Country Risk Ratings in AML Assessments

Introduction

In an interconnected global economy, businesses frequently deal with customers, suppliers, and transactions across borders. While this globalization brings growth opportunities, it also exposes companies to cross-border money laundering (ML) and terrorist financing (TF) risks.

To manage these risks effectively, financial institutions and Designated Non-Financial Businesses and Professions (DNFBPs)—such as real estate agents, gold traders, auditors, and corporate service providers—must include country risk ratings in their overall AML Risk Assessments.

This explains what country risk ratings are, why they matter, how they are assessed, and the best practices for applying them under UAE AML law.

________________________________________

1. Understanding Country Risk in AML

Country risk refers to the level of money laundering or terrorist financing exposure associated with doing business in or with a particular country.

A country’s risk level depends on:

• Its AML/CFT regulatory framework;

• Enforcement strength;

• Corruption levels;

• Political stability; and

• History of financial crime or sanctions.

FATF Recommendation 1 and UAE Cabinet Decision No. (10) of 2019 require entities to adopt a risk-based approach (RBA) by considering the geographical location of their customers, transactions, and counterparties.

________________________________________

2. Legal and Regulatory Foundation in the UAE

The UAE AML/CFT framework explicitly recognizes geographic or country risk as one of the primary risk categories.

Relevant laws include:

• Federal Decree-Law No. (20) of 2018 on AML/CFT;

• Cabinet Decision No. (10) of 2019 (Implementing Regulation);

• Cabinet Decision No. (109) of 2023 (Updated controls for DNFBPs);

• UAE Ministry of Economy DNFBP AML Guidelines;

• UAE Financial Intelligence Unit (FIU) advisories and goAML guidance.

These require DNFBPs to identify and document ML/TF risks linked to the countries or jurisdictions where customers, transactions, or intermediaries are based.

________________________________________

3. Why Country Risk Ratings Are Important

Country risk ratings are vital because:

• They help prioritize AML efforts—more focus on high-risk jurisdictions.

• They guide due diligence levels (Standard vs. Enhanced CDD).

• They reduce exposure to international financial crime.

• They ensure compliance with FATF and UAE AML laws.

• They prepare businesses for MOE inspections and audits.

Ignoring country risk can lead to exposure to sanctions breaches, STR reporting failures, and regulatory penalties.

________________________________________

4. Key Indicators for Assessing Country Risk

When assigning country risk ratings, organizations should consider multiple qualitative and quantitative indicators, such as:

a. FATF and International Lists

• Countries on the FATF Grey List or Black List are automatically high-risk.

• Monitor FATF’s periodic updates (issued three times a year).

b. Sanctions Lists

• Jurisdictions under UN, OFAC, or EU sanctions present elevated risks.

• Businesses must screen clients and transactions against these lists.

c. AML/CFT Regulatory Environment

• Countries with strong AML/CFT laws and effective enforcement are considered low-risk.

• Weak regulatory oversight increases risk exposure.

d. Corruption Levels

• Countries with high corruption are more prone to ML/TF.

• Refer to Transparency International’s Corruption Perceptions Index (CPI) for annual scores.

e. Political and Economic Stability

• Instability and weak governance often correlate with higher ML/TF risks.

f. Cross-Border Activity and Secrecy Laws

• Countries with banking secrecy, offshore centers, or anonymous company laws increase risk.

• Examples: certain tax havens or jurisdictions lacking beneficial ownership transparency.

________________________________________

5. How to Assign Country Risk Ratings

Step 1 – Develop a Country Risk Scoring Model

Create a simple rating scale, e.g.:

Risk Level Description Examples

Low Strong AML/CFT controls, FATF member, stable governance UAE, UK, Singapore

Medium Partial AML compliance, some corruption Turkey, India

High FATF grey/black listed, weak regulation, or sanctioned Iran, North Korea

Step 2 – Assign Scores Based on Reliable Sources

Use credible references such as:

• FATF Country Statements

• UAE FIU Advisories

• World Bank Governance Indicators

• Transparency International CPI

• OFAC and EU Sanctions Databases

Step 3 – Apply Risk Weighting

Each country risk factor can be weighted according to importance (e.g., FATF status = 50%, Corruption Index = 30%, Sanctions = 20%).

Step 4 – Link Country Risk to Customer and Transaction Risk

• High-risk countries → Enhanced Due Diligence (EDD) required.

• Low-risk countries → Simplified or Standard Due Diligence may suffice.

________________________________________

6. Applying Country Risk Ratings in Practice

For Customers

• Determine the country of residence, nationality, and business operations.

• If a client is from a high-risk country, apply EDD:

o Obtain source of funds and source of wealth documents;

o Get senior management approval;

o Conduct ongoing monitoring.

For Transactions

• Review the origin and destination of funds.

• Watch for payments routed through high-risk jurisdictions or offshore centers.

• Ensure the beneficial owner is clearly identified.

For Suppliers and Counterparties

• Perform due diligence on overseas suppliers and partners.

• Avoid trading with sanctioned or unverified entities.

________________________________________

7. Using Technology to Automate Country Risk Management

Platforms such as MyAML.io and Finabooks.com can help automate country risk integration by:

• Automatically updating FATF and sanctions lists;

• Assigning country risk scores to each customer profile;

• Generating reports for inspections;

• Integrating with transaction monitoring systems for alerts.

This ensures accuracy, efficiency, and readiness for Ministry of Economy (MOE) AML audits.

________________________________________

8. Best Practices for Managing Country Risk

1. Regularly Update Risk Lists:

Monitor FATF, FIU, and international updates every quarter.

2. Document All Assessments:

Keep evidence of how country risk ratings were determined.

3. Apply Enhanced Due Diligence (EDD):

For clients or transactions involving high-risk countries.

4. Train Staff:

Ensure your compliance team understands how to interpret and apply country risk data.

5. Review Annually:

Update your country risk assessment annually or when global events impact risk levels (e.g., sanctions, conflicts).

6. Integrate Risk into Entity-Wide AML Program:

Country risk should be linked to customer, product, and transaction risk for a comprehensive picture.

________________________________________

9. Example – Country Risk in a Jewellery Business

Scenario Country Risk Action

A buyer from the UK purchases gold jewellery worth AED 40,000 Low Standard CDD

A corporate buyer from a FATF grey-listed country purchases AED 250,000 worth of gold bars High EDD, Source of Funds, STR if necessary

Supplier from a high-secrecy offshore jurisdiction High Supplier verification and risk documentation

________________________________________

Conclusion

Country Risk Ratings form a crucial pillar of AML risk assessment in the UAE. By systematically identifying and managing risks associated with specific countries, DNFBPs can effectively comply with AML/CFT regulations, reduce exposure to financial crime, and maintain strong relationships with regulators.

Integrating technology, documentation, and regular reviews ensures that your country risk framework remains robust, responsive, and aligned with both UAE AML law and FATF international standards.

________________________________________

Sheikh Anwar Accounting & Auditing LLC

Licensed Auditor – Ministry of Economy (Entry No. 5817)

📍 Dubai Creek Tower, Office M35, Dubai, UAE

🌐 www.sa-auditors.com

✉️ info@sa-auditors.com