5. Risk Assessment
Importapay’s risk assessment is the process by which it identifies the risks its business is exposed to. Importapay must be able to understand all the ways the business could be exposed to money laundering and terrorism financing risks and design systems to mitigate them.
Importapay must:
Identify and monitor the risks of money laundering and terrorist/proliferation financing that are relevant to the business
Take note of information on risk and emerging trends and amend procedures as necessary
Assess, and keep under regular review, the risks posed by:
1. customers and any underlying beneficial owners;
2. Services;
3. Financing methods;
4. Delivery channels;
5. Geographical areas of operation, including sending money to, from, or through high-risk third countries, for example, countries identified by FATF as having deficient systems to prevent money laundering or terrorist financing
5.1. Factors
Importapay undertakes a general risk assessment on its business, considering
the following factors:
Customer types, e.g., individual, limited company, trust, charity;
Customer industry types (where applicable, e.g., limited companies) and purpose of transactions;
The services offered to customers and particularly any ways that those services could be exploited by criminals for money laundering and/or terrorist financing;
Whether the customer is onboarded face-to-face or remotely;
Whether the transaction is conducted face-to-face or remotely;
Whether the customer is the beneficial owner of the funds involved in the transaction
The payment methods used by customers to pay for services, e.g., cash, bank transfer, and online card payments;
The geographical areas connected to the client and the transaction, including:
a. Client’s country of residence
b. Location of account from which funds are received for services
c. Destination country of funds
d. Any third countries through which funds will need to pass
Whether the customer is a PEP
Whether the customer is on a list of sanctioned individuals
5.1.1 Updates to Importapay Risk Assessment
Importapay risk assessment is updated at least annually, and when one or more
of the following events takes place in Importapay (where those events are not
already covered in the risk assessment):
Offering a new product or service
Offering payments to new destinations
Offering products or services to customers from new industries
Accepting payments from a new jurisdiction
Accepting new payment methods
A failing is identified in the way a particular risk is managed
Audit findings reveal failings/deficiencies or poorly allocated resources
5.2 Individual Customer Risk Assessment
Individual customers are risk assessed on an on-going basis, where the following
factors are considered as a minimum:
Customer type
Purpose of transaction
Income range
AML Risk Factors (PEP, sanctions screening, etc.)
Aggregate transaction value
Customer Occupation & Other Characteristics
Customer predicted periodic send amount
Country from which funds originate
Country to which funds are being sent
Whether the customer is present for onboarding
Payment method used by the customer
Risk scores are assigned as low, medium, or high risk.
5.3 Business Customer Risk Assessment
Business customers are subject to a risk-based assessment at onboarding and
on an ongoing basis to ensure that Importapay identifies, assesses, and
mitigates money laundering, terrorist financing, and proliferation financing risks
associated with corporate use of its services.
At a minimum, the following risk factors are considered:
Business type and legal form
Nature and Purpose of Business Relationship
Business activity and Industry risk
Ownership and control structure
AML risk factors (PEP, sanctions screening, etc.)
Expected transaction volume and value
Geographic risk
Use of product and payment methods
Expected transaction behaviour
A record is maintained of the risk score for each customer and how it was assigned and any updates made.
Last updated