One risk becomes many: The case for a holistic, behaviour-led BWRA
A practical guide for MLROs who want to join the dots
There’s a moment in The Wire when Lester Freamon nails the reality of financial crime:
“You follow the drugs, you get drug addicts and drug dealers. But you start to follow the money… you don’t know where it’s gonna take you.”
This insight is more than a clever line, it’s a blueprint for how we should approach financial crime risk in financial services. Financial crime doesn’t respect neat regulatory boxes. One act triggers another: fraud becomes money laundering, which leads to sanctions risk, then proliferates into PF exposure. Bribery morphs into tax evasion, which cycles back into ML and trade-based activity. Cybercrime becomes fraud, then ML, then market manipulation.
Yet, most BWRAs still treat domains in isolation, as if fraud, ML, sanctions, PF, bribery, and tax evasion are separate worlds. They’re not. They’re chapters in the same story, criminals exploit your business, not your regulatory structure. To build an effective BWRA, you must start with how criminals behave, not how regulations are organised.
Start with behaviour, not labels
Instead of asking, “Is this AML or fraud?” ask, “What’s actually happening?”
Altered documents? That’s deception.
Payments from unrelated individuals? Mule structuring.
Broker controls all customer interaction? Intermediary shielding.
Sudden supplier price changes? Mispricing.
Staff override system prompts? Collusion.
Unusual withdrawal and deposit patterns? Conversion and layering.
These aren’t isolated risks, they’re behavioural triggers that expose your business to multiple threats at once. When you focus on behaviour, the connections between risk domains become clear. This is why behaviour-based risk events (not static risk factors) are the foundation of a truly effective, holistic BWRA.
The Wire principle: One behaviour, many domains
Criminal behaviour rarely stays in one lane. One action sets off a chain reaction across multiple risk domains:
Fraud → ML → Sanctions → PF: A single fraudulent payment can trigger money laundering, sanctions screening, and proliferation finance exposure.
Bribery → Tax Evasion → ML → Sanctions/PF: Corrupt payments disguised as consultancy fees quickly cross boundaries, hiding taxable income and re-entering the system through layered accounts.
Falsified Documents → TBML → PF → Sanctions Circumvention: Misdeclared invoices and mispriced goods drive international flows, often masking dual-use goods and sanctions breaches.
These aren’t hypotheticals, they’re the real, recurring patterns MLROs encounter daily. One behaviour can open the door to multiple exposures at once.
Anchor your BWRA to real attack surfaces
Every financial institution could distil risks into only three true attack surfaces,these are where criminals strike, and where your BWRA should focus:
Relationship establishment: Onboarding, ownership, intermediaries. Abuse here enables hidden ownership, offshore tax evasion, intermediary bribery, sanctions breaches, and PF via front companies.
Activity & transactions: Layering, structuring, cash-in/cash-out. This is where fraud, mule behaviour, sanctions evasion, and PF through trade corridors happen.
Facilitators: Staff, introducers, agents, outsourced operations. Weaknesses here drive bribery, corruption, ML, sanctions circumvention, and internal fraud.
A BWRA built around these real-world attack surfaces is grounded in operational reality, not theoretical risk lists.
Spotlight recurring criminal patterns
Criminals don’t reinvent the wheel, they repeat what works. Your BWRA should expose these predictable sequences:
Account Take Over → Fraud → ML: Credential theft leads to account takeover, unauthorised payments, and rapid money movement through mules.
Tax Evasion → ML → TBML: Hidden wealth flows through offshore companies, reappears as trade settlements, and is backed by mispriced goods.
Mule Chains → Sanctions Risk: The same mule accounts used for small frauds often process payments tied to high-risk jurisdictions.
Bribery → ML → Sanctions Circumvention: Third-party agents mask corrupt payments and facilitate illicit flows across embargoed regions.
These patterns matter far more than regulatory labels. Focus your BWRA on the behaviours criminals repeat, not on abstract typologies.
Multi-Domain Controls: Maximum Impact, Minimum Complexity
A few smart controls can protect against multiple risks at once:
Beneficial ownership verification: Shields you from ML, sanctions, PF, bribery, tax evasion, and insider threats.
Behavioural transaction monitoring: Detects ML, fraud, mule activity, sanctions evasion, and PF.
Document integrity checks: Guard against TBML, PF, ML, bribery, and fraud.
Staff screening and incentives: Prevents bribery, fraud, ML, and sanctions circumvention.
When one change strengthens five domains, it’s easier to justify investment and drive real efficiency.
Immediate impact: Faster, clearer, more aligned
Adopting a holistic, behaviour-led BWRA delivers instant results:
Investigations accelerate: Teams focus on behaviours, not debating labels.
Stronger alignment: First and second lines share a clear reference for why controls matter and where risk truly lies.
Regulatory confidence: Supervisors see joined-up risk management,connecting exposures across domains, just as regulators expect.
A behaviour-led BWRA doesn’t just improve accuracy, it transforms how your teams respond to financial crime.
Conclusion: Connect the dots, make your BWRA holistic
Lester Freamon was right: when you follow the money, you don’t know where it will take you, because everything is connected. Financial crime is never just one exposure; one behaviour can trigger risks across multiple domains. If your BWRA still treats risks in isolation, you’re missing the bigger picture and leaving your business vulnerable.
So what?
It’s time to move from siloed assessments to a truly holistic, behaviour-led risk management approach. Build your BWRA around how criminals actually operate, not how regulations are organised. This isn’t just more accurate, it’s essential for protecting your business, strengthening controls, and demonstrating real effectiveness to regulators.
Don’t let criminals exploit the gaps. Connect the dots. Make your BWRA work as hard as they do.