Money laundering/terrorism financing risk assessment

Identifying and assessing the level of money laundering and terrorism financing (ML/TF) risk to your business or organisation is an important part of your AML/CTF program. It is the first thing you must do because it determines what measures you need to include in your program.

Assessing the ML/TF risk your business or organisation faces enables you to develop an AML/CTF program with appropriate measures to protect your business or organisation from being exploited by criminals.

Once you have identified the risks, you need to put in place controls to mitigate and manage these risks. See the risk management process section for more information on mitigating and managing risks. 

Insights: Assessing ML/TF risk

Insights: Assessing ML/TF risk provides detailed information about AUSTRAC’s expectations for businesses when assessing and managing risks.

Download Insights: Assessing ML/TF risk (PDF, 439KB).

How to assess your ML/TF risk

    Because you understand your business or organisation better than anyone else, you are best placed to identify and assess the level of ML/TF risks it faces.

    You must undertake a ML/TF risk assessment so you can develop an appropriate written AML/CTF program, review it regularly and update it when there are changes to your business or organisation.

    There are four main elements you need to think about in working out money laundering or terrorism financing risk. They are:

    • the types of customers you have, especially if some are politically exposed persons (PEPs)
    • the type of designated services you provide
    • how you provide those services (for example face-to-face or online)
    • the foreign countries or regions – known as foreign jurisdictions – you operate in or do business in.

    You must measure the level of risk for every designated service you provide. You should rank each service as low, medium or high risk. Your AML/CTF program should set out how you minimise and manage each level of risk.

    When developing your customer identification and verification procedures, you must also consider the risk posed by:

    • the beneficial owner/s of your customers
    • whether your customers or their beneficial owners are PEPs
    • your customers’ source of funds and wealth
    • the nature and purpose of your business relationship with your customers
    • the control structure of customers who aren’t individuals, such as companies and trusts.

    Reviewing your ML/TF risk assessment

    The risk assessment methodology you use must be flexible enough to adapt to changes that affect your risk level. To make sure your risk assessment is current, you must always assess the ML/TF risk of any new service or process before offering it to customers. This includes:

    • new designated services
    • new ways of delivering existing designated services
    • using new technologies to provide designated services
    • engaging with a new jurisdiction.

    You must also review your level of risk when there are certain changes to your customers’ circumstances. These are:

    • a change in the nature of your business relationship with a customer
    • the customer’s beneficial owner changes
    • changes to a customer’s corporate structure or other control structures.

    The content on this website is general and is not legal advice. Before you make a decision or take a particular action based on the content on this website, you should check its accuracy, completeness, currency and relevance for your purposes. You may wish to seek independent professional advice.

    Last updated: 8 Apr 2024
    Page ID: 17

    Was this page helpful?

    Was this page helpful?
    Please note that feedback you provide here will be used only for the purpose of improving our website. If you have a specific question about your AML/CTF obligations, please contact us.