MONEY LAUNDERING NATIONAL RISK ASSESSMENT TOOLKIT – ANNEXES A-C

The topics of the following annexes to the Money Laundering (ML) National Risk Assessment (NRA) Guidance were selected because of a need for assistance identified in the Financial Action Task Force (FATF) Global Network. They should not be treated as a mandatory checklist or requirement, including because the FATF Standards do not require an NRA per se, nor do they specify a particular format of risk assessment product. The guidance document and its annexes are not an FATF Standard and are therefore not intended to designate specific actions necessary to meet obligations under Recommendation 1, the interpretative note to Recommendation 1 (INR.1), or any other FATF Standards. Criteria for technical compliance and for assessing effectiveness is only found in the FATF assessment Methodology. The practices described in this guidance are intended to serve as examples that may facilitate implementation of obligations in a manner compatible with the FATF Standards.

Countries do not have to go through each of the annexes or guides but can elect to use the materials that are relevant and appropriate in their own unique risk and context. If a country, considering its risk and context, sees a need for a specific risk assessment or a chapter on (for example) corruption, it can consult the relevant quick guide to assist in this work.

The suggested sources listed for data are non-exhaustive and should not replace data collection and analysis on a national level. Rather, the goal is to provide a variety of sources for background information that can support jurisdictions in the initial stages of research on their risks. It is recommended that countries assess the reliability of all sources used and do not take external data sources at face value, rather use them to supplement their national level data and risk understanding, especially where there are data gaps.

The NRA process should be kept manageable and the resulting document of a reasonable length to remain accessible and useful to both the public and private sectors. 

Countries should note that these annexes should be read in conjunction with the ML NRA Guidance as they complement and supplement the information therein. These annexes do not discuss every stage of the NRA process; where there is no specific supplementary guidance or information provided, countries are invited to refer to the information in the ML NRA Guidance document.

Examples of NRAs and other risk assessments can be found on the RTMG Community site (link not public) [1]. This page is updated regularly when the FATF Secretariat receives notice of newly published risk assessments.

This annex is designed to help countries address challenging areas of risk assessments by providing practical advice that countries can implement to help them to enhance the effectiveness of their ML risk assessments. Countries should always ensure they adapt these tools to their specific risk and context, and go beyond them, as needed.

As mentioned in the ML NRA Guidance, countries should do an environmental scan of all ML threats and vulnerabilities present before proceeding to analyse them. Countries are encouraged to note in their NRA or other risk assessments which areas are emerging risks or where there is some awareness about a risk, but limited data or information as to its scope, or frequency of occurrence. The areas below have been chosen as they have consistently proven challenging to assess, often because of limitations faced in obtaining data or the level of understanding of the sectors exposed to those risks and how they can be mitigated. Concluding that there is not enough data or information available to accurately assess risk in a particular area is also valuable, as it can inform a country’s action plan, and support prioritisation of further work to improve risk understanding for future NRA iterations, enhance data collection, or to support the commencement of a sectoral or thematic risk assessment.

These annexes include selected good practices from a variety of countries across the FATF Global Network and have been drafted with the aim of providing common steps that countries can apply regardless of their specific context, maturity of risk assessment process, the complexity of their anti-money laundering (AML) system, etc.

The four topics discussed in Annex A are:

1. Corruption
2. Virtual Assets (VA) and Virtual Asset Service Providers (VASP)
3. Legal Persons and Legal Arrangements
4. Informal Economy

It is important to assess these areas in such a way that the findings can be integrated into other work taking place in the country to improve risk understanding. Countries should decide, based on their risk and context, how to best assess their risks. The risk assessment of these areas could be incorporated into a country’s NRA, done as a separate thematic/sectoral risk assessment, or examined as part of other risk assessment work (e.g. typologies reports). The extent of the informal economy and levels of corruption in the country could be considered as contextual factors, which impact various threats and vulnerabilities and can impact the overall risk levels in the country. Given that VA/VASPs and legal persons and arrangements intersect with many other areas of ML risk and have proven challenging to assess, countries may decide to do a “deeper dive” as part of a sectoral/thematic risk assessment, even if they have already included these topics in their NRA, to enhance their risk understanding.

