• the general process by which a supervisor, according to its identification, understanding and assessment of risks, allocates its resources to AML/CFT supervision; and
• the specific process of supervising institutions (ie insurers and intermediaries, as applicable) that apply an AML/CFT RBA.

The supervisor should have a thorough and comprehensive understanding of the ML/TF risks to which insurers and intermediaries are exposed arising from the activities undertaken and products and services offered by insurers and intermediaries.

In the context of ML/TF, “risk” encompasses threats, vulnerabilities, and consequences in relation to products (including services and transactions), geography, customers and delivery channels.

Some of the examples of attributes included below can be expected over the course of a long-term insurance contract and are not necessarily inherently suspicious, but rather should be viewed as factors to consider with respect to AML/CFT RBA.

• acceptance of very high value or unlimited value payments or large volumes of lower value payments;
• acceptance of non-traceable payments such as cash, money orders, cashier cheques, or virtual assets;
• acceptance of frequent payments outside a normal premium or payment schedule;
• allowance of withdrawals at any time or early surrender, with limited charges or fees;
• products that allow for high cash values;
• products that accept high amount lump sum payments, coupled with liquidity features;
• products with provisions that allow a policy to be cancelled within a stipulated timeframe and the premiums paid to be refunded; and
• products that allow for assignment without the insurer being aware that the beneficiary of the contract has been changed until such time as a claim is made.

• products with features or services which make it possible for customers to use the product in a way that is inconsistent with its purpose (for example, an insurance policy intended to provide long term investment opportunity but which allows frequent or low fee deposit / withdrawal transactions);
• customer is not the payer or recipient of the funds;
• products with features that allow loans to be taken against the policy (particularly if frequent loans can be taken and/or repaid with cash);
• acceptance to be used as collateral for a loan and/or written in a discretionary or other increased risk trust;
• payment source or recipient of funds are outside of the jurisdiction (eg insurer in jurisdiction A and payment source in jurisdiction B); and
• significant, unexpected, or unexplained change in customer’s pattern of payment, withdrawal, or surrender.​

• jurisdictions identified by credible sources as having weak governance, law enforcement and regulatory regimes, including jurisdictions identified by FATF statements as having weak AML/CFT regimes;
• jurisdictions identified by credible sources as having significant levels of organised crime, corruption, or other criminal activity, including source or transit countries for illegal drugs, human trafficking, smuggling and illegal gambling; and
• jurisdictions subject to sanctions, embargoes, or similar measures issued by international organisations (such as the United Nations).

• structure of a legal entity that is a customer, policyholder, or beneficiary obscures or makes it difficult to identify the ultimate beneficial owner or controlling interests;
• customer is reluctant to provide identification; exhibits difficulty producing identification; or provides identification documents of questionable authenticity;
• involvement of a gatekeeper or a third party apparently unrelated to the customer;
• higher risk business or occupation (such as those that are cash-intensive);
• mismatch between wealth and income of the customer and proposed premium amounts, deposit amounts or policy limits;
• customer is associated with negative news which may affiliate the customer with allegations of criminal behaviour; or has ties to or is on a designated sanctions list; and
• customer is considered a politically exposed person.

• non face-to-face sales without adequate safeguards for confirmation of identification or to mitigate the risks of identity fraud; and
• payments via intermediary that may obscure the source of payment (eg long chain of intermediaries).

The supervisor should assess the main ML/TF risks to the insurance sector in its jurisdiction. Such risk assessments may provide for recommendations on the allocation of responsibilities and resources at the jurisdictional level based on a comprehensive and up-to-date understanding of the risks. These assessments will change over time, depending on how circumstances develop, and how risks evolve. For this reason risk assessments should be undertaken on a regular basis and kept up to date.

• operational cooperation and, where appropriate, coordination ; and
• policy cooperation and, where appropriate, coordination.

Where the supervisor identifies suspected ML/TF in insurers or intermediaries, it should ensure that relevant information is provided in a timely manner to the FIU, any appropriate law enforcement agency and other relevant authorities.

The supervisor should take all necessary steps to cooperate, coordinate and exchange information with the other relevant authorities. The supervisor should communicate with the FIU and appropriate law enforcement agency to ascertain any concerns it has and any concerns expressed on AML/CFT compliance by insurers and intermediaries, to obtain feedback on trends in reported cases, and to obtain information regarding potential ML/TF risks to the insurance sector.

To promote an efficient exchange of information, the supervisor should consider identifying within its office a point of contact for AML/CFT issues and to liaise with other relevant authorities.

The exchange of information for AML/CFT purposes is subject to confidentiality considerations (see ICP 3 Information Sharing and Confidentiality Requirements).