Skip to main content
Entire section Custom print Text Only Rich Text Print

2.2. Risk Assessment

Effective from 4/7/2021

LFIs should take appropriate steps to conduct a regular and updated risk assessment to identify, understand, assess, monitor, and manage their risks in line with their business nature and size. While there is no “one-size-fits all” risk assessment, the assessment exercise should generally consist of a holistic review of the LFI from top-to-bottom and assess its touchpoints to the outside world where the LFI may potentially, directly or indirectly, be exposed to sanctioned parties or transactions. In most cases, LFIs should consider performing such risk assessments annually; however, assessments that are more frequent or less frequent may be justified, depending on the particular circumstances. These may include a change to the LFI risk profile, regulatory or law enforcement advisories, or global trends in terrorism financing (“TF”) and the financing of proliferation of weapons of mass of mass destruction (“PF”).

 In determining potential risks, LFIs should take into account, to the extent relevant, any vulnerabilities relating to:
  oits customers, supply chain, intermediaries, and counterparties;
  oits products and services, including how and where such items fit into other financial or commercial products, services, networks, or systems;
  othe geographic locations of the organization, as well as its customers, supply chain, intermediaries, and counterparties;
  oits distribution channels and business partners;
  othe complexity and volume of its transactions;
  othe development of new products and business practices including new delivery mechanisms, channels, and partners; and
  othe use of new or developing technologies for both new and pre-existing products and services.
 LFIs should document risk assessment operations, maintain them up-to-date on an on-going basis, and make them available upon request.
 The results of a risk assessment are integral to informing the SCP’s policies, procedures, internal controls, and training in order to effectively mitigate risks.
 LFIs should develop and thoroughly document their risk assessment methodologies to identify, analyze, and address relevant risks. The methodologies should reflect the conduct and root cause of any violations or systemic deficiencies identified.