The basis of sound and efficient AML, Sanctions and Anti-Corruption compliance programs is a thorough, detailed risk assessment. All assessments should quantify the risk arising from an institution’s customer base, geographic footprint of operations, and the different products and services offered. Of course, the risk assessment must be appropriate for the complexity of the financial institution. In many cases, this means drilling down below the bank level to the major lines of business (or lower) as well as individual operating subsidiaries.
Working with you, I can help you identify the business units and factors to be assessed, source the data from your institution’s existing systems, help validate the data and identify and implement plans to scrub data and remediate gaps, and, where necessary, identify data proxies for missing or incomplete factor data sets.
A thorough risk assessment also takes into consideration the effectiveness of the controls currently in place to mitigate that risk. Often these qualifying factors can be gleaned from compliance testing and internal audit reports and from regulatory examination results. I can work with you to assess the control factors, identify control gaps and recommend approaches to enhance the current control environment.
In a risk assessment project, I will work with your existing methodology or, if necessary, help you develop a revised or new methodology. I will help you prepare an assessment reporting format. And perhaps most importantly, with the report I will provide detailed documentation supporting the methodology followed, data used to score the various factors, decisions made in consolidating across business lines and functional units and any deviations from the methodology.