National risk assessment – should your company implement it?
On July 17, 2019, the Ministry of Finance published the long-awaited first national risk assessment. The national risk assessment contains a risk list and assessment sheet of the most significant risks in the field of money laundering and terrorist financing.
What is the national risk assessment?
The national risk assessment is a unified document covering, among others:
- description of phenomena related to money laundering and terrorist financing;
- a description of the applicable regulations on money laundering and terrorist financing;
- an indication of the level of the risk of money laundering and terrorist financing in Poland together with justification, including a risk assessment methodology;
- identification of issues related to the protection of personal data related to counteracting money laundering and financing of terrorism.
The national risk assessment is performed by the General Inspector of Financial Information (GIIF), which submits it to the Minister of Finance for approval. The national risk assessment should be updated at least once every 2 years. Importantly – from the point of view of obligated institutions, the national risk assessment is an important source of information on the identified AML / CFT risks, methods of their mitigation as well as interpretation of the AML / CFT provisions by the GIIF.
What does the national risk assessment mean for obligated institutions?
In our opinion, obliged institutions should become familiar with the national risk assessment and, if necessary, update the internal AML policies and risk assessment sheets. There is a high probability that in the near future GIIF will start monitoring on the market. In particular, obligated institutions should:
- become familiar with the list of AML and CFT risks identified by GIIF;
- become familiar with the risk assessment methodology adopted by GIIF;
- verify if all AML and CFT risks identified by GIIF are reflected in the internal AML Policy and the obligated institution’s risk assessment sheet and whether these risks have been assigned levels of vulnerability, threat and probability analogous to the national risk assessment;
- verify that the internal risk assessment methodology is in line with the national risk assessment methodology.
Any discrepancies should be corrected by the obligated institutions.
We encourage you to contact our Law Firm – in our daily work, we deal with, among others:
- preparation and adjustment of internal AML / CFT policies,
- adjusting the AML / CFT risk assessment to the applicable regulations,
- representation before the GIIF and the PFSA.