The first step is to identify what ML/TF risks exist for your business when providing designated services. When assessing this risk you may also like to consider legal and reputational considerations. There are two risk types: business risks and regulatory risks.

Business risks

In terms of the AML/CTF Act four likely business risk categories have been identified (you may identify others depending on your business):

• customers, including politically exposed persons (PEPs)
• products and services
• business practices/delivery methods
• countries you do business in/with (jurisdictions) and different ML/TF legislation.