AML/CTF Business-Wide Risk Assessment Course – Step-by-Step Explanation

Status note. This course covers the established BWRA methodology that Article 10 of Regulation (EU) 2024/1624 (AMLR) formalises into a dedicated obligation. The material will be updated to reflect the final AMLA Guidelines on Business-Wide Risk Assessment under Article 10 (4) AMLR once they are issued. AMLA is currently consulting on the draft Guidelines, with the public hearing on 28 May 2026 and the consultation deadline on 15 July 2026. The final Guidelines are expected in Q4 2026.

This course provides a structured, step-by-step explanation of how to prepare and maintain an AML/CTF Business-Wide Risk Assessment (BWRA),one of the most critical AML obligations for obliged entities across the EU. It covers the methodology that supervisors expect to see in practice, with reference to the EBA Risk Factor Guidelines (EBA/GL/2021/02),the AMLR Article 10 framework, and the AMLA draft Guidelines under Article 10 (4) AMLR.

You will learn how to integrate findings from key regulatory sources into your BWRA, including the EU Supranational Risk Assessment, the relevant National Risk Assessment, and sectoral and supervisory publications, giving your assessment the regulatory depth that supervisors expect to see during an inspection.

Through practical, real-world guidance, the course walks you through how to identify and document inherent risks, design and apply effective mitigating controls, and structure the residual risk assessment so the document holds up under supervisory scrutiny.

By the end of this training, you will have a clear, actionable framework for building or updating your firm's Business-Wide Risk Assessment, and the confidence to defend it in front of regulators.

How this course relates to AMLR Article 10 and the new AMLA Guidelines

Article 10 of the AMLR makes the BWRA a dedicated obligation for the first time at Level 1 of EU AML legislation. The AMLA draft Guidelines under Article 10 (4) AMLR set out four minimum requirements covering business overview, inherent risk, controls quality and residual risk. Paragraph 23 of the draft Guidelines instructs obliged entities to refer at minimum to the data points listed in Annex I of the AMLA Final Report on the RTS under Article 40 (2) AMLD when identifying their inherent risks. The same data points supervisors will use to score firms are now the data points obliged entities are expected to start from.

The methodology taught in this course aligns with that three-step structure. The course will be updated once AMLA issues the final Guidelines in Q4 2026 to reflect the final wording.

Free companion resources

Two free resources accompany this seminar. Both are available to registered CPDs.Academy users at no cost.

Read first. The blog article Business-Wide Risk Assessment Under AMLR walks through how Article 10 of the AMLR, the AMLA draft Guidelines under Article 10 (4) AMLR, and the AMLA Final Report on the RTS under Article 40 (2) AMLD fit together. Useful as orientation before the seminar.
Read the article →

Use alongside the seminar. The AMLR Article 10 BWRA Workbook is a free Excel file that operationalises the three-step methodology for ten sectors of obliged entities in one file. Inherent risk in Section A. Controls quality in Section B. Residual risk with an MLCO override in Section C. A separate Targeted Financial Sanctions Risk Assessment is included.
Download the workbook →

The seminar provides the framework, methodology and supervisory expectations. The article orients you. The workbook helps you apply what you have learned inside your own firm.

CPD recognition and trainer

This online AML/CTF training counts towards your CySEC CPD requirements for Basic, Advanced, and AML certificate holders, and is delivered by a CFA charterholder with hands-on compliance and regulatory consulting experience.

This course is ideal for

• AML Compliance Officers, MLCOs and MLROs at obliged entities including investment firms, credit institutions, AIFMs, UCITS management companies, EMIs, payment institutions, CASPs, life insurers, bureaux de change and asset managers
• Risk and compliance professionals responsible for AML documentation and BWRA preparation
• Legal and internal audit professionals reviewing AML frameworks
• Professionals completing their CySEC AML, Basic, or Advanced CPD obligations
• EU financial sector professionals preparing for the AMLR application date