Appendix A: Risk assessment methodology

The methodology below covers 26 risk factors across three categories – criminal threat environment, vulnerabilities and consequences. Each risk factor was assessed as low, medium or high, as per the table below. These assessments were based on quantitative and qualitative intelligence inputs, including analysis of SMR and other reporting data, intelligence assessments from partner agencies, and feedback from industry.

In assessing the criminal threat environment, six risk factors were considered – each was given equal weight. The average of these six ratings gave an overall rating for ‘Threat’.

Sixteen factors were considered when assessing the sector’s overall ML/TF vulnerabilities. These were grouped into eight subsections – customers, source of funds and wealth, products and services, delivery channel, foreign jurisdiction, use of cash, operational vulnerabilities, and AML/CTF systems and controls. The average of these eight subsections provided an overall rating for sector vulnerability.

Four factors were considered in assessing the consequences of ML/TF activity within the sector – each factor was given equal weight. The average of these ratings gave an overall rating for ML/TF consequences.

Criminal threat environment

Low Medium High
Unsophisticated tactics and methods used Some sophisticated tactics and methods used Highly sophisticated tactics and methods used
Low volume of cyber-enabled criminal activity Moderate volume of cyber-enabled criminal activity High volume of cyber-enabled criminal activity
Minimal targeting by serious and organised crime groups and/or foreign criminal entities Some targeting by serious and organised crime groups and/or foreign criminal entities Widespread targeting by serious and organised crime groups and/or foreign criminal entities
Low volume of money laundering Medium volume of money laundering High volume of money laundering
Very few instances of raising and/or transferring funds for terrorism financing Some instances of raising and/or transferring funds for terrorism financing Many instances of raising and/or transferring funds for terrorism financing
Low volume and/or limited variety of other offences Moderate volume and/or some variety of other offences High volume and/or large variety of other offences

Vulnerabilities

Low Medium High
Customers
Simple customer types, mostly individuals   Mixture of customers types, with some complex companies and trusts  All customer types represented, including large numbers of highly complex companies and trusts 
Minimal involvement of agents acting for customers Moderate involvement of agents acting for customers Significant involvement of agents acting for customers
Small customer base Medium-sized customer base Very large customer base
Very few politically exposed persons (PEPs) Some politically exposed persons (PEPs) Many politically exposed persons (PEPs)
Source of funds and wealth
Source of funds/wealth can be readily established Some difficulty in establishing the source of funds/wealth Source of funds/wealth difficult to establish
Products and services
Product/service does not allow a customer to remain anonymous (ownership is transparent) Product/service allows a customer to retain some anonymity (ownership can be obscured) Product/service allows a customer to remain anonymous (ownership is opaque)
Small volume of transactions  Moderate volume of transactions Large volume of transactions
Movement of funds cannot occur easily and/or quickly Movement of funds can occur relatively easily and/or quickly  Movement of funds is easy and/or quick
Transfer of ownership of product cannot occur easily and/or quickly Transfer of ownership of product can occur relatively easily and/or quickly  Transfer of ownership of product is easy and/or quick
Delivery channel
Regular face-to-face contact, with minimal online/telephone services Mix of face-to-face and online/telephone services Predominantly online/telephone services, with minimal face-to-face contact
Foreign jurisdiction
Very few or no overseas-based customers  Some overseas-based customers Many overseas-based customers
Transactions rarely or never involve foreign jurisdictions  Transactions sometimes involve foreign jurisdictions, or a high-risk jurisdiction Transactions often involve foreign jurisdictions, or high-risk jurisdictions
Use of cash
Provision of product/service rarely involves cash, or involves cash in small amounts Provision of product/service often involves cash, or involves cash in moderate amounts Provision of product/service usually involves cash, or involves cash in very large amounts 
Operational vulnerabilities
There are very few operational factors that make the sector susceptible to criminal activity  There are some operational factors that make the sector susceptible to criminal activity  There are many operational factors that make the sector susceptible to criminal activity 
AML/CTF systems and controls
Sector is subject to all or most AML/CTF obligations Sector is subject to partial AML/CTF obligations Sector is not subject to AML/CTF obligations
At a sector level, significant systems and controls have been implemented to mitigate against criminal threats.   At a sector level, moderate systems and controls have been implemented to mitigate against criminal threats.   At a sector level, limited systems and controls have been implemented to mitigate against criminal threats.  

Consequences

Minor Moderate Major
Criminal activity results in minimal personal loss  Criminal activity results in moderate personal loss  Criminal activity results in significant personal loss 
Criminal activity does not significantly erode the sector’s financial performance or reputation  Criminal activity moderately erodes the sector’s financial performance or reputation  Criminal activity significantly erodes the sector’s financial performance or reputation 
Criminal activity does not significantly affect the Australian economy Criminal activity moderately affects the Australian economy Criminal activity significantly affects the Australian economy
TF activity has minimal potential to impact on national security and/or international security TF activity has the potential to moderately impact on national security and/or international security TF activity has the potential to significantly impact on national security and/or international security
Last modified: 21/12/2016 10:00