There are often links between these topics, and the sections below note data and factors from other topics that could be considered to gain a deeper understanding on risk. Examples may include:

• Corrupt officials may exploit their positions to siphon government funds and use shell companies to disguise the origin and movements of funds.
• Funds from corruption could also be converted into VA to disguise the origin of funds and facilitate cross-border transfers.
• Professional enablers could establish legal persons or arrangements to enable or facilitate the transfer of funds to public officials, paid as bribes in exchange for the reward of public or government contracts.
• Criminals can take advantage of the informal economy through purchasing materials from unregistered businesses, over-invoicing the goods, and then using shell companies to launder the funds. Shell companies may also be abused for tax evasion purposes, tax evasion being a driver for informal economy.

It is therefore important that when conducting assessments of these topics, that countries consider possible links to other sectors and risk areas, and how these may affect the scope and impact of the risks under assessment. Countries are encouraged to consider these risks within the context of other possible risks, rather than assessing them in isolation to one another. The links between these topics also show that it is important to consider the context of the country and the broader environment in which ML takes place to fully understand the risks. Any action plans that arise from the findings of the NRA should consider the possibly existence of these links in the country. Risk areas being linked and overlapping could increase risk levels, but it could also mean that countries can use the measures for mitigating one risk to mitigate the risks of a linked risk.

The purpose of the annex is to provide countries with a cross-country aggregation of risk information to highlight possible areas of focus, e.g., which predicate offences and which types of ML are most common on a domestic and international level, and how countries may wish to prioritise analysis of the associated risks. Countries should note that some areas of focus, predicate offences or types of ML that are included here will not apply equally to all countries. The purpose of the annex is to offer ideas on how to get started with this type of analysis, based on a variety of available sources.

While the basis of every risk assessment undertaken by a country should be its specific and unique risk and context, countries may wish to consider the below information as a tool to kick-off or supplement their risk assessment and support prioritisation of certain common predicate offences. This annex is not intended to replace the country’s own analysis of its risks, but consideration of commonalities present in their region or on an international level may provide a broader picture of the risk landscape. This is particularly important due to the cross-border nature of ML, which is constantly evolving with advances in technologies.

This figure shows the top ML threats identified from country MERs. It is based on FATF Secretariat analysis of a sample of 59 country MERs from across the Global Network. All threats countries noted were domestic, apart from the category of “foreign predicates”. However, foreign predicates may be under-reported, as subsequent questionnaires sent to the Global Network for the ML NRA Guidance update project showed that many countries face challenges effectively assessing the risks associated with foreign predicate offences.

Source: FATF Report on the State of Effectiveness and Compliance with the FATF Standards, 2022

This figure shows regional trends in the top ML threats identified from country MERs. It is based on FATF Secretariat analysis of a sample of 59 country MERs from across the Global Network. 

Source: Internal research by FATF Secretariat. Data collected for the FATF Report on the State of Effectiveness and Compliance with the FATF Standards, 2022.

This figure shows the top ML threats based on World Bank analysis of 147 MERs from across the Global Network.

Source: Unpublished Research by World Bank, 2022

This figure shows the top ML threats based on World Bank analysis of 147 MERs from across the Global Network.

Additionally, countries may wish to consider including in their NRA an analysis of why particular threats (e.g., those that are most prevalent on an international and especially  regional level and involve cross-border elements) are not assessed to be material in the country. Including this information, together with the sources analysed to come to this conclusion, can increase transparency and support the continuity of the NRA process, and can facilitate the reassessment of threats on a longer-term basis. Countries are encouraged to liaise within their FSRB, with other regional bodies, and with neighbouring countries to broaden their risk understanding beyond their borders, which is especially important for many ML risks that involve cross-border elements at different stages of the ML process. All these suggestions are subject to the prioritisation and availability of resources, noting resources available to conduct assessments might be limited and should be used in the most efficient manner. Risk assessments should also be kept manageable and of a reasonable length to remain accessible and useful to both the government and the private sector.

It is worth noting that the estimates of proceeds of crime give a different ranking to the analysis in the previous section based on what were considered the highest risks in country MERs.

