In my last post, I talked about the attributes of different AML risk assessment programs, from those at the most rudimentary stages of maturity to those that have reached high performance. Our experience has shown that a structured, disciplined approach can help banks assess their risks and the effectiveness of controls in place to reduce such risks.

We see this as a five-step process:


Source: How financial services firms can set-up an effective AML risk assessment program


Step 1 – Mobilize and prepare data points. The bank defines and reaches agreement upon risk appetite and upon standard templates and taxonomies. It identifies specific risk factors and data elements required for analysis, along with systems of record for extracting data. Finally, it agrees upon weightings for risk factors.

Step 2 – Document key AML risks and controls. The bank identifies and documents AML risks and controls and conducts risk scoring to target critical focus areas. It incorporates audit findings and prior risk assessment findings and checks data outputs with business and compliance subject matter specialists.

Step 3 – Identify improvement opportunities. The bank maps focus areas against current state catalogs and processes, and also maps focus areas against the current controls framework. It documents the risk and control matrix and develops action plans to address gaps and high risk areas.

Step 4 – Obtain SME validation and approval. The bank conducts stakeholder workshops to identify any further pain points. It validates the risk and control matrix with subject matter specialists and aggregates evidence for a controls test baseline.

Step 5 – Deliver executive summary. The risk assessment team develops dashboards presenting risk assessment outcomes and creates an executive summary of AML risk assessment findings.

In the final blog of this series, we will look at some of the challenges banks face in executing AML risk assessments and how these challenges can be addressed.


For more information, view our presentation on how financial services firms can set-up an effective AML risk assessment program.


Submit a Comment

Your email address will not be published. Required fields are marked *