[Insurance Company Name]

AML/CFT Risk Assessment Report

Prepared by: Risk and Compliance Department
Assessment Period: [Start Date] – [End Date]
Report Date: [Report Date]

1. Executive Summary
This report details the assessment of money laundering (ML) and terrorist financing (TF) risks
for [Insurance Company Name] in Ethiopia. The Risk and Compliance Department has analyzed
inherent risks associated with our customer base, products, transaction channels, and geographic
factors. Using a structured, risk-based methodology aligned with Ethiopian regulatory
requirements and international standards (FATF, ISO 31000, COSO), we have developed a
detailed risk assessment matrix and scoring model. Overall, while many controls effectively
mitigate identified risks, the assessment highlights areas requiring enhanced customer due
diligence, monitoring upgrades, and improved governance (e.g., enhanced reporting and
dedicated risk oversight).

2. Introduction & Background

2.1 Company Overview

 Established: [Year]
 Products: Life, Non-life, and Reinsurance Insurance
 Capital Base: [Amount in ETB]
 Operations: [List of branches/offices, key products, and distribution channels]
 Customer Base: Local individuals, corporate clients, and select non-residents

2.2 Regulatory and Operational Context

In Ethiopia, AML/CFT efforts are guided by national proclamations, directives from the National
Bank of Ethiopia (NBE), and evolving FATF standards. Our assessment incorporates:

 Ethiopian AML/CFT legal framework and guidelines

 International standards (FATF Recommendations, ISO 31000, COSO ERM)
 Industry-specific risks in insurance and the inherent challenges of a predominantly cash-
based economy in parts of Ethiopia

2.3 Objectives

 Identify inherent ML/TF risks in our operations

 Measure risk exposures using a risk scoring model
 Evaluate the effectiveness of existing controls
 Develop an action plan to address identified gaps

3. Methodology
3.1 Risk Assessment Process

Our assessment follows a six-step process:

 1. Risk Identification: Identification of risks by customer type, product, geographic area,
and transaction channel.
2. Risk Measurement: Qualitative and quantitative analysis using a scoring model
(likelihood and impact ratings on a 1–5 scale).
3. Control Evaluation: Assessment of existing controls including CDD/KYC, transaction
monitoring, internal audit, training, and board oversight.
4. Residual Risk Determination: Evaluation of risks remaining after controls are applied.
5. Risk Reporting: Documenting findings in a risk matrix and scoring model.
6. Action Planning: Proposing recommendations to reduce residual risks.

3.2 Risk Scoring Methodology

Each risk is scored based on:

 Likelihood (L): The probability of occurrence (1 = Rare; 5 = Almost Certain)

 Impact (I): The potential effect on the company (1 = Insignificant; 5 = Catastrophic)
 Inherent Risk Score (IRS): IRS=L×IIRS = L \times IIRS=L×I
 Control Effectiveness (CE): Rated on a scale from 1 (ineffective) to 5 (highly effective)
 Residual Risk Score (RRS): RRS=IRS×(6−CE5)RRS = IRS \times \left(\frac{6 - CE}
{5}\right)RRS=IRS×(56−CE)
A higher RRS indicates a higher risk exposure after controls.

4. Detailed Risk Assessment Matrix

Below is a sample matrix summarizing the key risk areas:

Risk Risk Likeli Imp Inher Key Control Resid Comments/

Catego Factor hood act ent Control Effectiv ual Recommendations
ry (1–5) (1– Risk s eness Risk
5) Score (1–5) Score
(L×I)
Custom High- 4 4 16 Enhanc 3 16 × Strengthen
er Risk risk ed ((6- verification
corpora CDD/K 3)/5) procedures and
te YC; = 9.6 update PEP
clients, periodic screening
comple reviews procedures.
x ; PEP
owners screenin
hip g
structur
es
Produc Invest 3 5 15 Risk- 4 15 × Monitor early
t Risk ment- based ((6- cancellations;
linked, product 4)/5) consider additional
 high design; = 6.0 controls on product
cash limits features.
value on
policies policy
cancella
tion;
internal
review
Transa Cash 3 4 12 Automa 3 12 × Upgrade monitoring
ction premiu ted ((6- system; increase
Risk m transact 3)/5) training on red flags
payme ion = 7.2 for front-line staff.
nts; monitor
unusual ing;
claim threshol
settlem d
ents reportin
g;
manual
reviews
Geogra Operati 2 4 8 Geogra 3 8× Focus on branch-
phic ons in phic- ((6- level controls in
Risk border specific 3)/5) border areas;
regions due = 4.8 periodic risk re-
with diligenc assessment.
high e;
cash enhance
usage d
monitor
ing in
high-
risk
areas
Channe Use of 3 3 9 Integrat 4 9× Enhance integration
l Risk multipl ed risk ((6- of channel data in
e manage 4)/5) risk MIS for timely
transact ment = 3.6 detection.
ion system;
channel regular
s channel
(online, reviews
cash,
agent-
based)

Note: The above numbers are illustrative. In your internal assessment, adjust ratings based on
your detailed analysis and data.
5. Risk Scoring Matrix Example

The following is an example of the risk scoring framework applied:

Score Score Range Risk Management Response

Category (Residual Risk Level
Score)
1–3 1.0 – 3.0 Low Routine monitoring and periodic review;
standard controls suffice
4–6 4.0 – 6.0 Moderate Enhanced controls; more frequent reviews;
targeted improvements
7–9 7.0 – 9.0 High Immediate remedial action; deep-dive
investigations; senior review
10 and ≥10.0 Critical Escalation to Board; urgent control
above implementation; potential suspension of activity
if risk is not mitigated

For example, in the Customer Risk row, the residual risk score of 9.6 falls into the “High”
category, prompting immediate review and control enhancements.

6. Action Plan and Recommendations

6.1 Key Recommendations

 Customer Risk:
• Implement stricter verification and enhanced due diligence measures for high-risk
customers.
• Upgrade PEP screening tools and periodic review frequency.
 Product Risk:
• Reassess risk features of high-value policies and introduce additional controls during
policy underwriting.
• Monitor early cancellations and implement controls on policy loans.
 Transaction Risk:
• Enhance transaction monitoring systems with advanced analytics to detect unusual
patterns.
• Increase training for front-line staff to identify red flags in both premium collections
and claim settlements.
 Geographic Risk:
• Implement additional due diligence procedures for branches in border/high-risk regions.
• Regularly review and update regional risk assessments.
 Channel Risk:
• Integrate data from all transaction channels into a central risk management information
 system (MIS).
• Standardize reporting and increase real-time monitoring capabilities.

6.2 Implementation Timeline

 Short-Term (0–6 months):

• Revise and update CDD/KYC procedures for high-risk profiles.
• Enhance training programs and initiate an upgrade of transaction monitoring systems.
 Medium-Term (6–12 months):
• Appoint a dedicated Chief Risk Officer (CRO) to strengthen risk oversight.
• Roll out integrated MIS enhancements.
 Long-Term (12–18 months):
• Complete a full review of risk exposure, update the risk scoring model based on
observed trends, and report progress to the Board.
• Reassess risk appetite and adjust the risk tolerance thresholds as necessary.

7. Conclusion
The assessment confirms that while [Insurance Company Name] has implemented several
effective controls, moderate to high residual risks remain in key areas such as customer due
diligence and transaction monitoring. The recommendations and action plan provided herein will
help mitigate these risks and further align our AML/CFT framework with both national and
international standards. Continued improvement and periodic reassessment are essential for
maintaining a robust and compliant risk management environment.

8. Appendices
Appendix A: Detailed Risk Assessment Matrix

(Include the table provided above and any additional risk rows specific to your operations.)