The following table provides information on major predicate offences (i.e., those frequently identified in MERs) ordered based on estimated proceeds of crime. The estimates in this section have been taken from various reliable sources and are based on different methodologies. The estimates in this section are not considered to be definitive given the difficulties acknowledged in estimating proceeds of crime, the difference in methodologies used and that some of the estimates may already be (or later become) outdated. They are presented here for illustrative purposes, to encourage countries to consider the importance of predicate offences on an international level, even if they are not of high importance in the country itself. Countries may look for updated estimates from reliable sources when they come to update their NRA or prioritise other risk assessment work, and in many cases also do their own estimations

The “top four” predicate offences are often cited as being fraud, corruption, drug trafficking and tax crimes. As all these crimes could have cross-border elements, it is recommended that countries consider the risks of proceeds of these crimes entering their jurisdictions for laundering, even if the offence is not prevalent domestically.

As outlined in the FATF’s 2024 ML NRA Guidance, [102] countries should analyse the likely consequences of ML and predicate offences. The FATF defines risk as a threat taking advantage of a vulnerability to produce a consequence. Depending on the risk and context of the country, some predicate offences with a higher human, societal or environmental cost may need to be prioritised in the NRA to better understand threats and develop proportionate risk-mitigating measures.

The disparity in the placement of fraud and drug trafficking above may indicate that countries facing significant levels of these offences are rightly including other considerations such as the damage caused by drug trafficking on both individuals and societies. This may lead to it being considered a higher risk in many countries, despite generating fewer proceeds than other predicate offences. Other predicate offences (e.g., human trafficking and sexual exploitation) also threaten social stability and national security. They can cause strain on the resources of LEAs, weakening their effectiveness and creating vulnerabilities that could be exploited by criminals.

Corruption in particular can be pervasive in a variety of sectors, e.g., infrastructure, health, customs, tax, law enforcement, the judiciary, and natural resource management.  This can lead to serious consequences on the population, for example, barriers to accessing basic healthcare, education and justice, or public safety risks such as the endangerment of human life due to unsafe infrastructure or lack of medicine.

As mentioned in the ML NRA Guidance, it is also important to consider the cross-border consequences of ML. When ML is international, most of the negative consequences may occur in foreign jurisdiction where the predicate crimes are committed and a consequence analysis that only focuses on domestic context (e.g., the effect on taxpayers) may not reflect the true scale of consequences [103].

Considering both financial and social harm in the NRA can help countries better prioritise criminal threats, ensuring that both the financial system and broader society are protected from illicit activities. Giving greater focus to certain offences that may represent less financial profit but greater, long-lasting, or life-threatening effects does not mean deviating from also pursuing those major predicates which represent massive financial loss. It serves to ensure that authorities responsible for AML do not ignore or sideline certain crimes that generate fewer proceeds and lose opportunities to pursue crime with high societal impact. 

Countries will however need to develop a yardstick to be applied consistently to ensure that the NRA informs a proportionate, risk-based approach. To ensure an efficient allocation of resources across the AML regime, as envisaged in Recommendation 1, the NRA needs to distinguish between higher and lower risk. The likelihood and extent of the activity and the consequences can help inform conclusions about their relative severity and importance.

The Report on the State of Effectiveness and Compliance with the FATF Standards [104] found that in the study of 59 MERs from across the Global Network, ML investigations and prosecutions were most likely to concern cases of self-laundering, or non-complex ML schemes (as opposed to complex ML schemes which are known to cause the greatest harm to society). The report also showed that IO.7 is one of the lowest rated Immediate Outcomes, with 99% of FSRB members rated low or moderately effective, implying that only 1% were effectively prosecuting and convicting ML cases. Among FATF members, two thirds were rated low or moderately effective. Eighty-two percent of countries across the global network were not prosecuting ML activity in line with their risks, according to their MER, and less than a third of the countries reviewed that were effective (Substantial or High effectiveness ratings) in IO.1 were pursuing investigations and prosecutions in line with their risks [105].

Further analysis undertaken by the FATF Secretariat of 40 NRAs (from countries that made the full version of the latest NRA available, i.e., not just the executive summary or risk ratings) from across the Global Network studied the extent to which countries demonstrate knowledge about different types of ML in their NRA. 

