To the main content

Risk Assessments 101

Risk Assessments are the cornerstone of AML compliance and the foundation of any other AML related process. Following our recent webinar on the topic with PwC, here is what you need to understand you company’s business specific risk assessment and how to automate your customer risk classification.

A big thank you to PwC’s Gunnar Holm Ringen and Thor Dalhaug for sharing their knowledge and participating in this webinar with us. You can find the recording of the webinar at the bottom of this article. 

Creating Your Business-Specific Risk Assessment

The business-specific risk assessment required by the Norwegian anti-money laundering act §7, should create the basis of any other measure introduced to prevent and detect illegal suspicious circumstances within your customer base. In the law, it is stated that the purpose of the Norwegian Money Laundering Act is “to prevent and detect money laundering and terrorist financing, by preventing and detecting the use or attempted use of obliged entities for purposes of money laundering or terrorist financing”.

Risk Assessments are a crucial first step in meeting the law’s requirements. When talking about assessing risk in an AML context, the aim is to identify factors that might lead to money laundering or terrorist financing within your customer base. There are four factors to take into consideration when identifying your company’s risk:

   a) own business, including, in particular, the nature and size of the business.
   b) the products, services, and customer relationships of the business.
   c) the type of customers and customer groups.
   d) geographical factors.

The business-specific risk assessments should provide information about these four main areas. These groups should then be broken down into bits and pieces to create a customer risk classification. This could result in a long list of risk drivers and each of these risk drivers should be ranged according to the risk they impose on your company. For example, this could include transactions to high-risk countries, high-risk industries, and ownership structure.

The customer classification risk would then be the result of the scores on all the risk drivers. This information is gathered through onboardings forms and ongoing monitoring of the customer. PwC’s expertise is in identifying and structuring a company’s overall risk and divide it into concrete risk drivers. See the recording below for more elaborate information and concrete examples of this.

How to Automate the Customer Risk Classification

When your business-specific risk assessment has been broken down into specific risk drivers with scores that communicate the possibility of financial crime, you are ready to automate the process. The automation can then streamline this quantitative model in order to classify your customers accordingly.

It’s important to remember that there is no one-size-fits-all in risk assessments. The overall compliance effort should be spent differently depending on the circumstances of the particular organization. Additionally, even though standardized frameworks can be used, they cannot be used without customization to the organization’s specific risks. Quesnay’s solution allows for such customization. The motivation for using a technical solution like Quesnay’s for handling risk classifications is efficiency, overview, and a structured approach. In the recording below you will get a comprehensive introduction to automating your customer risk classification.


Want to be notified about future webinars? Sign up for our newsletter. 

Read more about our Client Lifecycle Management solution