2.1 Risk-Based Approach
LFIs should take a risk-based approach to the preventive measures they put in place for all customers, including hawala providers. The risk-based approach has three principal components:
2.1.1 Conducting an Enterprise Risk Assessment
As required by Article 4.1 of the AML-CFT Decision, the enterprise risk assessment should reflect the presence of higher-risk customers, including hawala providers, in an LFI's customer base. These assessments should in turn be reflected in the LFI's inherent risk rating. In addition, the LFI's controls risk assessment should take into consideration the strength of the controls that the LFI has in place to mitigate the risks posed by its hawala providers customers, including the preventive measures discussed below.
2.1.2 Identifying and Assessing the Risks Associated with Specific Customers
The LFI should assess the risk of each customer to identify those that require EDD and to support its entity risk assessment. As discussed in Part I section 3 above, the regulatory environment and illicit finance risks in the jurisdictions in which they do business, the products and services they provide and its customer base, are critical determinants of a hawala provider's inherent risk. In assessing the risks of a hawala provider customer, LFIs should consider:
i. Controls Risk: LFIs should seek to understand the regulatory requirements in place for the customer, as well as how well they are enforced. The regulatory requirements placed on hawala providers vary markedly across jurisdictions.
ii. Geographic Risk: The risks associated with the jurisdictions in which the provider lives (for individuals) or is registered/established (for legal persons) and where it operates, including the jurisdictions where its main counterparties are based and where it has subsidiaries.
iii. Product, Service, and Delivery Channel Risk: LFIs should assess risk in this category on two dimensions:
a. The products and services that the hawala provider offers to its customers, and
b. The delivery channels through which it offers these products and services.
Products, services, and delivery channels that promote the rapid, anonymous transfer of high values are particularly attractive to illicit actors.
iv. Customer Risks: For hawala provider customers, customer risk can be assessed as the proportion of higher-risk customer types (e.g. politically exposed persons, legal persons, and customers from high-risk jurisdictions) within the provider's customer base.
Questions that an LFI may ask to determine the risk profile of a hawala provider customer include, but are not limited to:
• Where is the provider incorporated? Where does it operate? Are these high-risk jurisdictions? • What products and services does the provider offer its customers? • What volume of transactions does the provider carry out? • What customer base does the provider serve? • What is the regulatory environment in the jurisdiction(s) where the provider is incorporated/has operations? • Is there an authority that actively enforces the requirements? • Does the provider perform appropriate CDD, transaction monitoring, record keeping, and sanctions screening? • Does the provider intend to use its account to execute transactions on behalf of its customers?
In addition to risk rating hawala providers, LFIs should also consider the risks of specific transactions, especially high-value transactions, those involving high-risk jurisdictions, and those that represent departures from a customer's standard or expected behaviour.
2.1.3 Applying EDD and Other Preventive Measures
Where the LFI determines a customer to be higher-risk, Article 4.2(b) of the AML-CFT Decision requires that the LFI apply EDD. Specific EDD steps are also required for hawala providers customers that are politically exposed persons, or are owned or controlled by a politically exposed person, or are based in a higher-risk jurisdiction.