Appendix B: Risk Scoring Guidelines

(Document the scoring model and rationale for rating likelihood, impact, and control
effectiveness.)

Appendix C: Glossary of Terms

(Define AML, CFT, CDD, KYC, PEP, etc.)

Appendix D: References and Regulatory Guidelines

(List Ethiopian AML/CFT regulations, NBE directives, FATF recommendations, ISO 31000, and
COSO ERM documents.)

Prepared by: [Name, Title, Risk & Compliance Department]

Approved by: [Name, Title, Board/Risk Committee]
Here's a sample AML/CFT Risk Assessment Report for an Insurance Company in Ethiopia.
This document follows international best practices and aligns with Ethiopia’s Financial Anti-
Money Laundering and Countering the Financing of Terrorism Compliance Directives.

AML/CFT RISK ASSESSMENT REPORT

Prepared by: [Insurance Company Name]

Date: [DD/MM/YYYY]

1. Introduction

This report assesses the Anti-Money Laundering and Countering the Financing of Terrorism
(AML/CFT) risks associated with [Insurance Company Name]. It aims to identify, evaluate, and
mitigate risks in compliance with the Ethiopian AML/CFT regulatory framework.

2. Regulatory Framework

This assessment follows:

 Financial Anti-Money Laundering and Countering the Financing of Terrorism

Compliance Directives No. 01/2014
 National Bank of Ethiopia (NBE) Regulations
 Financial Intelligence Center (FIC) Guidelines
 ESAAMLG Recommendations

3. Risk Assessment Methodology

We adopt a risk-based approach, evaluating threats based on the following factors:

1. Product & Service Risk

2. Customer Risk
3. Geographic Risk
4. Transaction & Payment Channel Risk

4. Risk Scoring Matrix

We use a risk scoring matrix to assess AML/CFT threats:

Risk Level Score Description

Low 1-3 Minimal risk, strong controls in place
Medium 4-6 Moderate risk, requires additional monitoring
High 7-9 Significant risk, enhanced due diligence required

Each category (Product, Customer, Geographic, Transaction) is assigned a risk score from 1 to 9.
The total score determines the risk level and required mitigation measures.
5. Key Risk Areas and Mitigation Measures

5.1 Product & Service Risk

Risk
Product Risk Factors Mitigation Measures
Level
Potential for money laundering Enhanced Due Diligence (EDD) for
Life Insurance Medium through large premium high-value policies, transaction
payments monitoring
Strict scrutiny of early policy
Investment-linked Policy surrender for quick cash
High surrenders, verification of sources of
Insurance withdrawal
funds
Less susceptible to AML/CFT Standard customer due diligence
General Insurance Low
risks (CDD)

5.2 Customer Risk

Risk
Customer Type Risk Factors Mitigation Measures
Level
High-Net-Worth Large transactions, foreign Enhanced KYC, Source of
High
Individuals dealings Funds Verification
Politically Exposed Risk of corruption & illicit Ongoing monitoring, PEP
High
Persons (PEPs) financing declaration forms
Use of complex structures to hide Beneficial ownership
Corporate Clients Medium
beneficial ownership disclosure requirements

5.3 Geographic Risk

Risk
Country/Region Risk Factors Mitigation Measures
Level
Emerging AML/CFT Compliance with NBE & FIC
Ethiopia Medium
regulatory framework regulations
Offshore Financial Restricted transactions,
High High secrecy jurisdictions
Centers additional scrutiny

5.4 Transaction & Payment Channel Risk

Payment Risk
Risk Factors Mitigation Measures
Method Level
Anonymity, untraceable Cash transaction reporting (above ETB
Cash Premiums High
transactions 300,000)
Online Cyber risks, third-party Secure platforms, transaction
Medium
Payments involvement monitoring
Cross-border movement of SWIFT tracking, source of funds
Wire Transfers High
funds validation
6. Customer Due Diligence (CDD)

