These concepts are not new and many reporting entities will already have policies, procedures, processes and systems in place to manage a range of risk factors. For example, many financial institutions already have robust frameworks in place to manage credit risk, market concentration risk, liquidity risk and operational risk, etc. that may be imposed under various laws and international standards (for example Financial Services Reforms Act 2001 and the Basel 2 initiative for the banking industry). Similarly, the gambling industry is subject to a range of risk management controls such as those imposed under various State legislation (for example SA Racing Act, NSW Casino Control Act, etc.). In essence, this means many areas of industry will already be familiar with both prescriptive and risk-based approaches.

The process, procedures and tools element of the ML/TF Risk Principles Framework shows two types of risk that an AML/CTF program must manage:

• business risk, so that your business is not used in the criminal activity of money laundering or terrorism financing
• regulatory risk, so that your business meets its AML/CTF regulatory obligations.