The application of a risk-based approach (RBA) is critical to the effective design and maintenance of a financial institution’s (FIs) financial crime risk management (FCRM) programme ¹, covering its risk appetite, policies, measures and controls. The Wolfsberg Group (the Group) first recognised the importance of an RBA in its 2006 paper, Guidance on an RBA for Managing Money Laundering Risks, and the topic has continued to be widely discussed across the private and public sectors. In light of the current standard setting and regulatory reform agenda, the Group is taking the opportunity to further define the core elements of an RBA.

Aligned with Financial Action Task Force (FATF), the Group considers an RBA to mean that countries, competent authorities and FIs should be expected to identify, assess and understand the financial crime risks to which they are exposed, and take proportionate action that “appropriately corresponds to the level of identified risk and effectively mitigates the risks” ². The Group views an RBA as a key enabler to the concepts of effectiveness and effective outcomes that are core to its work ³, and believes that FIs, when designing and maintaining a risk-based FCRM programme, must demonstrate three key elements:

1. Proportionality: an FI should design and maintain an FCRM programme proportionate to its business model as determined by its size, scale, footprint, customers and risk appetite (as informed by its assessment of risk).

2. Prioritisation: an FI should prioritise attention on, and the allocation of resources to, higher risk customers and activities, which may also entail stopping, reducing, and / or redesigning existing activities that are determined to be redundant, duplicative, or unproductive from a risk management perspective.

3. Effectiveness: an FI should focus on effective outcomes, as aligned to the Group’s work on Demonstrating Effectiveness, facilitating a more responsive, forward-looking and dynamic approach to risk management, rather than applying a one-size-fits-all, rules-based approach.

Collaboration and dialogue lead to far better outcomes than initiatives pursued in a silo ⁴, and a supervisory regime that supports FIs in the application of an RBA is a key enabler to its success. Given the importance of an effectively implemented and supervised RBA, the Group will continue to work on RBA-related initiatives, including updating its 2006 RBA Guidance and 2015 FAQs on Risk Assessments, and is committed to collaborating with policy makers, supervisors, law enforcement agencies and other stakeholders to achieve better outcomes in the fight against financial crime.

The RBA is integral to several areas of focus for the Group, and it is recommended that this statement be considered alongside other Group resources including Developing an Effective AML/CTF Programme, Principles for Auditing for Effectiveness, Statement of Effective Monitoring for Suspicious Activity and Country Risk FAQs.

---

Footnotes

1. In this statement, we refer to ‘financial crime’ risk management given most FI programmes cover more than anti-money laundering and counter-terrorist financing. ↩

2. See the FATF Recommendations, Rec 1 INR glossary (2025). ↩

3. The Wolfsberg Group – Statement on Effectiveness – Making AML / CTF Programmes more effective. ↩

4. The Wolfsberg Group – Effectiveness through Collaboration. ↩