowing significantly less flexibility and room for the individual risk appetite of a company.

There is often more clarity for companies in what needs to be done within the rule-based approach. This has been seen over the past 5 years, as a significant increase in licensed companies, needing to be AML compliant has taken place. The risk-based approach often requires more experience to be understood than the rule-based approach.

In reality, many companies operate a mixture of both regimes and often, following international expansion or once offering cross-border services, find themselves needing to comply with both a rules-based and risk-based system in order to effectively manage their AML requirements