Standard CDD Requirements:

 Verify customer identity using government-issued ID

 Obtain proof of address (utility bills, bank statements)
 Establish source of funds for high-value transactions

Enhanced Due Diligence (EDD) for High-Risk Clients:

 Conduct deeper background checks (PEPs, high-net-worth individuals)

 Require additional documentation (business ownership, financial statements)
 Ongoing transaction monitoring and periodic risk review

7. Suspicious Transaction Indicators ("Red Flags")

 Unusual large one-time premium payments

 Frequent early policy surrenders with significant cash withdrawals
 Transactions involving high-risk jurisdictions
 Clients refusing to provide KYC documents

8. Internal Controls & Compliance Program

 Appointment of a Compliance Officer

 Ongoing AML/CFT training for staff
 Automated transaction monitoring system
 Reporting of suspicious transactions to the Financial Intelligence Center (FIC)

9. Conclusion & Recommendations

Based on the assessment, [Insurance Company Name] should:

1. Strengthen Enhanced Due Diligence (EDD) for high-risk clients.

2. Upgrade its AML/CFT monitoring system for better transaction tracking.
3. Increase staff training programs on AML/CFT compliance.
AML/CFT Risk Assessment for Ethiopian Insurance
please provide detailed sample AML and CFT risk assessment report for an insurance
company that operates in ethiopia along with risk assessment matrix and risk scoring
matrix

Below is a detailed sample Anti-Money Laundering (AML) and Counter-Financing of

Terrorism (CFT) risk assessment report for an insurance company operating in Ethiopia.
This report includes a risk assessment matrix and a risk scoring matrix tailored to the
insurance sector.

AML/CFT Risk Assessment Report for [Insurance Company

Name]

1. Executive Summary

This report outlines the AML/CFT risk assessment conducted for [Insurance Company
Name], an insurance provider operating in Ethiopia. The assessment identifies,
evaluates, and prioritizes risks associated with money laundering (ML) and terrorist
financing (TF) within the company’s operations. The report also provides
recommendations to mitigate identified risks and ensure compliance with Ethiopia’s
AML/CFT regulations and international standards.

2. Scope of the Assessment

The assessment covers the following areas:

 Customer risk
 Product and service risk
 Geographic risk
 Channel risk (distribution and payment methods)
 Regulatory and legal risk

3. Risk Assessment Methodology

The risk assessment was conducted using a structured approach:

 1. Data Collection: Reviewed internal policies, customer profiles, transaction
records, and regulatory requirements.
2. Risk Identification: Identified potential ML/TF risks across the company’s
operations.
3. Risk Scoring: Applied a risk scoring matrix to quantify the likelihood and impact
of each risk.
4. Risk Prioritization: Ranked risks based on their severity to guide mitigation
efforts.

4. Risk Assessment Matrix

The risk assessment matrix evaluates risks based on likelihood and impact,
categorized as low, medium, or high.

Risk Category Likelihood Impact Risk Level

Customer Risk High High High
Product/Service Risk Medium High High
Geographic Risk Medium Medium Medium
Channel Risk Low Medium Medium
Regulatory/Legal Risk High High High

5. Risk Scoring Matrix

The risk scoring matrix assigns numerical values to likelihood and impact to calculate an
overall risk score.

Low
Likelihood/Impact Medium (2) High (3)
(1)
Low (1) 1 2 3
Medium (2) 2 4 6
High (3) 3 6 9

Risk Levels:

 1-3: Low risk

 4-6: Medium risk
 7-9: High risk

6. Detailed Risk Assessment

6.1 Customer Risk

  Description: The insurance company serves a diverse customer base, including
high-net-worth individuals, corporate clients, and politically exposed persons
(PEPs).
 Risk Factors:
o Inadequate customer due diligence (CDD) and enhanced due diligence
(EDD) processes.
o Lack of awareness among staff about identifying suspicious activities.
 Risk Score: Likelihood (3) x Impact (3) = 9 (High Risk)

