Under the AML legislation, the ‘risk-based approach’ is a cornerstone for companies that must comply.

There are three factors to consider when assessing the risk of ML:

  1. Company risk assessment (a ‘firm-wide risk assessment’) identifies all the risks your company faces.

  2. Client risk assessment, which identifies the risks identified about an individual client.

  3. Matter or Transaction risk assessment which assesses what risks there may be with each new piece of work that a client gives you.

Each risk assessment needs to contain an analysis of the risk, the potential likelihood and severity of the impact, and the policies, controls, and procedures your company is implementing to mitigate that risk.

At First AML, our Risk Assessment feature allows you to facilitate factors 2 and 3. Our Risk Assessment Questionnaire is fully configurable.

Configuring the risk assessment questionnaire will appear in each case you create, with a list of questions that need to be completed and a risk level set. 

You can extract this information at a case level (via the print preview) along with extracting the information via the Reporting functionality.


How to Configure a Risk Assessment 

The Risk Assessment comprises 2 components: Risk assessment questions and Risk threshold.

Risk assessment questions

To get started with setting up your Risk Assessment questionnaire and creating questions:

  1. Navigate to Settings on the left-hand navigation bar and click the Risk Assessment tab. You can enable either one or both of the Client Risk Assessment and Matter Risk Assessment.  

    1. The Display name of the risk assessment can be renamed e.g. Onboarding questionnaire.

  2. Click Enable Risk Assessment to ensure the created questions appear in your cases. To enable auto risk scoring, click Enable scores and thresholds, and automatically set the case's risk level

    Click Block case from advancing without Risk Assessment completion if you wish for the risk assessment to be completed for all cases before the case can be approved. 

  3. Select the question type you want to add within the Toolbox below. 

    Question Type Breakdowns:

    Heading =You can add a heading within your risk assessment e.g. 2a. Client Risk. 

    Text =This allows you to ask a question with a free text response. e.g. What steps have you taken to verify the client or any instructing third party’s identity?  You are unable to add a risk score to a free text response.

    Yes/no = This allows you to ask a question with a Yes, No or Not applicable response. e.g. Will we meet the client in person? You can add a risk score to the Yes or No responses.

    Select =This allows you to ask a question with a single or multi-select answer. e.g. What are the client's business activities? You can add a risk score to each selected option. 

  4. Continue to repeat Step 3 to add the questions you require in your Risk Assessment

  5. Once you have added all the required questions, click Save to save the Risk Assessment questionnaire

Configure Risk Assessments by Office

You can also configure different risk assessments by office. This can be used if you have different risk assessment questions for different parts of your business or if different regulatory requirements require tailored risk assessments.

The offices could be based on:

  • Location: Berlin, London, Sydney
  • Language: German, French, Chinese
  • Workstream: Conveyancing, M&A, Wills & Probate, Commercial, Residential
  • Entity Type: Individual or Entity

The Company risk assessment questions will be automatically duplicated into the office-based risk assessment.  Any adjustments made to this Office Risk Assessment won't impact your Company Risk Assessment.

Risk threshold

You can create custom risk weighting to drive KYC processes based on risk thresholds.

The risk threshold gives the limits for each of the risk levels.

  • Any total score lower than the low-risk threshold will result in a low-risk rating
  • Any total score higher than the high-risk threshold will result in a high-risk rating
  • Any score between the low-risk threshold and high-risk threshold will result in a medium-risk rating

Please see the steps below on how to configure it:

*Your First AML contact or a Compliance Admin can configure this.

  1. Navigate to Settings on the left-hand navigation bar and click the Risk Assessment tab

  2. Click Enable scores, and thresholds, and automatically set the case’s risk level to ensure the threshold that you add automatically calculates and sets the risk level once completed

  3. Set your Risk threshold by adding in the relevant scale for Low, Medium and High risk

  4. Once the Risk threshold has been set, you can now add the weighting to each question. Enter the weighting for each question (’Yes’ and ‘No’) answers or for the single/multi-select answers.

  5. Once you have completed adding the weighting to each question, click Save. *Please note if you do not press save, you will lose your progress

Risk assessment configurations

There are three key configuration settings that you can manage for your Risk Assessment questionnaire:

  1. Enable Risk Assessment - ticking this will ensure that the Risk Assessment questionnaire that you have created will appear in the cases you create

  2. Enable scores, and thresholds, and automatically set the case’s risk level - ticking this will ensure that the Risk threshold and weighting that you assign to questions will be enabled. This means that once the Risk Assessment questionnaire is completed for a case, a Risk score will be automatically generated

  3. Block case from advancing without Risk Assessment completion - ticking this will ensure that your cases cannot move to ‘Ready for Review’ without having the Risk Assessment questionnaire completed

Example risk assessment questionnaire

For demonstrative purposes, please see an example of a configured Risk Assessment questionnaire within the Source by First AML platform:

Completing the risk assessment in a case

  1. Navigate to the Risk Assessment tab in the case
  2. Answer the questions based on the question type.

Based on the scoring and thresholds set (see above) the risk level will be calculated automatically upon answering the risk assessment in the case.  If you have enabled both Client and and Matter risk assessments, please click the relevant box to open the questions.

Where there is a manual override of the risk level (e.g. based on mitigants, the risk level is actually medium) there will be a note advising there has been a change to the risk level and the original calculated risk score will still be surfaced. 

  1. At the end of the questions, you are able to add an overall comment around the risk questionnaire.

  2. Make sure to press ‘Save’ when you are finished

        *Risk level in Case details is automatically updated based on Risk assessment


Sending the Risk Assessment Externally 

You can also send the risk assessment to be completed by external users e.g. fee-earners/frontline or your client. 

The risk assessment will be a case requirement that sits within the Manifest. It will be sent via the secure web form to any external individual. Please note the individual does not need to have a First AML login. 

  1. Navigate to the Manifest, select the case requirement for 'Risk Assessment' 
  2. Add the contact details (email) of the individual you wish to send the risk assessment to within the Manifest. To add a new individual contact click 'Add Individual' to the right.
  3. Click 'Create request email'. Choose the external user by selecting the individual in the dropdown field for 'To'. You can choose to cc any additional individuals here.
  4. Click 'Send'. This will be automatically logged within the 'Activity Log'

  5. Any individual assigned to the case will be automatically notified once the risk assessment is completed.   

Downloading a copy of a completed Risk assessment questionnaire

Use the print preview button to download a copy of the risk assessment questionnaire.

When no risk assessment is set

The Risk Assessment tab will be visible within a case, but empty if you do not use the feature. A message will direct the user to reach out to their platform administrator to configure risk assessment questions.


Now you can start inserting all of the steps to your article.