Risk Management

One of the most important issues in preventing money laundering and terrorist financing is risk management.

Obligors are obliged to establish a risk management policy by taking into account their business size, business volume and the nature of their transactions. The purpose of the risk management policy is to identify, rate, monitor, evaluate and mitigate the risks that the obligor may be exposed to. Risks are categorized under at least the following three main headings. These are

Service risk
Customer risk
Country risk
Obligors;

High risk customers and transactions,
Transactions with risky countries,
Complex and unusual operations, monitor and control.

To elaborate further;

Transactions above the amount to be determined according to the risk policy should be checked by sampling method to see whether they are compatible with the customer profile.
Monitoring and control of connected transactions that, taken together, exceed the amount that requires identification must be ensured.
It should be continuously monitored throughout the business relationship whether the transaction conducted by the customer is compatible with the customer's business, risk profile and fund sources.
Monitoring and control of transactions carried out using systems that enable non-face-to-face transactions should be ensured.
In non-face-to-face transactions; in establishing a continuous business relationship, it is obligatory to take necessary measures to monitor transactions such as deposits to the account, withdrawals from the account and electronic transfers by paying special attention, to closely monitor transactions that are not in line with the customer's financial profile and activities or are not related to their activities, to set limits on the amount and number of transactions and to monitor their effects on the risk score.

To summarize, obligors are expected to establish the necessary systems that enable the rating and classification of services, transactions and customers according to risks, including the above control and monitoring activities.

According to this risk classification, it would be beneficial to use systems that enable the creation of risk scores for each transaction carried out by the customer, taking into account information on the customer's profession, business activities, business history, financial status, risk profile and funding sources. As a result of the risk scores created, the risk levels of customers (low, medium, high risk customers, etc.) will be determined more accurately through these systems and risky customers will be monitored more closely. In this way, risky customers, transactions or services will be monitored and controlled, and necessary measures will be taken to mitigate risks.

Thus, it will be easier for obliged parties to identify and monitor transactions that require special attention, and the necessary measures will be taken in a timely manner.