A risk assessment is an analysis of potential threats and vulnerabilities to money laundering and terrorist financing to which your business is exposed. The complexity of the assessment depends on the size and risk factors of your business.
You have to document and consider the following factors in your assessment:
- your products and services and the delivery channels through which you offer them;
- the geographic locations where you conduct your activities and the geographic locations of your clients;
- other relevant factors related to your business; and
- your clients and the business relationships you have with them.
You may want to perform the risk assessment for your business in two stages:
- Stage 1: Business-based risk assessment of your products, services, delivery channels and the geographic location in which your business operates.
- Stage 2: Relationships-based risk assessment of products and services your clients utilize as well as the geographic locations in which they operate or do business.
Risk assessment requires good knowledge of your business operations and sound judgment exercised by your personnel so the risks for money laundering and terrorist financing can be weighed according to each individual factor as well as a combination of them. Your risk assessment is not static and will change over time. If you are a financial entity or a securities dealer (refer to the Central Bank Guidelines), you have additional requirements related to risk assessment.
e.g. of a Assessing Risk