Survey on compliance risk assessment and risk appetite statement as well as discussion on money laundering prevention
The Compliance Risk Round Table (CRRT) set the following priorities in 2024: a survey on compliance risk assessment (CRA) and risk appetite statement (RAS) as well as an in-depth examination of the new regulatory requirements for money laundering prevention as part of the introduction of the European Union’s Anti-Money Laundering Authority (AMLA).
Further development of compliance risk assessment
The first session focused on the systematic further development of compliance risk assessments and the definition of a risk appetite. Experts from McKinsey & Company presented best practices for the implementation of such systems. During the discussions, it became clear that many participating financial institutions already have standardized frameworks for assessing compliance risks. These frameworks combine both quantitative and qualitative methods to ensure a comprehensive and transparent risk assessment. Using a specific case study, Dr. Lehmann from Deutsche Bank explained how the implementation of a dynamic risk assessment system was successfully implemented in conjunction with a defined risk appetite and shared her experience of integrating such a system, which serves as a mechanism for aggregating different risk metrics. The aim is to make a clear statement about when the residual risk remains tolerable and what measures need to be taken if this is not the case.
Presentation of the survey results
In the second session, the results of a survey of FIRM member institutions were presented, providing a detailed picture of the status of implementation of compliance risk assessments and risk appetite frameworks in the industry. The evaluation showed that CRAs are carried out in most institutions either on an annual basis or on an ad hoc basis. In many cases, the risk assessment process is already partially automated, with various process steps such as data collection and analysis being supported by appropriate tools. Despite this progress, it became clear that the granularity of the controls varies greatly. Some institutions rely on a comprehensive aggregation of several controls into specific control areas, while others rely on individual controls that are assigned to specific risks. The average number of staff required to perform the CRAs is sixteen full-time employees, with a significant range from less than one to up to 35 employees involved.
Focus: Money laundering prevention and AMLA
Another focus of the round table was the new regulatory requirements for the prevention of money laundering. How are the AML requirements being implemented by banks? Greta-Carina Saß from DekaBank outlined some of the current challenges. From the expansion of use cases to new risk indicators that must be taken into account in the risk model, as well as the stricter requirements for the implementation of KYC obligations, or the checking of intermediary companies for EU sanctions – the list of requirements that must be implemented by banks by July 2027 is long. The banks and consultants present discussed in depth how they are tackling implementation and where the difficulties lie in practice.
The introduction of the anti-money laundering authority AMLA, which will take on a central role in the supervision of financial institutions and the coordination of national supervisory authorities from 2027, was discussed in detail. Louisa Engelhardt and Larissa Schnier from KPMG’s AMLA Office provided detailed insights into the current status of the new authority and the challenges arising from the implementation of the new EU Anti-Money Laundering Regulation. From 2027, the AMLA will ensure uniform enforcement of money laundering regulations across Europe and coordinate the national AML authorities and the Financial Intelligence Units (FIUs). This also includes thematic reviews and analyses as well as the preparation of joint compliance reports.
Preventing money laundering and discussing the establishment of the new money laundering authority will also be the focus of the Compliance Round Table in 2025.