Your AML checks and controls have to be based on your firm's AML Risk Evaluation.


A Risk Assessment is the starting point for every bank’s AML control regime.

Understanding the scope of a bank’s operations, its customer base, products/services and the geographical location of its business and customers is essential. After formally assessing and recording the AML Risk Assessment banks can then plan their AML Strategy.


GRC-Maestro helps ensure banks have the processes, checks, controls and management oversight required to address the specific money laundering risks of their business.

Using GRC-Maestro, banks can ensure they have comprehensively addressed the money laundering risks and can evidence full compliance with statutory/regulatory rules, best practices and internal controls:

Policies & Procedures

A bank's AML policies and procedures need periodic review and updating based on changes in regulatory requirements, the business' operations and the emergence of new money laundering methods/threats.

AML Training Assessment/Delivery

Each bank needs to assess the AML training across its team, including an individual assessment of appropriate training for Senior Management. The training needs to be based on the AML Risk assessment of each business line, geography and the overall AML Risk Assessment.


Each distinct product/service provided by the bank needs to be AML Risk Assessed to ensure the bank focuses appropriate resources on the highest risk products/services.

Geography (Business & Customers)

Different jurisdictions create different types of AML Risk. Banks need to assess the locational risk of both their business and their customer base (commonly known as "international customers" or "expats").

High Risk Customers

Some banks focus on customers with elevated AML risk profiles, for example Politically Exposed Persons (PEPs), those running cash businesses, sector specific (gaming, arms, precious metals/stones, etc.) amongst others.
Higher risk customers can be served provided banks have assessed the specific risks and have planned and implemented enhanced checks and controls to address these


Prove Compliance – Evidence your Governance, Risk & Compliance (GRC)

Automate GRC – Run manual checks and processes automatically

Low Cost – Quick and easy to use + low pricing