Money laundering/terrorism financing risk assessment

Identifying and assessing the level of money laundering and terrorism financing (ML/TF) risk to your business or organisation is an important part of your AML/CTF program. It is the first thing you must do because it determines what measures you need to include in your program.

Assessing the ML/TF risk your business or organisation faces enables you to develop an AML/CTF program with appropriate measures to protect your business or organisation from being exploited by criminals.

Once you have identified the risks, you need to put in place controls to mitigate and manage these risks. See the risk management process section for more information on mitigating and managing risks. 

Insights: Assessing ML/TF risk

Insights: Assessing ML/TF risk provides detailed information about AUSTRAC’s expectations for businesses when assessing and managing risks.

Download Insights: Assessing ML/TF risk (PDF, 439KB).

How to assess your ML/TF risk

Because you understand your business or organisation better than anyone else, you are best placed to identify and assess the level of ML/TF risks it faces.

You must undertake a ML/TF risk assessment so you can develop an appropriate written AML/CTF program, review it regularly and update it when there are changes to your business or organisation.

There are four main elements you need to think about in working out money laundering or terrorism financing risk. They are:

  • the types of customers you have, especially if some are politically exposed persons (PEPs)
  • the type of designated services you provide
  • how you provide those services (for example face-to-face or online)
  • the foreign countries or regions – known as foreign jurisdictions – you operate in or do business in.

You must measure the level of risk for every designated service you provide. You should rank each service as low, medium or high risk. Your AML/CTF program should set out how you minimise and manage each level of risk.

When developing your customer identification and verification procedures, you must also consider the risk posed by:

  • the beneficial owner/s of your customers
  • whether your customers or their beneficial owners are PEPs
  • your customers’ source of funds and wealth
  • the nature and purpose of your business relationship with your customers
  • the control structure of customers who aren’t individuals, such as companies and trusts.

AUSTRAC guidance and feedback on ML/TF risks

You must take AUSTRAC guidance and feedback that is relevant to your ML/TF risks into account when you develop or update your ML/TF risk assessment. 

Taking AUSTRAC guidance and feedback on ML/TF risks into account is important because:

  • it may alert you to ML/TF risks that you were not aware of
  • levels of ML/TF risk are constantly changing, as are the crimes that generate illicit funds for ML/TF activity
  • AUSTRAC can provide national and sector-wide views of ML/TF risk based on information not available to individual businesses or organisations
  • national or sector-wide ML/TF risks may impact on the particular ML/TF risks faced by your business or organisation.

AUSTRAC publishes a range of guidance products on ML/TF risks:

AUSTRAC may also outline relevant ML/TF risks through feedback to your business or sector, either by providing this feedback to you directly or releasing feedback more generally through communications products. 

You may also wish to consider resources from relevant authorities in other jurisdictions and from the Financial Action Taskforce (FATF), which provide useful information on international ML/TF risks.

To determine whether guidance or feedback is relevant to your business, you should consider whether it: 

  • is directed at your business or sector
  • deals with criminal offences your business or sector is likely to face 
  • relates to your designated services, delivery methods, customer types or the jurisdictions you deal with.

Reviewing your ML/TF risk assessment

The risk assessment methodology you use must be flexible enough to adapt to changes that affect your risk level. To make sure your risk assessment is current, you must always assess the ML/TF risk of any new service or process before offering it to customers. This includes:

  • new designated services
  • new ways of delivering existing designated services
  • using new technologies to provide designated services
  • engaging with a new jurisdiction.

You must also review your level of risk when there are certain changes to your customers’ circumstances. These are:

  • a change in the nature of your business relationship with a customer
  • the customer’s beneficial owner changes
  • changes to a customer’s corporate structure or other control structures.

You should also monitor external changes to ML/TF risks that may impact on the particular ML/TF risks faced by your business or organisation. 

To stay up to date with new guidance and feedback on emerging ML/TF risks, you should:

  • subscribe to InBrief for quarterly notifications from AUSTRAC
  • check AUSTRAC’s latest guidance updates page regularly
  • check international guidance on ML/TF risks regularly, including guidance published by the Financial Action Task Force and other jurisdictions.

You must also ensure that your contact details are up to date so you can receive email updates from AUSTRAC on new guidance. 

The content on this website is general and is not legal advice. Before you make a decision or take a particular action based on the content on this website, you should check its accuracy, completeness, currency and relevance for your purposes. You may wish to seek independent professional advice.

Last updated: 16 Jul 2024
Page ID: 17

Was this page helpful?

Was this page helpful?
Please note that feedback you provide here will be used only for the purpose of improving our website. If you have a specific question about your AML/CTF obligations, please contact us.