FATF GAFI. Risk-based Approach Guidance for the Securities Sector


1. The risk-based approach (RBA) is central to the effective implementation of the FATF Recommendations. It means that supervisors, financial institutions, and intermediaries identify, assess, and understand the money laundering and terrorist financing (ML/TF) risks to which they are exposed, and implement the most appropriate mitigation measures. This approach enables them to focus their resources where the risks are higher. 

2. The FATF RBA Guidance aims to support the implementation of the RBA, taking into account national ML/TF risk assessments and AML/CFT legal and regulatory frameworks. It includes a general presentation of the RBA and provides specific guidance for securities providers and for their supervisors. The Guidance was developed in partnership with the private sector, to make sure it reflects expertise and good practices from within the industry. 

3. The Guidance describes various types of securities providers that may be involved in a securities transaction and their business models. It also sets out key characteristics of securities transactions that can create opportunities for criminals, and measures that can be put in place to address such vulnerabilities. 

4. The development of the ML/TF risk assessment is a key starting point for the application of the RBA by securities service providers. It should be commensurate with the nature, size and complexity of the business. The most commonly used risk criteria are country or geographic risk, customer risk, product or service risk and intermediary risk. The Guidance provides examples of risk factors under these risk categories. 

5. The Guidance highlights that it is the responsibility of the senior management of securities providers to foster and promote a culture of compliance as a core business value. They should ensure that securities providers are committed to manage ML/TF risks before establishing or maintaining business relationships. 

6. The Guidance clarifies the role and responsibilities of intermediaries that may provide services on behalf of securities providers to customers of securities providers, customers of intermediaries or both. It highlights that the nature of the business relationship between the securities provider, the intermediary and any underlying customers will affect how ML/TF risks should be managed. This includes clarifying when the FATF's Recommendations on reliance apply. 

7. The Guidance clarifies that when determining the type and extent of CDD to apply, securities providers should understand whether its customer is acting on its own behalf or as an intermediary on behalf of its underlying customers. Even when CDD is the responsibility of the intermediary, an understanding of the intermediary's customer base can often be a useful element in determining the risk associated with the intermediary itself. The level of understanding should be tailored to the perceived risk level of the intermediary. 

8. Some business relationships in the securities sector might have characteristics similar to cross-border correspondent banking relationships; the Guidance also contains a description of how AML/CFT requirements apply to such relationships. 

9. The Guidance highlights the importance of ongoing transaction monitoring to determine whether transactions are consistent with the securities provider's information about the customer and the nature and purpose of the business relationship. In case of any suspicions, security providers are required to report promptly their suspicions to the Financial Intelligence Unit. It provides up-to-date examples of indicators of suspicious activity in relation to securities sectors, which may trigger filing of STRs or additional CDD measures by securities providers, or further investigation or ongoing monitoring. 

10. The Guidance stresses the importance of the group level approach to mitigate ML/TF risks, including the development of group-wide assessment of ML/TF risks and the sharing of relevant information between supervisors involved. It also highlights the importance of guidance and feedback from supervisors to securities providers on regulatory expectations and quality of reporting by securities providers. This will develop a shared understanding between the public and private sector. In this regard, the Guidance provides examples of supervisory practices of certain countries in the implementation of RBA in the securities sector.

Read the Guidance here