An electronic risk assessment tool for mitigating money laundering and terrorism financing in virtual assets

Abstract

Money laundering and terrorism financing remain significant challenges in Uganda, despite the presence of the National Strategy for combating them (2020/21 – 2024/25). These issues persist due to limited capabilities in detecting and mitigating the prevalent risks associated with money laundering and terrorism financing in Virtual Assets (VAs) activities and the operations of Virtual Assets Service Providers (VASPs). The primary aim of the study was to develop a Money Laundering and Terrorism Financing (ML/TF) risk assessment tool tailored for virtual assets activities and the operations of virtual assets service providers within Uganda's Financial Sector. The specific objectives were to investigate factors associated with money laundering and terrorism financing in order to determine the requirements for developing a Money Laundering and Terrorism Financing (ML/TF) risk assessment tool, design, implement, test and validate the electronic risk assessment tool. The study adhered to the Software Development Life Cycle (SDLC), ensuring a structured approach throughout the project. Initially, requirements elicitation was conducted through the utilization of questionnaires and interviews, aimed at gathering pertinent data from Heads of Directorates at the Financial Intelligence Authority (FIA) and virtual assets service providers within Kampala Central Business District (KCBD). The collected data played a crucial role in informing the requirements analysis and design phases, ensuring alignment with industry needs and regulatory standards. Requirements analysis and system modeling were conducted using Unified Modeling Language (UML). Therefore, UML models such as use case diagrams, activity diagrams and class diagrams were employed to represent the tool's functions, activity flow and structure. The electronic risk assessment tool was developed using Streamlit, a Python-based framework for building dynamic applications. For data visualization and analysis, the researcher utilized tools such as Matplotlib, Pandas, and NumPy, which are compatible with Streamlit. The database used was PostgreSQL, a Relational Database Management System (RDBMS) designed to emphasize scalability and compliance with technical standards, capable of handling various workloads and complex data processing tasks. Google Colab served as the environment for testing and training the dataset for a machine learning model whose purpose was to generate the recommended mitigating measures for the identified money laundering and terrorism financing risks. Additionally, load testing for the tool was conducted using Locust, an open-source load testing tool. The developed risk assessment tool has defined elements against which data on the virtual assets and virtual assets service provider’s threats and vulnerabilities is captured in order to compute the money laundering and terrorism financing risk. The computed risk guides the generating of recommended mitigating measures. The recommended mitigating measures form the action plan that is used to combat money laundering and terrorism financing risks in virtual assets activities and the operations of virtual assets service providers.