Skip to main content
Version date: 4 March 2021 - onwards

2.1. What is the scope and purpose of supervisory risk assessments?

23. To apply risk-based supervision, supervisors first need to understand the ML/TF risk exposure of the sectors and entities they regulate. Supervisors should develop, document and update their ML/TF risk understanding by undertaking a supervisory risk assessment (SRA). The purpose of undertaking a SRA is to help supervisors plan their activities in a risk-sensitive manner by determining how much attention to give relevant sectors and entities within those sectors, and to identify which risks should be prioritised. The scope of the SRA should cover: threat, vulnerability and consequence, which are explained in detail in previous FATF Guidance [FATF Guidance (2013), National Money Laundering and Terrorist Financing Risk Assessment and FATF Guidance (2019), Terrorist Financing Risk Assessment.].

24. As set out in paragraph 9, in October 2020 the FATF introduced a requirement for countries and regulated entities to assess proliferation financing (PF) risks in addition to ML/TF risks. This means that supervisors are now required to assess how the entities they supervise or monitor are exposed to PF risks and take this into account in applying risk-based measures. This Guidance should be read alongside forthcoming guidance by the FATF on PF risk assessment and mitigation.

2.1.1. Sectoral and entity-level risk assessment