National Risk Assessment: challenges and future perspectives

We will have to unite to answer this question because the Financial Action Task Force to Combat Money Laundering (FATF) and the Council of Europe’s Committee of Experts on the Assessment of AML/CFT Measures (MONEYVAL) have repeatedly stressed that the NRA is the basis for implementing a risk-based approach. The NRA report itself is a guide to the law on the prevention of money laundering and terrorist financing to obligated entities.

Little news in the table of estimates 

When looking at the table for assessing money laundering and terrorist financing (ML/TF) threats, vulnerabilities, and overall risk levels in the latest NRA report, there is little news in its first row. This is not surprising, since substantial changes in the field of risk management in the short term are usually rare – the dynamics of overal predicate offenses to money laundering are changing moderately, and the implementation of AML/CTF control mechanisms takes time. 

The highest levels of money laundering and terrorist financing risks continue to be maintained in the virtual asset service providers (VASPs) sector (4 points out of 4). The authors of the report note that such an assessment was influenced, among other factors, by the fact that the popularity of virtual currencies continues to grow, geographical risks remain, and MiCA (Markets in Crypto Assets Regulation), implemented step by step and harmonizing market regulation throughout the European Union, has not yet fully entered into force. 

The MiCA Regulation is the first attempt in the world to create a coherent, inter-jurisdictional, regulatory, and supervisory framework for crypto assets. It is an extremely broad piece of legislation with direct application, the requirements of which are respected throughout the EU.  

It is also worth noting that, along with the MiCA Regulation, there is also a requirement, called the “travel rule”, for VASPs to exchange information about the initiators of cryptocurrency transactions and their recipients. This requirement stems from the FATF’s sixteenth recommendation. However, it must be acknowledged that the ‘travel rule’ is struggling around the world and that the time for its implementation in Europe is becoming less and less. 

On the other hand, the successful implementation of the “travel rule” will facilitate the work of anti-money laundering specialists, since its application will significantly contribute to increasing the transparency and traceability of operations. Meanwhile, for criminals, this technology is likely to become less attractive.  

The latest NRA also reflects threats other than those related to money laundering or terrorist financing. One of them is related to the introduction of unprecedented sanctions against the Russian regime and efforts to circumvent them. Although the threat of circumvention of sanctions was not considered separately at the time of the preparation of the NRA, this factor has a huge impact on the country’s entire financial system. The authors of the report highlight threats associated with the transportation of dual-purpose goods that can be employed in the military industry and the falsification of shipping documents in countries that have friendly relations with Russia. It seems that we will continue to look for ways to make processes more efficient and move from reactive to proactive, without waiting for criminals to find a new way to circumvent sanctions. 

The threat of terrorist financing has not been forgotten either.  Even if, due to extremely low national risks, we may not be financing terrorist organizations ourselves, it is important to remember that by developing access to financial services, we are serving almost the whole world, while also taking great risks.  

While we take pride in the financial services we have created, we must also recognize their potential for misuse. It is important to remember that traditional monitoring tools designed to prevent money laundering are unlikely to detect terrorist financing operations, because in many cases the origin of the funds for terrorist financing operations is legal, and the amounts are extremely small. Therefore, we will not only have to remain constantly vigilant but also continue to analyze behavioral scenarios and follow the news about the publication of law enforcement and international news typologies of organizations. 

From NRA to NRA: risk management is a continuous change 

The fact that we have evaluated the same segment as the riskiest after four years is not necessarily bad news. In line with FATF recommendations, we do not need to eliminate risks; rather, we must identify, understand, and evaluate them. Once evaluated, it is essential to manage them properly. 

After the second Lithuanian NRA, in the last four years, we have indeed moved forward in managing previously identified risks and strengthening supervision and the legal system. E.g., Virtual Asset Service Providers (VASPs) became obliged entities and are required to implement measures for anti-money laundering and to combat terrorist financing. Among other things, the JANGIS subsystem was created to collect information about the beneficiaries of legal entities.  In addition to legal instruments, emphasis is placed on innovative approaches to competence development. 

Over the past four years, guidelines have been established to promote effective practices in combating money laundering, terrorist financing, and fraud prevention, as well as in implementing international sanctions. Also, guidelines include recognizing signs of fictitious activities.   However, the latest NRA report highlights the lack of legislative, regulatory, and institutional tools for the supervision of other (non-financial institutions) obliged entities. 

Indeed, the ability to manage risks, instead of eliminating them, protects against very serious consequences. While the report emphasizes the high risk posed by customers in certain sectors, pushing them into less regulated or unregulated channels would hinder access to information about potentially illegal activities and complicate efforts to investigate and prevent them. 

For professionals in anti-money laundering, these conclusions highlight that threat management is an ongoing process, and progress requires time.