Source: Internal research by the FATF Secretariat

It was found that 40% of countries (16 out of 40) demonstrated a detailed knowledge, that is to say that those NRAs highlighted multiple cases of ML, both simple and complex (e.g., with cross-border elements) that the jurisdiction identified and prosecuted. The explanations given were concise and showed that these countries had a good understanding of complex ML schemes and how they may be structured.

Thirty-five percent (14 out of 40) provided some ML cases, but these were generally simple ML schemes with few actors involved, or limited in quantity and lacking precision, with very limited discussion of complex cases. Twenty-five percent (10 out of 40) were found to have no case studies or explanations of complex cases (i.e., no concrete examples of third-party ML or cross-border ML), and limited examples of simple cases. A reason for this may be that the country had not identified any complex cases in their jurisdiction at the time of the NRA. 

Source: Internal research by the FATF Secretariat

Note: The sample used was 187 MERs from across the Global Network [106].

The different types of ML are often referenced in key findings of MERs, often under IO.7 which deals with the investigation and prosecution of ML. The graph above shows the number of times the type of ML is referenced in a positive light (e.g., the country is investigating and prosecuting a type of ML in line with its risks) or in a negative light (e.g., that the country is focusing all its efforts on one type of ML and neglecting the others).

The limited exploration of different types of ML in NRAs including how it intersects with different threats and vulnerabilities in countries may in part explain the findings of the Report on the State of Effectiveness and Compliance with the FATF Standards. If a country does not assess and understand its risks, it is unlikely to demonstrate effectiveness in prioritising investigations and prosecutions for ML in line with its risk profile.

Giving focus to how ML takes place in practice, regardless of the predicate offence that generated the funds, can bridge the gap between predicate offences and laundering techniques. It is of course important to know which predicate offences are most common in the country, as this can support the prioritisation of law enforcement efforts to reduce crime. Knowing the vulnerabilities can help governments introduce or strengthen measures to address weaknesses. But examining the modus operandi shows how the illicit funds move in practice, and highlights the tools and channels exploited. It is also an effective way of keeping track of developments in ML typologies, for example as criminals adapt to new technologies, or find new ways to circumvent risk mitigating measures. It can also help countries target the mitigating measures introduced, for example if a specific product is being exploited to launder money, measures could address this specifically rather than an entire sector. Matching threats and vulnerabilities with the techniques used to launder money can help countries develop a more comprehensive understanding of the risk landscape and where the highest risks are concentrated.

The following is a list of threat categories that may be useful in building a picture or estimate of ML threats. This list is not exhaustive, and the individual categories should be viewed as examples and may be complemented in accordance with the purpose and scope of the assessment. It should therefore not be treated as a checklist to be completed for every risk assessment, but a pool of factors that countries can examine to increase risk understanding.

Threat factors that can impact ML risk relate to the prevalence and nature of domestic and foreign predicate offences and ML, including cross-border elements, the sectors, technologies and channels that are exploited, the perpetrators involved and inherent features that increase a country’s exposure to crime.

By categorising threats, countries can gain a deeper understanding of the various factors that contribute to the risk landscape of the country. Countries should consider threats at all three stages of ML: placement, layering and integration.

Identifying relevant vulnerabilities is key to developing a country’s understanding of its ML risks. This list contains examples of contextual factors that may be considered at this stage of the ML risk assessment to help identify relevant vulnerabilities. They have been generally arranged according to the analytical framework known as “PESTEL” (an acronym based on the first letters of the major categories: political, economic, social, technological, environmental and legislative). This list is neither exhaustive nor binding, nor would these factors apply in every country’s ML NRA and they should be applied in the context of each country (i.e., those that are “relevant” to the country).

Contextual factors may impact a country’s vulnerabilities. Vulnerabilities can exist on a national or sectoral level. A brief explanation of how these factors can impact ML vulnerabilities has also been included.

[1] Library of ML/TF/PF Risk Assessments (link accessible to FATF delegations).

[92] Crowe and University of Portsmouth (2021), The Financial Cost of Fraud 2021, https://f.datasrvr.com/fr1/521/90994/0031_Financial_Cost_of_Fraud_2021_v5.pdf (accessed 30 January 2025).

