Summary
Under the AML legislation, the ‘risk-based approach’ is a cornerstone for companies that must comply.
There are three factors to consider when assessing the risk of ML:
- Company risk assessment (also called a ‘firm-wide risk assessment’), which identifies all the risks your company faces.
- Client risk assessment, which identifies the risks identified about an individual client.
- Transaction risk assessment which assesses what risks there may be with each new piece of work that a client gives you.
Each risk assessment needs to contain an analysis of the risk, the potential likelihood and severity of the impact, and the policies, controls, and procedures that your company is putting in place to mitigate that risk.
At First AML, our Risk Assessment feature allows you to facilitate both factors 2 and 3. Our Risk Assessment Questionnaire is fully configurable.
By configuring the risk assessment questionnaire, it will appear in each case that you create, with a list of questions that need to be completed and a risk level will be set.
You will be able to extract this information at a case level (via the print preview) along with extracting the information via the Reporting functionality.
TABLE OF CONTENTS
- Summary
- How to Configure a Risk Assessment
- Completing the risk assessment in a case
- When no risk assessment is set
How to Configure a Risk Assessment
The Risk Assessment is made up of 2 components: Risk assessment questions and Risk threshold.
Risk assessment questions
To get started with setting up your Risk Assessment questionnaire and creating questions:
Navigate to Settings on the left-hand navigation bar and click the Risk Assessment tab
Click Enable Risk Assessment to ensure the created questions appear in your cases. To enable auto risk scoring, click Enable scores, and thresholds, and automatically set the case's risk level.
Click Block case from advancing without Risk Assessment completion if you wish for the risk assessment to be completed for all cases before the case can be approved.
Select the question type you want to add within the Toolbox below.
Question Type Breakdowns:
Heading =You can add a heading within your risk assessment e.g. 2a. Client Risk.
Text =This allows you to ask a question with a free text response. e.g. What steps have you taken to verify the client or any instructing third party’s identity? You are unable to add a risk score to a free text response.
Yes/no = This allows you to ask a question with a Yes, No or Not applicable response. e.g. Will we meet the client in person? You can add a risk score to the Yes or No responses.
Select =This allows you to ask a question with a single or multi-select answer. e.g. What are the client's business activities? You can add a risk score to each selected option.
Continue to repeat Step 3 to add the questions you require in your Risk Assessment
Once you have added all the required questions, click Save to save the Risk Assessment questionnaire
Configure Risk Assessments by Office
You can also configure different risk assessments by office. This can be used if you have different risk assessment questions for different parts of your business or if different regulatory requirements require tailored risk assessments.
The offices could be based on:
- Location: Berlin, London, Sydney
- Language: German, French, Chinese
- Workstream: Conveyancing, M&A, Wills & Probate, Commercial, Residential
- Entity Type: Individual or Entity
The Company risk assessment questions will be automatically duplicated into the office-based risk assessment. Any adjustments made to this Office Risk Assessment won't impact your Company Risk Assessment.
Risk threshold
You can create custom risk weighting to drive KYC processes based on risk thresholds.
The risk threshold gives the limits for each of the risk levels.
- Any total score lower than the low-risk threshold will result in a low-risk rating
- Any total score higher than the high-risk threshold will result in a high-risk rating
- Any score between the low-risk threshold and high-risk threshold will result in a medium-risk rating
Please see the steps below on how to configure it:
*Your First AML contact or a Compliance Admin can configure this.
- Navigate to Settings on the left-hand navigation bar and click the Risk Assessment tab
Click Enable scores, and thresholds, and automatically set the case’s risk level to ensure the threshold that you add automatically calculates and sets the risk level once completed
Set your Risk threshold by adding in the relevant scale for Low, Medium and High risk
Once the Risk threshold has been set, you can now add the weighting to each question. Enter the weighting for each question (’Yes’ and ‘No’) answers or for the single/multi-select answers.
Once you have completed adding the weighting to each question, click Save. *Please note if you do not press save, you will lose your progress
Risk assessment configurations
There are three key configuration settings that you can manage for your Risk Assessment questionnaire:
- Enable Risk Assessment - ticking this will ensure that the Risk Assessment questionnaire that you have created will appear in the cases you create
- Enable scores, and thresholds, and automatically set the case’s risk level - ticking this will ensure that the Risk threshold and weighting that you assign to questions will be enabled. This means that once the Risk Assessment questionnaire is completed for a case, a Risk score will be automatically generated
- Block case from advancing without Risk Assessment completion - ticking this will ensure that your cases cannot move to ‘Ready for Review’ without having the Risk Assessment questionnaire completed
Example risk assessment questionnaire
For demonstrative purposes, please see an example of a configured Risk Assessment questionnaire within the Source by First AML platform:
Completing the risk assessment in a case
- Navigate to the Risk Assessment tab in the case
- Answer the questions based on the question type.
Based on the scoring and thresholds set (see above) the risk level will be calculated automatically upon answering the risk assessment in the case.
Where there is a manual override of the risk level (e.g. based on mitigants, the risk level is actually medium) there will be a note advising there has been a change to the risk level and the original calculated risk score will still be surfaced.
- At the end of the questions, you are able to add an overall comment around the risk questionnaire.
- Make sure to press ‘Save’ when you are finished
*Risk level in Case details is automatically updated based on Risk assessment
Sending the Risk Assessment Externally
You can also send the risk assessment to be completed by external users e.g. fee-earners/frontline or your client.
The risk assessment will be a case requirement that sits within the Manifest. It will be sent via the secure web-form to any external individual. Please note the individual does not need to have a First AML login.
- Navigate to the Manifest, select the case requirement for 'Risk Assessment'
- Add the contact details (email) of the individual you wish to send the risk assessment to within the Manifest. To add a new individual contact click 'Add Individual' to the right.
- Click 'Create request email'. Choose the external user by selecting the individual in the dropdown field for 'To'. You can choose to cc any additional individuals here.
- Click 'Send'. This will be automatically logged within the 'Activity Log'
- Any individual assigned to the case will be automatically notified once the risk assessment is completed.
Downloading a copy of a completed Risk assessment questionnaire
Use the print preview button to download a copy of the risk assessment questionnaire.
When no risk assessment is set
The Risk Assessment tab will be visible within a case, but empty if you do not use the feature. A message will direct the user to reach out to their platform administrator to configure risk assessment questions.
Now you can start inserting all of the steps to your article.
