30A.— (1) A designated person shall carry out an assessment (in this Act referred to as a "business risk assessment") to identify and assess the risks of money laundering and terrorist financing involved in carrying on the designated person’s business activities taking into account at least the following risk factors:

(a) the type of customer that the designated person has;

(b) the products and services that the designated person provides;

(c) the countries or geographical areas in which the designated person operates;

(d) the type of transactions that the designated person carries out;

(e) the delivery channels that the designated person uses;

(f) other prescribed additional risk factors.

(2) A designated person carrying out a business risk assessment shall have regard to the following:

(a) any information in the national risk assessment which is of relevance to all designated persons or a particular class of designated persons of which the designated person is a member;

(b) any guidance on risk issued by the competent authority for the designated person;

(c) where the designated person is a credit institution or financial institution, any guidelines addressed to credit institutions and financial institutions issued by the European Banking Authority, the European Securities and Markets Authority or the European Insurance and Occupational Pensions Authority in accordance with the Fourth Money Laundering Directive.

(3) A business risk assessment shall be documented unless a competent authority for a designated person decides under Article 8 of the Fourth Money Laundering Directive that an individual documented risk assessment is not required and notifies the designated person.

(4) A designated person shall keep the business risk assessment, and any related documents, up to date in accordance with its internal policies, controls and procedures adopted in accordance with section 54.

(5) A business risk assessment shall be approved by senior management.

(6) A designated person shall make records of a business risk assessment available, on request, to the competent authority for that designated person.

(7) The Minister may prescribe additional risk factors to be taken into account in a risk assessment under subsection (1) only where he or she is satisfied that it is appropriate to consider such matters in order to accurately identify and assess the risks of money laundering or terrorist financing.

(8) A designated person who fails to comply with this section commits an offence and is liable—

(a) on summary conviction, to a class A fine or imprisonment for a term not exceeding 12 months (or both), or

(b) on conviction on indictment to a fine or imprisonment not exceeding 5 years (or both).]