Den risikobaserede tilgang som regulatorisk styringsprincip i revisionsvirksomheders hvidvaskarbejde: Implikationer for revisors praksis, ansvar og professionelle skøn
Oversat titel
The Risk-Based Approach as a Regulatory Governance Principle in Audit Firms' Anti-Money Laundering Compliance: Implications for Auditors' Practice, Responsibility, and Professional Judgment
Forfatter
Jensen, Kristian Laust
Semester
4. semester
Uddannelse
Udgivelsesår
2026
Resumé
Denne afhandling undersøger, hvordan revisionsvirksomheder i Danmark omsætter den risikobaserede tilgang til bekæmpelse af hvidvask (AML) i praksis, og hvad det betyder for revisorers arbejde, ansvar og brug af professionelt skøn. Analysen tager udgangspunkt i hvidvaskloven og det internationale rammeværk fra Financial Action Task Force (FATF), som anbefaler en risikobaseret tilgang, det vil sige at lægge kræfterne der, hvor risikoen er størst, som hovedprincip i bekæmpelsen af hvidvask og terrorfinansiering. Med en fortolkende forskningstilgang kombinerer studiet en gennemgang af reglerne med en kvalitativ analyse af offentligt tilgængelige materialer fra Erhvervsstyrelsens AML-tilsyn med revisionsvirksomheder, herunder tilsynsrapporter, afgørelser og vejledninger. Resultaterne viser, at den risikobaserede tilgang er kernen i revisionsvirksomheders AML-forpligtelser: I stedet for standardiserede tjeklister skal virksomhederne vurdere og håndtere risici ud fra deres egne forretninger og kunderelationer. I praksis er det imidlertid vanskeligt at omsætte brede principper til konkrete og veldokumenterede procedurer. Typiske mangler ses i den virksomhedsomfattende risikovurdering, kundekendskabsprocedurer (customer due diligence), identifikation af reelle ejere, klassificering af kunders risiko samt dokumentation af risikobaserede skøn. Studiet viser også, at den risikobaserede tilgang øger betydningen af professionelt skøn. Revisorer forventes løbende at vurdere kundespecifikke risikofaktorer og bestemme omfanget af passende AML-tiltag. Samtidig lægger tilsynspraksis stor vægt på dokumentation, som dermed bliver bindeleddet mellem skøn og ansvar over for myndighederne. Samlet konkluderer afhandlingen, at den risikobaserede tilgang giver en fleksibel og potentielt effektiv ramme for AML-efterlevelse i revisionsvirksomheder, men at effekten afhænger af virksomhedernes evne til konsekvent og velbegrundet at identificere, vurdere, dokumentere og styre risici. Det påvirker ikke kun AML-processerne, men skærper også revisorers ansvar for at forebygge økonomisk kriminalitet.
This thesis investigates how audit firms in Denmark put the risk-based approach to anti-money laundering (AML) into practice and what this means for auditors' day-to-day work, responsibilities, and use of professional judgment. The analysis is anchored in the Danish Anti-Money Laundering Act and the international framework set by the Financial Action Task Force (FATF), which promotes a risk-based approach, focusing effort where the risk is highest, as the main principle for combating money laundering and terrorist financing. Using an interpretive research design, the study combines regulatory analysis with a qualitative review of publicly available material from AML supervision of audit firms by the Danish Business Authority, including supervision reports, enforcement decisions, and guidance. The findings show that the risk-based approach is the core requirement for audit firms' AML compliance: instead of following one-size-fits-all checklists, firms must assess and manage risks based on their own services and client relationships. In practice, however, firms face difficulties turning broad regulatory principles into concrete, well-documented procedures. Recurring weaknesses appear in firm-wide risk assessments, customer due diligence (know-your-customer) processes, identification of beneficial owners, client risk classification, and documentation of risk-related judgments. The study also shows that the risk-based approach increases the role of professional judgment. Auditors are expected to make ongoing assessments of client-specific risk factors and decide the scope of appropriate AML measures. At the same time, supervisory practice places strong emphasis on documentation, making it the key link between judgment and regulatory accountability. Overall, the thesis concludes that the risk-based approach offers a flexible and potentially effective framework for AML compliance in audit firms, but its success depends on firms' ability to identify, assess, document, and manage risks consistently and with clear reasoning. This not only shapes AML processes, but also elevates auditors' responsibility for preventing financial crime.
[Dette resumé er omskrevet med hjælp fra AI baseret på projektets originale resumé]
