RISK ASSESSMENT QUESTIONNAIRE
The Risk Assessment Questionnaire (RAQ) is issued by the FIU for AML/CFT supervisory purposes and supports risk-based supervision, including sectoral and entity-level risk assessment, desk-based review, supervisory planning, and follow-up requests for clarification or supporting documentation.
Through completion of the RAQ, reporting entities assist the FIU in maintaining an up-to-date understanding of ML/TF risks and control effectiveness, and in delivering risk-sensitive supervision that is effective, proportionate, and consistent with statutory requirements.
Ensuring that reporting entities comply with their AML/CFT obligations is a core component of the FIU’s supervisory mandate under the Anti-Money Laundering and Countering the Financing of Terrorism Act, 2020. The FIU, acting as a supervisory authority, is required to monitor reporting entities on a risk-sensitive basis and to develop and implement a risk-based approach to supervision, so that supervisory resources are deployed in the most effective and proportionate manner.
A key enabler of effective risk-based supervision is the quality of information available to the FIU regarding each reporting entity it supervises. The AML/CFT Act empowers supervisory authorities to request documentation and information, obtain explanations, and require answers to questions for supervisory purposes.
FAQs
What is the Risk Assessment Questionnaire (RAQ)?
The Risk Assessment Questionnaire (RAQ) is a supervisory questionnaire issued ro reporting entities to collect structured information for AML/CFT supervisory purposes. The FIU may require reporting entities to provide information, produce documents/records, and give explanations/answers under the AML/CFT Act (including section 57).
Why is the FIU collecting this information?
Information provided through the RAQ is used to support risk-based supervision, including sectoral and entity-level risk assessment, desk-based review, supervisory planning and follow-up requests for clarification or supporting documentation.
How will the FIU use information from RAQs?
For AML/CFT supervisory and regulatory functions, including risk assessment, compliance monitoring, desk-based review, and planning/targeting supervisory actions, consistent with the FIU’s functions and duties (section 27 of AML/CFT Act).
Will the information be treated confidentially?
Yes. Information is handled confidentially with access restricted to authorised personnel on a professional need-to-know basis. FIU officers are also bound by confidentiality undertakings.
Can the FIU share RAQ information with other authorities?
Yes, where permitted or required by law, the FIU may disclose/share information with competent authorities (domestic or foreign) for AML/CFT supervisory, investigative, enforcement or related purposes.
Does confidentiality in other laws or contracts prevent RAQ disclosures required for AML/CFT?
A reporting entity may not withhold information requested for AML/CFT supervisory purposes on grounds of secrecy or confidentiality, as such restrictions are overridden under sections 53 and 53A of the AML/CFT Act. Any claim of legal professional privilege must be strictly limited to information that meets the Act’s definition of “legal privilege” and may not be relied upon to withhold underlying factual records or AML/CFT compliance documentation. In particular, legal privilege does not extend to any conduct or material held for the purpose of aiding, abetting, assisting, concealing, or procuring criminal conduct.
Is RAQ submission mandatory?
Yes. Failure to comply with a lawful request for information/documents within the specified timeframe may constitute an offence under the AML/CFT Act (section 57).
What if we provide incorrect information?
Knowingly providing false or misleading statements/information to the FIU or an authorised officer is an offence (sections 51 and 52).
Does the RAQ include a formal declaration?
Yes. The submitter must declare the information is true, accurate, complete, and not misleading (after due enquiry) and that no material information relevant AML/CFT risk/controls/governance has been knowingly omitted.
What language must be used?
The RAQ must be completed in English. Where supporting documents are not in English, a certfied translation must be provided.
What does “previous year” mean?
“Previous year” means the prior calendar year (January 1 to December 31) before the lodging of the RAQ.
Is it one RAQ per entity or per licence?
One RAQ per entity/licence. Where a reporting entity holds more than one relevant licence/registration, a separate RAQ should be submitted for each, where applicable.
Can questions be left unanswered?
No. All questions must be answered. If a question does not apply, select “Not applicable (N/A)” where available and provide a brief explanation if required.
How should explanations and documents be provided?
Provide additional detail in the comment box or as an attachment clearly referencing the question number.
Do we need to keep evidence supporting our answers?
Yes. Maintain supporting records for the reporting period. The FIU/supervisory authority may request documents or clarifications following submission under statutory powers.
What if we later find a material error?
You must notify the FIU and provide a correction within 5 business days from the date of submission.
How should governance and oversight questions be answered?
Governance and oversight answers must reflect what actually occurred during the reporting period in line with the reporting entity’s AML/CFT policies, procedures and SOPs, and must be supported by evidence. Count only oversight activities that are documented and auditable (e.g., minutes, signed reports, management approvals, resolutions, internal audit/independent review reports, compliance monitoring reports, training records, and documented follow-up actions). Where the entity’s SOPs specify a required frequency (e.g., quarterly compliance reporting, annual independent review), the reporting entity should report against that requirement and ensure the supporting records demonstrate both performance and follow-through (issues raised, decisions taken, and remediation tracked).
What information must be completed before proceeding to the RAQ modules?
The form requires core identification fields (legal name, trading name, incorporation/registration number, TIN, date of incorporation/registration, licence number). These fields must be completed first and must match official documentation on record. The name of the compliance officer (or alternate compliance officer) along with their email address and work contact details.
Who is allowed to submit the RAQ?
The RAQ may only be submitted by the reporting entity’s Compliance Officer appointed under section 34(1) of the AML/CFT Act or, where the Compliance Officer is unavailable, the Alternate Compliance Officer appointed under section 34(3) to act in the Compliance Officer’s absence.
How does the electronic signature work?
By ticking the mandatory confirmations and clicking “Submit RAQ”, the Compliance Officer (or Alternate Compliance Officer) provides an electronic signature on behalf of the reporting entity and confirms that, following due enquiry, the information submitted is true, accurate, complete and not misleading, and that any required supporting documents are genuine. The submitter further acknowledges that the FIU may rely on the submission for its statutory supervisory functions and may issue follow-up requests for information or documents under its powers (including section 57). Knowingly providing false or misleading information to the FIU may constitute an offence and may result in enforcement action.
What mandatory confirmations are required?
Two confirmations must be ticked: (i) the Compliance Officer (or Alternate Compliance Officer) has read and understood the declaration and makes it honestly/in good faith; and (ii) the Compliance Officer (or Alternate Compliance Officer) is authorised to submit in the selected capacity.