[93] UN (2018), The costs of corruption: values, economic development under assault, trillions lost, says Guterres, https://news.un.org/en/story/2018/12/1027971 (accessed 30 January 2025).

[94] UNODC (2011), Estimating illicit financial flows resulting from drug trafficking and other transnational organized crimes, www.unodc.org/documents/data-and-analysis/Studies/Illicit-financial-flows_31Aug11.pdf (consulted 30 January 2025).

[95] Global Financial Integrity (2017), Transnational Crime and the Developing World, https://gfintegrity.org/wp-content/uploads/2017/03/Transnational_Crime-final.pdf (accessed 30 January 2025).

[96] EU Tax Observatory (2021), The State of Tax Justice 2021, www.taxobservatory.eu/repository/the-state-of-tax-justice-2021/ (accessed 30 January 2025).

[97] RHIPTO, INTERPOL and GI (2018), World Atlas of Illicit Flows, https://globalinitiative.net/wp-content/uploads/2018/09/Atlas-Illicit-Flows-FINAL-WEB-VERSION-copia-compressed.pdf. This figure includes proceeds for: forestry crime, illegal mining, waste trafficking, the illegal wildlife trade, illegal extraction and theft of oil, and crimes associated with illegal fishing.  (accessed 15 May 2025).

[98] World Bank (2012), “Dirty Money” in Illegal Logging Can be Tracked and Confiscated, says World Bank Reports, www.worldbank.org/en/news/press-release/2012/03/20/dirty-money-illegal-logging-can-tracked-confiscated-world-bank-reports (consulted 14 March 2025).

[99] FATF (2021), Money Laundering from Environmental Crime,

[100]  FATF (2021), Money Laundering from Environmental Crime,.

[101] International Labour Organisation (2024), Annual profits from forced labour amount to US$ 236 billion, ILO report finds, www.ilo.org/resource/news/annual-profits-forced-labour-amount-us-236-billion-ilo-report-finds (consulted 14 March 2025).

[102] FATF (2024), ML NRA Guidance

[103] Ibid. page 34.

[104] FATF (2022), Report on the State of Effectiveness and Compliance with the FATF Standards, Chapter 6.

[105]  Information taken from a FATF Secretariat study of 59 MERs.

[106] While efforts were made to ensure comprehensive coverage, variations in terminology across MERs mean that some relevant references may not have been captured by the search terms used, or instances may have been double counted in some cases. As a result, there may be some omissions or duplications in the dataset and therefore it is presented for illustrative purposes.

[107] See the definition of “designated categories of offences” in the Glossary of the FATF Methodology

[108] It is difficult to calculate the proceeds generated from crime and then laundered, especially in cases where perpetrators have not been caught and assets have not been recovered. There is no established best practice to do so. Countries could consider the following: amount of illicit funds mentioned in court reports, information from STRs, general crime statistics to extrapolate data (i.e., have certain predicate offences increased or decreased over the years?). The OECD has provided guidance on identifying and quantifying proceeds of bribery: Identification and Quantification of the Proceeds of Bribery.

[109]  IMF, Central Bank Transparency code, www.imf.org/external/datamapper/CBT/browse/ (accessed 15 May 2025).

[110] IMF (2023),  Measurement and Use of Cash by Half the World’s Population, www.elibrary.imf.org/view/journals/001/2023/062/article-A001-en.xml

[111] There are World Bank and UN tools to help measure this: World Bank, The Social Inclusion Assessment Tool, https://pubdocs.worldbank.org/en/478071540591164260/siat-logo-web.pdf, and UN (2010), Analysing and Measuring Social Inclusion in a Global Context, www.un.org/esa/socdev/publications/measuring-social-inclusion.pdf (consulted 21 March 2025)

[112]  For example see reports by OCCRP (2021), Report: Minorities and Women are More Likely Victims of Cyber Crime, www.occrp.org/en/news/report-minorities-and-women-are-more-likely-victims-of-cyber-crime and FATF (2023), Illicit Financial Flows from Cyber-Enabled Fraud, Illicit-financial-flows-cyber-enabled-fraud.pdf.coredownload.inline.pdf