FATF ¦ IO1 Risk, Pol­i­cy and Co­or­di­na­tion

Immediate Outcome 1: Identifying, Assessing and Coordinating Domestic Action to Combat Money Laundering and Terrorist Financing

Immediate Outcome 1 evaluates whether a country properly identifies, assesses and understands its money laundering (ML) and terrorist financing (TF) risks, and whether those assessments are actually used to shape policy, regulatory measures and operational actions. It is foundational: accurate risk knowledge is the basis for proportionate prevention, supervision, investigation and prosecution. Without credible and current risk assessments, responses will be misdirected, resources wasted and vulnerabilities left unaddressed.

How effective risk identification and assessment should work

An effective system draws on a broad range of reliable information sources and engages the right actors. Competent authorities, regulators, financial institutions and designated non-financial businesses and professions (DNFBPs) should contribute relevant data and expertise. Risk assessments should be methodologically sound, using appropriate tools and intelligence such as strategic financial intelligence, typologies, reporting trends and analytical products. They must be regularly reviewed and updated to reflect new threats, emerging trends and significant events.

Risk assessments serve multiple practical purposes. They must inform national AML/CFT strategies, set priorities for supervision and enforcement, justify enhanced measures where higher risks are identified, and permit simplified measures where risks are demonstrably lower. This requires assessments to be detailed enough to support decision-making at both policy and operational levels, including tailored guidance for sectors and clear articulation of risk scenarios.

Translating risk knowledge into policy and measures

The link between assessment and action is central. National AML/CFT policies, strategies and legal instruments should explicitly reference the results of ML/TF risk assessments and show how those results were used to determine priorities, allocate resources and design measures. Policies should enable proportionate application of requirements — strengthening controls for high-risk products, customers or channels, and allowing simplified approaches where appropriate. They should also be responsive: as assessments identify new vulnerabilities, policies must be adjusted in a timely manner.

Institutions and self-regulatory bodies (SRBs) should align their objectives and operational activities with the evolving risk picture and national policy. Supervisors should apply their resources and oversight according to risk-based priorities, and reporting entities should receive clear, risk-based guidance to improve detection and reporting of suspicious activity.

Domestic cooperation and coordination

Effective domestic cooperation and coordination are essential for both assessment and implementation. A country needs formal or informal frameworks that bring together policy-makers, law enforcement, supervisors, the financial intelligence unit (FIU) and relevant ministries. These mechanisms must include processes for collecting inputs from the private sector and DNFBPs and for circulating assessment outputs to stakeholders in a usable form.

Bastian Schwind-Wagner _Follow

"Immediate Outcome 1 is foundational to an effective AML/CFT framework because it ensures that policy and operational decisions are informed by a clear understanding of money laundering and terrorist financing risks. When risks are accurately identified and regularly updated, authorities can prioritise limited resources and apply proportionate measures where they are most needed.

Meaningful domestic cooperation and timely information sharing are essential to turn assessment findings into practical action. Clear channels between the public and private sectors, supported by adequate expertise and resources, improve the chances that assessments will lead to measurable reductions in ML/TF vulnerabilities."

Operational cooperation is equally important. Competent authorities must share information and coordinate action where needed for investigations, asset tracing and other AML/CFT operations. Practical tools — secure data channels, common formats for information exchange, joint teams or shared platforms — help ensure information flows in a timely manner. Roles and responsibilities should be clear to avoid duplication and ensure effective case progression.

Quality, timeliness and credibility of assessments

Assessors should judge whether risk assessments are reasonable and consistent with the country’s context: its threat environment, structural features, institutional capacity, rule of law and corruption level. Assessments should integrate inputs from multiple competent authorities and reflect credible external sources where relevant. The methods and data used must be transparent enough to justify the conclusions and to support policy choices such as exemptions, enhanced or simplified measures.

Regular review mechanisms are required so assessments remain current. This includes responsiveness to new information — shifts in financial flows, emergence of new typologies, geopolitical events or legislative changes — that could alter the ML/TF landscape. Adequate resources and technical expertise must be devoted both to producing assessments and to maintaining sustained domestic cooperation and coordination.

Measuring success and common pitfalls

Success under Immediate Outcome 1 is shown by demonstrable use of risk assessments to set strategies, adjust regulation, guide supervision and support operational activity that leads to substantial mitigation of ML/TF risks over time. Indicators include published national risk assessments, evidence of sectoral guidance and typologies derived from assessments, supervisory prioritisation linked to risk findings, timely interagency information exchange and joint operational outcomes informed by shared risk understanding.

Common weaknesses include narrow or outdated assessments, limited stakeholder involvement, poor data quality, weak mechanisms for sharing assessment results with the private sector, absence of clear linkage between assessment findings and policy measures, and insufficient operational coordination. Resource shortages and lack of expertise can undermine both assessment quality and the capacity to coordinate responses.

Practical implications for regulators and practitioners

Authorities should ensure inclusive, methodical risk assessment processes that collect diverse data sources and engage all relevant stakeholders early. Outputs must be clear, actionable and communicated through appropriate channels. Policymakers and supervisors should document how assessment findings shaped decisions on risk-based measures. Operational agencies need secure, efficient channels for information sharing and established procedures for joint work that reflect assessment-derived priorities. Finally, periodic reviews and updates should be institutionalised so the national risk picture — and responses — remain relevant.

Conclusion

Immediate Outcome 1 is the foundation of an effective AML/CFT system: it requires credible, current risk assessments, meaningful domestic cooperation and the demonstrable use of assessment results to design proportionate policies and operational actions. When these elements function together, countries can better prioritise resources, impose appropriate measures, and achieve measurable reduction in ML/TF vulnerabilities.

Dive deeper

• FATF ¦ The 2022 and 2013 Methodologies for Assessing Technical Compliance with the FATF Recommendations and the Effectiveness of AML/CFT/CPF Systems ¦ Link
• FATF ¦ Luxembourg’s measures to combat money laundering and terrorist financing ¦ Link