TABLE OF CONTENTS

Summary

Under AML legislation, the ‘risk-based approach’ is a cornerstone for companies that must comply.


There are three factors to consider when assessing the risk of ML:

  1. Company risk assessment (a ‘firm-wide risk assessment’) identifies all the risks your company faces.

  2. Client risk assessment, which identifies the risks identified about an individual client.

  3. Matter or transaction risk assessment which assesses what risks there may be with each new piece of work that a client gives you.

Each risk assessment needs to contain an analysis of the risk, the potential likelihood and severity of the impact, and the policies, controls, and procedures your company is implementing to mitigate that risk.


The First AML risk assessment feature facilitates factors two and three and is fully configurable.


A risk assessment questionnaire will populate in each case, with a list of questions that need to be answered and a risk level to set. 


You can extract risk assessment information at a case level via the print preview or the Reporting functionality.

How to configure a risk assessment 

The risk assessment comprises two components: risk assessment questions and risk threshold.

Risk assessment questions

To get started with configuring your risk assessment questionnaire:

  1. Navigate to settings on the left-hand navigation bar and click the risk assessment tab. You can enable either one or both the client risk assessment and matter risk assessment.  
  2. The display name of the risk assessment can be updated e.g. "Onboarding questionnaire".
  3. Click enable risk assessment. To enable automatic risk scoring, click enable scores and thresholds, and automatically set the case's risk level.

    Click block case from advancing without risk assessment completion if you wish for the risk assessment to be completed for each case before it can be approved.
  4. Select the question type you want to add within the toolbox below.

    Question type breakdowns:
    Heading =You can add a heading within your risk assessment e.g. 2a. Client Risk. 

    Text =This allows you to ask a question with a free text response. e.g. What steps have you taken to verify the client or any instructing third party’s identity?  You are unable to add a risk score to a free text response.

    Yes/no = This allows you to ask a question with a Yes, No or Not applicable response. e.g. Will we meet the client in person? You can add a risk score to the Yes or No responses.

    Select =This allows you to ask a question with a single or multi-select answer. e.g. What are the client's business activities? You can add a risk score to each selected option. 

  5. Repeat Step 3 until you have added all of the questions you require in your risk assessment

  6. Click save



Configure risk assessments by office

You can configure different risk assessments by office. This may be used if you have different risk assessment questions for different parts of your business or if different regulatory requirements require tailored risk assessments.

You may choose to set up your offices based on:

  • Location e.g. Berlin, London, Sydney
  • Language e.g. German, French, Chinese
  • Workstream e.g. Conveyancing, M&A, Wills & Probate, Commercial, Residential
  • Entity Type e.g. Individual or Entity


The company risk assessment questions will automatically duplicate into the office-based risk assessment.  Any adjustments made to this office risk assessment won't impact your company risk assessment.



Risk threshold

You can create custom risk weighting to drive KYC processes based on risk thresholds.

The risk threshold sets the parameters for each risk level:

  • Any total score lower than the low-risk threshold will result in a low-risk rating
  • Any total score higher than the high-risk threshold will result in a high-risk rating
  • Any score between the low-risk threshold and high-risk threshold will result in a medium-risk rating

How to configure risk threshold:


*Your First AML contact or a Compliance Admin can configure this.

  1. Navigate to Settings on the left-hand navigation bar and click the risk assessment tab

  2. Click enable scores, and thresholds, and automatically set the case’s risk level to ensure the threshold that you add automatically calculates and sets the risk level once completed

  3. Set your risk threshold by adding in the relevant scale for low and high risk (With medium being between the two thresholds)



  4. Once the risk threshold has been set, you can add weighting to each question. Enter the weighting for each question (’Yes’ and ‘No’) answers or for the single/multi-select answers. The higher the weight, the higher the risk associated to the answer.




  5. Once you have added weighting to each question, click save. *Please note if you do not press save, you will lose your progress.

Risk assessment configurations


There are three key configuration settings that you can manage for your risk assessment questionnaire:

  1. Enable risk assessment - ticking this will ensure that the risk assessment questionnaire that you have created will appear in the cases you create

  2. Enable scores, and thresholds, and automatically set the case’s risk level - ticking this will ensure that the risk threshold and weighting that you assign to questions will be enabled. This means that once the risk assessment questionnaire is completed for a case, a risk score will be automatically generated

  3. Block case from advancing without risk assessment completion - ticking this will ensure that your cases cannot move to ‘Ready for review’ without having the risk assessment questionnaire completed


Example risk assessment questionnaire

For demonstrative purposes, please see an example of a configured risk assessment questionnaire within the Source by First AML platform:



Completing the risk assessment in a case

  1. Navigate to the 'risk assessment' tab in the case
  2. Answer the questions based on the question type.
     

Based on the scoring and thresholds set (see above) the risk level will be calculated automatically upon answering the risk assessment. If you have enabled both Client and and Matter risk assessments, please click the relevant box to open the questions.




Where there is a manual override of the risk level (e.g. based on mitigates, the risk level is actually medium) there will be a note advising there has been a change to the risk level and the original calculated risk score will still be surfaced. 


  1. At the end of the questions, you have the option to add an overall comment around the risk questionnaire.

  2. Press save when you are finished

        *Risk level in 'Case details' automatically populates based on the risk assessment


       



Set up automation for risk assessments

You can set up automations to send out either the client or the matter risk assessment out to:

  • Case lead
  • Case contact
  • Case requester


There are also other conditions that you can set up within the automation rule. 




Sending the risk assessment to be completed

You can send risk assessments via the secure web form to all Source users and also to no users emails. 


When switched on, the risk assessment is a case requirement within Manifest. The assessment can be sent via the secure web form. 


  1. Navigate to the Manifest, select case requirement 'risk assessment' 
  2. Click 'create request email'. If they are a Source user, choose the user by selecting the individual in the dropdown field for 'to'. You can choose to cc any additional individuals here.
  3. If they are not a source user you can type in their email address
  4. Click 'send'. This will be automatically logged within the 'activity log'

    Any individual assigned to the case will be automatically notified once the risk assessment is completed.     



Downloading a copy of a completed risk assessment questionnaire

Use the print preview button to download a copy of the risk assessment questionnaire.




When no risk assessment is set

If you have not enabled risk assessment (see how to configure a risk assessment), the 'risk assesment' tab within each case will display the below message: