Risk v Reward - Assessing a country’s AML risk



Barry Leonard


Within the world of KYC, it is vital that the level of operational risk be assessed when deciding whether to engage in business with a potential or current client. The factors which go into assessing, and subsequently defining, this risk are extensive.


Each individual financial institution will have their own threshold of risk that they can manage. Different financial institutions, trading different products, and the mediums through which they do business, will affect their internally assessed risk appetite. However, when we step back and try to assess operational risk factors, i.e. risk at a macro level, where businesses are domiciled is one of the most significant factors determining how this risk is calculated.

Country Risk is generally defined as a “collection of risks associated with investing in a foreign country. These risks include political risk, exchange rate risk, economic risk, sovereign risk and transfer risk, which is the risk of capital being locked up or frozen by government action” [1]. Broadly speaking the risk factors involved can be narrowed down to three core areas:

  • Political Risk Factors – These include government stability, democratic accountability, socioeconomic conditions, and internal conflict (such as civil war) or external conflict (ranging from trade restrictions to war)

  • Economic Risk Factors – These include rate of annual inflation, annual change in estimated GDP, estimated government balance as a percentage of GDP, currency fluctuations

  • Financial Risk Factors – These include exchange rate stability, liquidity problems [2]


Many organisations use a variety of different methods to gather information about a country in relation to its risk potential. When assessing the risk rating of a country the information gathered will be reviewed through a variety of quantitative and qualitative mechanisms. For example, the Financial Conduct Authority use a variety of different sources assessing publicly available information and indices including HM Treasury Sanctions[3], Financial Action Taskforce high-risk and non-cooperative jurisdictions, MoneyVal evaluations[4], Transparency International Corruption Perception Index[5], the Foreign & Commonwealth Office Human Rights Report[6], the UK Government’s Overseas Business Risk webpages, and public information about the quality of regulation in each country[7]. This list is reviewed periodically.

The information collected from the multiple sources listed above is then collated and measured to create a Country Risk Matrix. An example of this can be seen below:



Source: Foreign Trade Association, Business Social Compliance Initiative (2014)[8]

According to Transparency International’s Corruption Perceptions Index 2016, Low Risk countries tend to have higher degrees of press freedom, access to information about public expenditure, stronger standards of integrity for public officials, and independent judicial systems. However, high-scoring countries cannot afford to become complacent. While the most obvious forms of corruption may not affect citizens' daily lives in all these places, the higher-ranked countries are not immune to closed-door deals, conflicts of interest, illicit finance, and patchy law enforcement that can distort public policy and exacerbate corruption at home and abroad. Examples of countries that have consistently low risk ratings would be New Zealand, Denmark and Canada.

High Risk countries are plagued by untrustworthy and badly functioning public institutions, such as the police and judiciary. Even where anti-corruption laws exist, in practice they have been deemed or proved to be skirted or ignored. People frequently face situations of bribery and extortion, rely on basic services that have been undermined by the misappropriation of funds, and confront official indifference when seeking redress from authorities that are complicit. Examples of some of the countries with the worst risk ratings would be North Korea, South Sudan and Syria[9].

An example of how international politics and economic factors can influence risk rating can be found in The Euler Hermes Country Report (Q2 2017)[10]. The Euler Hermes Country Report is an in-depth economic research report that provides a review of an individual country's economic profile. This report illustrates the risk rating of each country, and any changes to country risk ratings. Within this most recent report we see that the Czech Republic has been upgraded. This is due to a rise in real GDP, a rise in inflation, strong public finances, good international relations with fellow EU members, a stable banking sector, and manageable external debt, among other factors.

On the other hand, the report also highlights a number of countries whose risk rating has been downgraded. One such example is Qatar. This risk rating has been affected greatly by instability in the middle east generally, but more specifically due to conflict with other Arab states (Saudi Arabia, UAE, Bahrain, Egypt) that escalated in June 2017, resulting in significant economic measures against Qatar. Additionally, due to persistently low oil prices since 2014, the real GDP growth slowed further during Q2 of 2017.

Since the financial crash of 2007-8, the role of AML KYC has grown exponentially, as greater emphasis is being placed on mitigating operational risk. Whilst the logic behind KYC is reasonable (by demanding detailed information about counterparties, banks are less likely to engage in money laundering and terrorist financing unknowingly), it is also a challenging task, requiring dedicated specialists and data experts, and potentially a complete transformation of internal processes within institutions.

However, KYC is not optional. Failure to comply can lead to huge fines as well as reputational damage. Whilst a £7.6mm fine issued to Standard Bank in 2014 for failure to implement sufficient anti-money laundering controls seemed significant at the time, this has been dwarfed by fines issued to Barclays[11] (£72mm) in 2015 and Deutsche Bank[12] (£506mm) in 2017. Given the importance of compliance in this space, and considering the severity of fines imposed, it is likely that the role of AML KYC will continue to evolve as more stringent regulations are put in place to attempt to deal with money laundering in finance. It is therefore incumbent on banks and other financial institutions to invest heavily in this area in order to meet the standards expected of them by the various national and international regulatory bodies.

[1] Investopedia, Country Risk


[2] The PRS Group, ICRG Methodology


[3] GOV.UK, Financial Sanctions: Regime-specific lists and releases


[4] Council of Europe, MoneyVal


[5] Transparency International Corruption Perception Index


[6] GOV.UK, Human Rights and Democracy Reports


[7] Governance Risk Compliance Institute


[8] Foreign Trade Association, Business Social Compliance Initiative http://www.bsci-intl.org/sites/default/files/countries_risk_classification_final_version_20140109.pdf

[9] Transparency International Corruption Perception Index


[10] Euler Hermes Country Report, Q2 2017 http://www.eulerhermes.com/economic-research/country-risks/Pages/country-reports-risk-map.aspx

[11] FCA Website, News https://www.fca.org.uk/news/press-releases/fca-fines-barclays-%C2%A372-million-poor-handling-financial-crime-risks

[12] FCA Website, News https://www.fca.org.uk/news/press-releases/fca-fines-barclays-%C2%A372-million-poor-handling-financial-crime-risks

Barry Leonard

Barry is a graduate of The University of Ulster, where he gained a BSc in Psychology, and Queens University Belfast where he gained an MSc in Criminology. He joined FinTrU in 2015 as part of our second Financial Services Academy. Since coming on board, he has worked as part of the AML KYC Team for a Tier 1 Investment Bank.


As part of this team Barry conducts independent research to gather and record data from internal systems, commercial databases, and the Internet. He assesses and analyses research data, using background knowledge and experience to conduct complex data analysis.


He conducts investigations based on global standards, policies, tools, and procedures to ensure compliance with internal and external regulatory requirements, determining the best investigative and analytical approach, following up with external contacts to obtain information to support cases.