Opens in new window
This is the second article in our Future of Financial Crime series, emphasising the critical role of intelligence-led risk management as a foundation of financial crime frameworks.
Risk assessment is an essential instrument at the core of a Subject Person’s (SP) financial crime control framework. However, it's often perceived as a regulatory-driven task, leading to broad evaluations of the financial crime vulnerabilities an institution faces. The results often provide limited actionable insights, hindering the ability to make appropriate adjustments to financial crime control measures. Given the ever-changing and increasingly complex nature of financial crime threats, this approach needs to evolve.
Risk assessments are often limited by:
Expectations about the role of risk assessment are changing, driven by increased regulatory focus on how well the risk assessment recognises specific threats and evaluates the effectiveness of mitigating controls. Regulatory enforcement may result where these aspects are unsatisfactory.
Adopting a more dynamic and integrated approach to risk assessment and control modulation is key to addressing these limitations and meeting changing regulatory expectations. While change can be incremental and specific solutions will vary across SPs, we believe the following changes are necessary:
By adopting these changes, we believe it is possible to achieve three key benefits:
By identifying and assessing financial crime risks and implementing mitigating controls, it will be possible to better demonstrate to regulators and other stakeholders that a risk-based approach has been effectively implemented.
By explicitly linking controls to the risks and providing a greater level of specificity in the risks and threats faced, the mitigating controls can be customised to focus on preventing and detecting the crystallisation of risks. This documented linkage also reduces the possibility that key controls may be removed or inadvertently updated, without appropriate governance.
Organisations can gain a competitive advantage by rapidly focusing their financial crime investments towards the mitigation of their most critical risks. By focusing controls on the prioritised areas, there is an opportunity to enhance efficiency, by dialling down other controls as appropriate, and lowering the cost of compliance.
The adoption of enhanced and refined risk assessment and control approach, enables a SP to deal with emergent risks as 'business as usual' and avoids the requirement for 'fire drills' which disrupt normal operations.
In summary, the proposed changes aim to deliver a sophisticated and proactive intelligence-led approach to risk management which takes into account the changing nature of financial crime threats, and dynamically adjusts the mitigating controls on a risk-based approach.
We believe the evolution of the risk assessment and control framework as set out in this article is fundamental to enabling further changes needed in future financial crime capabilities. Specifically, by changing the approach to due diligence to create a more dynamic customer lifecycle management, and the integration of monitoring allows, for the simplification and streamlining of financial crime operations. Overall, this will drive a move to a more efficient and effective approach to fighting financial crime and reduce cost of compliance.
Please get in touch if you would like to discuss this topic further. Also look out for future articles in our Future of Financial Crime series – up next, Revolutionising Due Diligence in Customer Lifecycle Management.