A thorough understanding of its financial crime risks is key if a firm is to apply proportionate systems and controls. The following are self assessment questions that can help you implement an efficient risk assessment to mitigate risk behind finance crime.
- What are the main financial crime risks to the business?
- How does your firm seek to understand the financial crime risks it faces?
- When did the firm last update its risk assessment?
- How do you identify new or emerging financial crime risks?
- Is there evidence that risk is considered and recorded systematically, assessments are updated and sign-off is appropriate?
- Who challenges risk assessments and how? Is this process sufficiently rigorous and well-documented?
- How do procedures on the ground adapt to emerging risks? (For example, how quickly are policy manuals updated and procedures amended?)
Examples of good practice:
- The firm’s risk assessment is comprehensive.
- Risk assessment is a continuous process based on the best information available from internal and external sources.
- The firm assesses where risks are greater and concentrates its resources accordingly.
- The firm actively considers the impact of crime on customers.
- The firm considers financial crime risk when designing new products and services.
Examples of poor practice
- Risk assessment is a one-off exercise.
- Efforts to understand risk are piecemeal and lack coordination.
- Risk assessments are incomplete.
- The firm targets financial crimes that affect the bottom line (e.g. fraud against the firm) but neglects those where third parties suffer (e.g. fraud against customers)