Risk assessment of an obliged institution – new GIFI notice
Notice from the General Inspector of Financial Information
Banking and Payment Services experts of our Law Firm in Poland informs that on January 14, 2022, the General Inspector of Financial Information (hereinafter: „GIFI„) issued a notice number 36 on risk assessment of an obliged institution.
Under the Article 27 of the Law on On Combating money laundering and the financing of terrorism (Journal of Laws of 2021, item 1132, hereinafter: „UAML”), obliged institutions shall identify and assess the money laundering and terrorist financing risks relating to their activities, taking into account risk factors concerning customers, countries or geographic areas, products, services, transactions or their delivery channels. These activities shall be proportionate to the nature and size of the obligated institution.
The GIFI highlights the obligation to document the identified risk of money laundering and terrorist financing related to the business relationship or to the occasional transaction and its assessment. The principles of documenting the risk should be described in the internal AML and terrorist financing procedure („AML procedure„).
GIFI practical recommendations
The GIIF notes the following:
- the obliged institution assesses 2 types of risks – (i) a „general risk assessment” related to money laundering and terrorist financing relating to the obliged institution’s general activities and (ii) an „individual risk assessment„, which relates to the identification and assessment of money laundering and terrorist financing risks related to the obliged institution’s specific and individual business relationship with a customer or a specific and individual occasional transaction,
- conclusions resulting from individual risk assessments should influence ongoing updates of the overall risk assessment,
- when assessing risk it is worthwhile to follow the position of the Polish Financial Supervision Authority of 15 April 2020 (link),
- the overall risk assessment must be adjusted to the nature and scope of activities carried out by the obliged institution,
- using general templates without adjusting them precisely to the specific and individual character and scope of activities exposes the obliged institution to accusations of failing to comply with the statutory obligation.
The content of the GIFI’s notice is available on the website:
https://www.gov.pl/web/finanse/komunikat-nr-36-w-sprawie-oceny-ryzyka-instytucji-obowiazanej