6.2 Product/Service Risk

 Description: The company offers life insurance, health insurance, and

investment-linked products, which can be exploited for ML/TF.
 Risk Factors:
o Investment-linked products may be used to launder funds.
o Lack of monitoring mechanisms for high-value transactions.
 Risk Score: Likelihood (2) x Impact (3) = 6 (High Risk)

6.3 Geographic Risk

 Description: The company operates in Ethiopia, which is considered a medium-

risk jurisdiction due to weak AML/CFT enforcement and high levels of informal
financial activity.
 Risk Factors:
o Cross-border transactions with high-risk jurisdictions.
o Limited access to international sanctions lists.
 Risk Score: Likelihood (2) x Impact (2) = 4 (Medium Risk)

6.4 Channel Risk

 Description: The company uses agents, brokers, and online platforms to

distribute its products.
 Risk Factors:
o Limited oversight over third-party agents.
o Weak controls over online payment channels.
 Risk Score: Likelihood (1) x Impact (2) = 2 (Medium Risk)

6.5 Regulatory/Legal Risk

 Description: Ethiopia’s AML/CFT regulatory framework is evolving, and

enforcement is inconsistent.
 Risk Factors:
o Non-compliance with local AML/CFT regulations.
o Potential penalties and reputational damage.
 Risk Score: Likelihood (3) x Impact (3) = 9 (High Risk)

7. Risk Mitigation Recommendations

 1. Enhance Customer Due Diligence (CDD):
o Implement robust CDD and EDD processes for high-risk customers,
including PEPs.
o Train staff to identify and report suspicious activities.
2. Strengthen Transaction Monitoring:
o Deploy automated systems to monitor high-value and unusual
transactions.
o Conduct regular audits of investment-linked products.
3. Improve Third-Party Oversight:
o Conduct due diligence on agents and brokers.
o Establish clear AML/CFT guidelines for third-party partners.
4. Stay Updated on Regulatory Changes:
o Monitor updates to Ethiopia’s AML/CFT laws and ensure compliance.
o Engage with regulators to stay informed about emerging risks.
5. Conduct Regular Training:
o Provide AML/CFT training to all employees, including senior management.
o Simulate real-world scenarios to test staff readiness.

8. Conclusion

The risk assessment identifies high risks in customer due diligence, product offerings,
and regulatory compliance. By implementing the recommended mitigation measures,
[Insurance Company Name] can reduce its exposure to ML/TF risks and ensure
compliance with local and international AML/CFT standards.

9. Appendices

 Appendix A: Risk Scoring Methodology

 Appendix B: Regulatory References (e.g., Ethiopia’s AML/CFT Proclamation)
 Appendix C: Training Program Outline

This sample report provides a comprehensive framework for an insurance company

operating in Ethiopia to assess and mitigate AML/CFT risks. The risk assessment and
scoring matrices can be customized based on the company’s specific operations and
risk appetite.

Appendix A: Risk Scoring Methodology Appendix B: Regulatory References (e.g.,

Ethiopia’s AML/CFT Proclamation) Appendix C: Training Program Outline

Below are the detailed appendices for the AML/CFT Risk Assessment Report, including
the Risk Scoring Methodology, Regulatory References, and Training Program
Outline.
Appendix A: Risk Scoring Methodology

1. Risk Scoring Framework

The risk scoring methodology quantifies the likelihood and impact of identified risks to
determine their overall risk level. The framework uses a 3x3 matrix to assign numerical
values to likelihood and impact, which are then multiplied to calculate the risk score.

