RBA Mandate

Countries should identify, assess, and understand the money laundering and terrorist financing risks for the country, and should take action, including designating an authority or mechanism to coordinate actions to assess risks, and apply resources, aimed at ensuring the risks are mitigated effectively.
Based on that assessment, countries should apply a risk-based approach (RBA) to ensure that measures to prevent or mitigate money laundering and terrorist financing are commensurate with the risks identified.

Where countries identify higher risks, they should ensure that their AML/CFT regime adequately addresses such risks. Where countries identify lower risks, they may decide to allow simplified measures for some of the FATF Recommendations under certain conditions.

Countries should take commensurate action aimed at ensuring that these risks are mitigated effectively, including designating an authority or mechanism to coordinate actions to assess risks, and allocate resources efficiently for this purpose. Where countries identify higher risks, they should ensure that they adequately address such risks. Where countries identify lower risks, they should ensure that the measures applied are commensurate with the level of proliferation financing risk, while still ensuring full implementation of the targeted financial sanctions as required in Recommendation 7.

Countries should require financial institutions and designated non-financial businesses and professions (DNFBPs) to identify, assess and take effective action to mitigate their money laundering, terrorist financing and proliferation financing risks.

Rationale
A customer/client risk is only as good or bad based upon the risk dynamics of the organisation. Hence the reason to assess the organisation and its risk categories (customer type, products, services, geographical location, delivery channels, investments etc.) and then its customers / members/client.

Countries and financial institutions should identify and assess the money laundering or terrorist financing risks that may arise in relation to (a) the development of new products and new business practices, including new delivery mechanisms, and (b) the use of new or developing technologies for both new and pre-existing products. In the case of financial institutions, such a risk assessment should take place prior to the launch of the new products, business practices or the use of new or developing technologies. They should take appropriate measures to manage and mitigate those risks.

To manage and mitigate the risks emerging from virtual assets, countries should ensure that virtual asset service providers are regulated for AML/CFT purposes, and licensed or registered and subject to effective systems for monitoring and ensuring compliance with the relevant measures called for in the FATF Recommendations.

Consistent with Recommendation 15,
(1) A financial institution and a listed business shall identify and assess the money laundering risks that may arise in relation to the development of new products and new business practices…

(2) A financial institution and a listed business shall in respect of new products and new business practices–

(a) undertake the risk assessments prior to the launch or use of such products, practice and technologies; and

(b) take appropriate measures to manage and mitigate risks

This assessment, which will be spearheaded by the Risk Management / Compliance Team, should be signed off by the Board of Directors prior to the rollout or implementation of any new product or service and or introduction of new technology.