According to the latest guidance note issued by the South African banking sector regulator, Prudential Authority, risk assessment does not mean financial institutions should avoid or eliminate risks via the wholesale termination of client relationships with entities such as crypto asset service providers. Instead, the regulator wants financial institutions to only consider “de-risking” when the “risk posed is too great to manage successfully.”
It is thus prudent for banks to be able to risk categorise CA/CASP-related clients through conducting a risk assessment which will assist banks in determining the appropriate level of [money laundering, terrorist financing, proliferation financing] risk management measures necessary, as opposed to total avoidance, in line with the application of a risk-based approach.
The CEO argued that the decision to de-risk or terminate service should only be made after the “risk posed by a particular business or customer is too great to manage successfully.”