Low
Likelihood/Impact Medium (2) High (3)
(1)
Low (1) 1 2 3
Medium (2) 2 4 6
High (3) 3 6 9

2. Definitions

 Likelihood: The probability of a risk occurring.

o Low (1): Unlikely to occur.
o Medium (2): Possible but not frequent.
o High (3): Very likely to occur.
 Impact: The potential consequences of a risk if it materializes.
o Low (1): Minimal financial or reputational damage.
o Medium (2): Moderate financial or reputational damage.
o High (3): Severe financial or reputational damage.

3. Risk Levels

 1-3: Low risk (Manage through routine procedures).

 4-6: Medium risk (Requires specific mitigation measures).
 7-9: High risk (Requires immediate action and senior management oversight).

Appendix B: Regulatory References

1. Ethiopia’s AML/CFT Proclamation

 Proclamation No. 780/2013: The primary legal framework for AML/CFT in

Ethiopia.
o Key Provisions:
 Requires financial institutions, including insurance companies, to
implement AML/CFT measures.
 Mandates customer due diligence (CDD) and enhanced due
diligence (EDD) for high-risk customers.
 Establishes the Financial Intelligence Center (FIC) as the primary
AML/CFT regulatory body.
 Requires reporting of suspicious transactions to the FIC.
2. International Standards

 FATF Recommendations: The Financial Action Task Force (FATF) sets

international standards for AML/CFT.
o Relevant Recommendations:
 Risk-Based Approach (RBA): Requires institutions to assess and
mitigate ML/TF risks based on their specific operations.
 Customer Due Diligence (CDD): Mandates identifying and verifying
customers’ identities.
 Reporting Suspicious Transactions: Requires reporting of suspicious
activities to relevant authorities.

3. Other Relevant Regulations

 National Bank of Ethiopia (NBE) Directives: Provides additional guidance for

financial institutions on AML/CFT compliance.
 Insurance Proclamation No. 746/2012: Governs the insurance sector and
includes provisions related to AML/CFT.

Appendix C: Training Program Outline

1. Training Objectives

 To educate employees on AML/CFT regulations and their importance.

 To equip staff with the skills to identify and report suspicious activities.
 To ensure compliance with Ethiopia’s AML/CFT Proclamation and international
standards.

2. Target Audience

 All employees, including:

o Senior management
o Customer-facing staff (e.g., agents, brokers)
o Compliance and risk management teams
o IT and operations staff

3. Training Modules

1. Introduction to AML/CFT:
o Overview of money laundering and terrorist financing.
o Key terms and concepts.
2. Regulatory Framework:
o Ethiopia’s AML/CFT Proclamation.
o FATF Recommendations and international standards.
3. Risk-Based Approach (RBA):
o Understanding ML/TF risks in the insurance sector.
o Conducting risk assessments.
 4. Customer Due Diligence (CDD):
o Identifying and verifying customer identities.
o Enhanced due diligence (EDD) for high-risk customers.
5. Suspicious Activity Reporting:
o Recognizing red flags and unusual transactions.
o Reporting procedures and timelines.
6. Record-Keeping and Monitoring:
o Maintaining accurate records of transactions.
o Implementing transaction monitoring systems.
7. Case Studies and Practical Exercises:
o Real-world examples of ML/TF in the insurance sector.
o Interactive exercises to test knowledge and skills.

4. Training Delivery

 Format: In-person workshops, online courses, and e-learning modules.

 Frequency: Annual training for all employees, with additional sessions for new
hires and high-risk departments.
 Assessment: Quizzes and practical exercises to evaluate understanding.

5. Training Materials

 Presentation slides
 Handouts and reference guides
 Case study examples
 Online learning platform (if applicable)

6. Follow-Up and Evaluation

 Conduct post-training assessments to measure knowledge retention.

 Gather feedback from participants to improve future training sessions.
 Monitor the effectiveness of training through compliance audits and incident
reports.

These appendices provide a comprehensive framework for implementing the AML/CFT

risk assessment and ensuring compliance with regulatory requirements. They can be
tailored to the specific needs of the insurance company and updated as regulations
evolve