Are you Ready to Respond to CIMA’s AML/CFT Survey?

On August 18, 2022, CIMA announced it is preparing to survey its population of regulated entities on their AML/CFT Risks and Controls. CIMA’s notice can be viewed here: PRESS RELEASE (

This is not the first time that CIMA conducts such a survey. However, previously, the AML/CFT surveys were distributed to firms individually and not always annually. Moreover, some regulated might never have been asked to complete the AML/CFT questionnaires. This brief article seeks to provide some clarity about what the survey is about and what it can contain, to allow regulated entities to be ready to respond to the survey in the brief turnaround period that is provided.

Who Must Complete the Survey?

Every regulated entity (except for certain insurance licensees) will be required to complete the survey.


The survey will be distributed by email, on a rolling basis to entities depending on their industry sector, starting on September 12 with VASPs and the Securities Sector (including RPs).

The Fiduciary sector will receive its survey on September 19, while Banks, Mutual Fund Administrators and Insurers that conduct relevant financial business will receive their surveys on September 26.

Firms only have 1 month to complete and return the survey.

What is this Survey?

CIMA must carry out a risk assessment of the money laundering, terrorist financing and proliferation financing risks of persons under its supervision that carry out relevant financial business (I.e., persons and companies that are subject to the Anti-Money Laundering Regulations).

The survey will ask questions about regulated entities inherent risk relating to AML/CFT/CPF (meaning the risk before the application of any controls and mitigants) in 5 broad areas:

  • nature, size and complexity of the entity
  • its customers
  • its geographical exposures
  • The products and services it offers and transactions effected
  • The delivery channels it uses

The survey will also ask about the controls the regulated entity has implemented to mitigate its inherent risks.

What are the Questions?

The survey is not yet available but based on previous surveys, some potential questions are described below.

Inherent Risks

  • How many customers or investors do you have? Break it down by customer type (e.g. natural person, government, PEPs, corporates, HNW, trusts)
  • In which countries do you do business? Which countries do your clients or investors come from?
  • What are your lines of business and what is the relative importance of each?
  • Transaction volumes (by country).
  • How much business do you conduct face to face or via eligible introducers?


  • When was the last time the Board of Directors discussed AML/CFT at its meeting?
  • Do you have an updated risk assessment?
  • When was your last AML/CFT audit?
  • Describe your AML/CFT training for staff, management, Board.

From experience, many firms struggle with collating this information within the short turnaround time.

However, providing high quality responses is important, as it affects how closely each firm will be supervised and what risk rating will be assigned to the sector as a whole.

How will CIMA use the results?

While CIMA’s notice is vague on how the results will be used, based on previous similar surveys, the results will be used for 2 purposes.

  1. Individual Risk Assessment CIMA will use the results of each regulated firm individually to assess the ML/TF/PF risk of that particular firm. This will affect how closely each firm is supervised by CIMA and how often it is inspected (i.e. firms that CIMA assesses as higher risk are inspected more often than firms posing a lower risk)
  2. Sector Risk Assessment CIMA will use the collective result for each sector (e.g. banking, insurance, MFAs) to assess the risks of ML/TF/PF of that entire sector. The results influence the intensity of CIMA supervision for each particular sector.

Is your firm ready?

Do you have all the quantitative information regarding your inherent risk in a manner that can easily be extracted and reported upon?

Have you updated your risk assessment in 2022?

Has your staff undertaken all required AML/CFT/CPF training?

If not, it is not too late. Claritas can help.

We can update your risk assessment, conduct your training, carry out your independent AML audit and generally assist you with completing the AML/CFT survey.

Reach out to Justine or Elisabeth to find out more.