REGULATED FINANCIAL SERVICES BUSINESSES (RFSB) are used to assessing risk in areas such as Credit Risk or Market Risk.  These risks can also be (arguably) easily quantified and are usually assessed before accepting the risk, and along with quantitative and qualitative risk assessment methodologies they have proven to be useful in helping RFSBs not only assess risks but;

1. understand observed phenomena,
2. explore the sources and impacts of the risk and
3. develop tools and methods for managing those risks.

Furthermore, each RFSB will implement appropriate methodologies based on some different factors, including

• size,
• global footprint,
• markets,
• organisation and
• risk appetite

At their best, quantitative and qualitative risk assessment methodologies, remove a great deal of bias and subjectivity from risk analysis, as well as giving RFSBs a risk measurement tool.

MONEY LAUNDERING FRONT

On the money laundering front, In January 2014, the Basel Committee on Banking Supervision (BCBS) issued a document, entitled “Sound Management of Risks Related to Money Laundering and Financing of Terrorism”  which includes the following statement on the importance and conduct of Risk Assessments:

• “Sound risk management requires the identification and analysis of ML/FT risks present within the bank and the design and effective implementation of policies and procedures that are commensurate with the identified risks.
• In conducting a comprehensive risk assessment to evaluate ML/FT risks, a bank should consider all the relevant inherent and residual risk factors at the
  1. country,
  2. sectoral,
  3. bank and business relationship level,
  4. etc
• To determine its risk profile and the appropriate level of mitigation to be applied.”
  1. Read more here – bis.org/publ/bcbs275.pdf

While the BCBS Paper is relatively recent, risk assessments have long been an expectation under other regulatory regimes. In the United States, for example, guidance is provided in the Federal Financial Institutions Examination Council (“FFIEC”) Bank Secrecy Act/Anti-Money Laundering (AML) Examination Manual, it is stated that management should:

• “…structure the bank’s BSA/AML compliance program to adequately address its risk profile, as identified by the risk assessment…
• develop the appropriate policies, procedures, and processes to monitor and control BSA/ML risks.
• For example, the bank’s monitoring systems to identify, research and report suspicious activity should be risk-based, with particular emphasis on higher-risk products, services, clients, entities, and geographic locations as identified by the bank’s… risk assessment.”
  1. Read more – http://bit.ly/2pG5rWm

In the UK, The Joint Money Laundering Steering Group Guidance Notes outline some of the considerations that should be taken into account when conducting a risk assessment, the application of a risk based approach being a core theme.

Read more here – http://bit.ly/2m7tONi

In considering the above, it is clear FINANCIAL CRIME RISK ASSESSMENT’s are different from the traditional risk assessments.

FINANCIAL CRIME RISK ASSESSMENT’s are different = WHY IS THIS?

The answer is FINANCIAL CRIME RISK ASSESSMENT’s focus on assessing ‘CONSEQUENTIAL’ RISK. 

 CONSEQUENTIAL RISK can be shown as:

• “Consequential risk”:
  1. The risk of a consequential financial loss.
  2. The risk of a secondary or further adverse event, following and caused by an initial one.
• For example
  1. the risk of a tsunami following – and caused by – an initial earthquake.

FINANCIAL CRIME RISK ASSESSMENT ‘CONSEQUENTIAL’ RISK is reflective of an RFSBs

1. internal environment and
2. external environment, and
3. Mitigating controls.

A FINANCIAL CRIME RISK ASSESSMENT must also include exposure to certain HIGH IMPACT CRIMES such as:

1. Terrorist Financing,
2. Sanctions
3. Bribery & Corruption and its facilitation
4. Tax evasion and its facilitation

Moreover, while there can be a significant commonality in the factors used to conduct FINANCIAL CRIME RISK ASSESSMENT a HIGH IMPACT CRIMES risk assessment WILL also involve additional components which are not typically used in a pure  FINANCIAL CRIME RISK ASSESSMENT.

IN CONCLSUION

For a risk assessment to be successful, senior management, along with key stakeholders, should provide appropriate support to the effort in the context of fostering a robust culture of compliance. Ultimately, though, how a firm designs its assessment methodology will very much depend on the complexity of the organisation, its footprint and its business focus.