FMA new Sector Risk Assessment
In early July, the long awaited updated Sector Risk Assessment document has been released by the FMA after a six year gap from the original Securities Commission version back in 2011.
The following is an extract from the FMA website on the new document.
“We expect reporting entities to use our SRA 2017 as a guide when they prepare and implement their individual AML/CFT programmes.
The SRA 2017 is also intended to inform and assist others involved in AML policy-making and supervision, both in New Zealand and overseas.
The SRA 2017 risk rates each sector we supervise. It considers information from the FIU’s National Risk Assessment, the Reserve Bank and the Department of Internal Affairs SRA’s, as well as international and national guidance.”
The new document has a completely new look and feel and is a more user-friendly document with the use of graphics and colour coding.
One of the main changes is that they have reduced the number of risk categories from five down to four, effectively dropping the medium option. As noted in a recent presentation by the FMA staff, they made this decision as they felt that many entities were just taking the medium option as a default as that was the middle one. They wanted the entities to think a little more of where their entity sat on the risk scale.
There were a few changes also in the risk categories for the various entities that the FMA act as the supervisor for from the last assessment. Noted below:
Sector Sector risk 2017 Sector risk 2100-2017
Derivatives issuers High Medium-high
Brokers and custodians Medium-high Medium
Equity crowd funding platforms Medium-low N/A
Financial advisers Medium-low Medium-high
Managed investment scheme Medium-low Medium-low
Peer to peer lending providers Medium-low N/A
Discretionary investment Medium-low N/A
Licensed supervisors Low N/A
Issuers of securities Low Low
One of the things the FMA noted at the meeting was that all entities should be reading the document and taking cognisance of the risk rating for their particular sector and how that corresponds with the assessment the entity has made of its own AML/CFT risk. If that differs from the FMA assessment then the entities should be noting in their risk assessment and programme that it does differ and the reason why it is different. If you have assessed your entity as low risk and the FMA has assessed your sector as Medium to low explain why you think you should be low.
You may have just completed your AML/CFT audit before the new assessment came out, this is however not a reason to wait to reassess your documents and make changes to reflect this new Sector Risk Assessment.
Also noted by the FMA staff this is what they will be looking for when they do their own audits of entities AML/CFT Risk Assessments and Programmes.
RemoteCompliance encourages you to read the new assessment and to update your AML/CFT documents to reflect these new updates.