In carrying out the undertaking’s customer due diligence procedures, there must be made an assessment of the risk in each customer relationship. Undertakings must identify therefore disclose relevant risk factors in the customer relationship in order to perform sufficient customer due diligence procedures.
The risk assessment contains two elements - identification of risk factors and assessment of risk factors. In order to make the assessment, undertakings or persons must identify the risk factors relevant to the customer relationship. In appendix 2 and 3 to the Act on Money Laundering are listed a number of risk factors that may cause to limited and increased risk, respectively. This is not an exhaustive list.
The listed factors and documentation in Appendix 2 and 3 indicate situations, which potentially pose a limited or involve an increased risk. The factors must be included as an element in the risk assessment, and a customer relationship may be considered as limited risk or high risk if one of the relevant factors applies. Other factors may cause the customer relationship to be neither limited nor increased risk. It is the overall assessment of all risk factors that determine the risk in each customer relationship.
Below are listed geographical risk factors that potentially imply either a limited or an increased risk of that the undertakings may be abused for money laundering or terrorist financing in the customer relationship:
Geographical risk factors, characterise situations which potentially pose a limited risk (Appendix 2):
Geographical risk factors, characterise situations which potentially involve an increased risk (Appendix 3):
a) EU or EEA countries.
b) Third countries with effective mechanisms to combat money laundering and financing of terrorism.
c) Third countries, which credible sources have identified as countries with a limited extent of corruption or other criminal activity.
d) Third countries which, on the basis of credible sources such as mutual evaluations, reports on detailed assessment or publicly available follow-up reports, have requirements to combat money laundering and financing of terrorism which are consistent with the FATF recommendations of 2012 and which implement these requirements in an efficient manner.
a) Countries, which credible sources, i.e. mutual evaluations, reports on detailed assessment or publicly available follow-up reports, have identified as countries, which do not have effective mechanisms to combating money laundering and financing of terrorism, cf. section 17, subsection (2).
b) Countries, which credible sources have identified as countries with a significant level of corruption or other criminal activity.
c) Countries subject to sanctions, embargoes or similar measures taken by, for example, the EU or UN.
d) Countries that finance or support terrorist activities, or which house known terrorist organisations.
The following lists examples of sources that may be used in the making of the assessment:
FATF and the FATF-Style Regional Bodies (FSRBs)
- Mutual Evaluation Reports/Country Evaluation/Reports
- Publications on High-risk and non-cooperative jurisdictions; Methods and Trends and Corruption etc.
- OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions
- Country Reports on enforcement of the Anti-Bribery Convention
- Global Forum on Transparency and Exchange of Information for Tax Purposes
United Nations Office on Drugs and Crime (UNODC)
- The UN Convention against Corruption (UNCAC)
- Reports, news and publications made by UNODC or in relation on UNCAC
The Global Economy.com
National media including possible criminal judiciary against countries.
The EU comprises 28 countries.
See the list here
Norway, Iceland and Liechtenstein.
Countries that are neither EU nor EEA countries. Undertakings should be aware that there might be an increased risk at a specific third country, even if it is not listed in the list of countries at high risk in a specific customer relationship - see the table above with risk factors and the examples of sources that may be used in making the assessment.
EU’s Delegated Regulation on High Risk Third Countries
EU’s list of high-risk third countries
The EU's delegated regulation on high-risk third countries is a list of countries considered to have strategic deficiencies in relation to the prevention of money laundering and countering terrorist financing. The latest update of the Commission delegated Regulation (EU) 2018/212 of 13 December 2017 amending Regulation (EU) 2016/1675, as Sri Lanka, Trinidad and Tobago and Tunesia has been inserted in the table in Annex I.
FATF's black list:
See FATF's recent Public Statement – 24 February 2023
The black list includes countries in which there is an increased risk of money laundering or terrorist financing according to FATF and where the country in question is not in dialogue with the FATF on an action plan. FATF requests its members and other jurisdictions to take measures to protect the international financial system against the ongoing and comprehensive risk of money laundering and financing of terrorism (ML / TF) arising from the jurisdictions on the black list.
FATF's grey list:
See FATF's recent Compliance document – 24 February 2023
The list includes countries according to FATF in which there is an increased risk of money laundering or terrorist financing, but where each country is preparing an action plan with FATF. FATF states that the circumstances regarding each country should be assessed independently of each other. FATF calls on its members to consider the information on the gray list.