​Financial Services Authority, Jakarta, July 29, 2016:  The Anti-Money Laundering and Terrorism Financing Prevention (APU-PPT) Group of the Financial Services Authority (OJK) in partnership with the International Monetary Fund (IMF) held a Training Workshop on Anti-Money Laundering/Countering Financing of Terrorism (AML/CFT) Risk-Based Supervision from July 28, 2016 to July 29, 2016 at the OJK Institute, Jakarta.

The event was attended by representatives of the working unit that focused on banking supervision and regulation, and capital market and non-bank institution supervision. The workshop was training for supervisors about concept of risk-based approach (RBA) tools for supervision of anti-money laundering and terrorism financing prevention (APU-PPT) program implementation or for assessments of APU-PPT risks. The Task Force for Prevention against Money Laundering and Terrorism Financing Criminal Acts in the Financial Services Sector has been conducting the assessment with help from the IMF's Technical Assistance Team since 2015.

It is essential to adopt the risk-based approach to the APU-PPT program to make supervision more effective and efficient given that there is limited human resources available, especially towards achieving the mandatory First Recommendation of the Financial Action Task Force (FATF) concerning implementation of risk assessment and application of such approach. Objectives of the risk-based approach are as follows:

1. The state/institutions/entities can identify, study and understand risks of money laundering/terrorism financing that will impact on the financial sector; and
2. Authorities can take appropriate steps to prevent and mitigate the risks, and the approach helps them make decisions on more effective resources allocation.

By adopting the risk-based approach, supervision of the APU-PPT program is carried out by the following steps: (a) weighing APU-PPT risks (not limited to operational risks only); (b) frequency of audits and number of auditors are adjusted to risk levels of the financial services companies to be audited; (c) audit periods are focused on products, services, delivery channels, types and nature of high-risk transactions and customers and geographical zones; and (d) reports of such audits are made separately from those on other risk areas.

During the Training Workshop on AML/CFT Risk-Based Supervision, there were also exposé and discussions on development of risk-based supervision tools in banking and capital market industries, and exposé on experiences of implementing the risk-based approach by industry players that were represented by Bank Central Asia (BCA) and CIMB Sekuritas.

The concept of risk-based approach tools in the banking sector covers the following areas:

1. Business risks refer to inherent risks of banking operational activities. Components of business risks:
1. Core banking, with derivative variables that include deposits, politically exposed persons (PEPs), prime customers, and types of deposits.
2. Other banking products and services, with derivative variables that consist of wire transfers, electronic banking, and cross-border correspondent accounts.
3. Delivery channels that include physical presence/direct and non-physical presence/indirect channels.
2. Internal Control Environment (ICE), which is used for measuring internal control level when mitigating APU-PPT risks. There are seven variables in ICE, namely Corporate Governance, Risk Management System, Policies and Procedures, Compliance Function, IT System, Internal Control, and Training.
3. Structural Factor (SF)
   
   The risks are measured by considering structural factors (SF) of the supervised banks. Components of the SF include:

1. Size, which is measured by a bank's total assets.
2. Geographical zones: a bank's value based on its operational areas, which cover areas where the bank operates within and outside the country.
3. Corporate Structure: a bank's value based on its corporate structure. There are several types of banking corporate structure, namely local incorporated-stand alone banks, local incorporated-conglomerate banks (including their overseas presence), and overseas subsidiaries/branches/holding companies.
4. Corporate Ownership: a bank's value based on its ownership structure. There are three types of ownership structure, namely state-owned banks, local private banks, either owned by local private individuals or local legal entities; and foreign-owned banks.
5. Risk categorization: clients are divided into three risk groups, namely low-risk, medium-risk, and high-risk customers.

Further, the concept of risk-based approach tools in the capital market sector consists of:

1. Business Risks refer to risks that come from customer transactions, including risks on products and risks on investors. Variables of risks on investors include:
1. Investor types, based on their domiciles (foreign or domestic) and their characters (individuals or legal entities).
2. Customer occupational risks refer to advanced investor classifications by their occupations or business fields.
3. Geographical area risks refer to risks from origins of customer transactions.
4. Politically exposed risks refer to risks that come from politically exposed persons' activities in their companies.
2. Internal Control Environment (ICE) refers to mitigation of risks borne by securities companies that include Corporate Governance, Risk Management System, Policies and Procedures, Compliance Function, IT System, Internal Control, and Training.
3. Structural Factors (SF) are uncontrollable risks that come from types, sizes, forms of activities, and ownership structures of companies. Derivative variables of the structural factors in the capital market sector are as follows:
1. Transaction methods refer to transaction facilities that companies provide for their clients. Customers can sell or buy securities through companies' sales agents (remote trading) or through online trading.
2. Sizes: the measurement tool for securities companies that carry out activities as securities brokers and/or underwriters is transaction value. The higher the transaction values, the higher the risks for the companies. There are three transaction value sizes, namely small, medium, and large.  
3. Corporate structure refers to ownership types of securities companies, which include government entities, private entities, private entities with politically exposed persons (PEPs), and foreign entities.

Delivery channels refer to number of branches owned by securities companies.