The EU Commission publishes its third supranational risk assessment

On 27th October 2022, the European Commission has published its third Supranational Risk Assessment (‘SNRA’), following the 2017 and 2019 publications. In the current edition, the SNRA reassessed and outlined mitigating actions on all the sectors covered by the previous 2019 publication, i.e., 43 products and sectors, grouped within eight categories. It analyses the main risks for the EU internal market and the horizontal vulnerabilities that can affect those sectors. Where changes to sectors or products have been identified, re-calculation of the risk levels took place. Where no changes to the risks were identified, the information included for these sectors or products has been updated.

The 2022 SNRA also factored numerous geopolitical and socioeconomic developments into its re-assessment exercise. These included the unprecedented impact of COVID-19 across economic sectors and business activities, as well as the impact of the Russian invasion on Ukraine. These two international developments have had a profound impact on ML/TF risks, which are reviewing in detail in this SNRA and therefore also require review by entities locally.

Changes in the risk matrix for sectors and products

The most notable adverse change in the risk matrix proposed by the SNRA is the re-classification of the online gambling sector, as well as crypto assets, both of which are now rated as Very High risks. On the other hand, the private banking sector and casinos have been re-assessed as bearing Significantly High and Medium residual risk respectively, which is a reduced grading from previous SNRAs.

Impact on subject persons – Business Risk Assessment

Subject Persons are encouraged to take into consideration the findings of risk assessments issued by Regulatory Bodies/ Authorities such as Supranational, National and Sectorial Risk Assessments. Understanding the findings of the SNRA and evaluating the impact these have on the organisation’s inherent risk, particularly as they relate to sector, jurisdiction and products/services is an important aspect of effective ML/TF risk management.

How can Deloitte help?

As risks associated to financial crime keep evolving, Subject Persons must ensure that their ML/TF risk management framework remains tuned and calibrated to provide those charged with governance an accurate representation of the organisation’s risk exposure. Our financial crime team can assist you evaluating the impact of the latest SNRA on the risk components of your business risk assessment. Speak to us for more information on our solutions.