Home Compliance đŸ“™Standard Operating Procedures (SOPs) Risk Management Framework Policies and Procedures Section I: Compliance (AML/CFT) Risk Management

Methodology

Following the substantive AML/CFT/PF legislation and taking into account of any risk assessment carried out at a national level and any regulatory guidance Easyterms Ltd. will:

  1. Identify all risk factors relevant to its business.

  2. Measure each risk factor for the likelihood of outcome and impact if it were to occur.

  3. Manage inherent risk in each factor, to bring the inherent risk in line with risk of which Easyterms Ltd. determines to be acceptable to its business. Risk maybe:

    • Accepted as being in line with the Company's risk appetite

    • Rejected as exceeding the firms risk appetite

    • Transferred via insurance

    • Mitigated via application of effective internal controls, in order to bring that risk in line with the Company's risk appetite.

  4. After managing the inherent risk, residual risk is the risk which will remain; this residual risk must be at a level determined to be acceptable by the board of directors.

  5. Each factor is then ranked to be used to categorize the risk, which client relationship brings to the business, i.e. Low, Medium or High.

  6. Upon establishing a client relationship, all applicable risk factors are applied, resulting in a risk rating, which will establish the AML/CFT/PF risk, which onboarding the relationship brings to the Business.

    • Appendix 1 – Client Risk Rating will be completed as part of the onboarding process, and periodically thereafter, depending on the frequency of the review.

  7. Ratings will reflect the level of potential risk and in turn determine the level of customer due diligence (CDD) required.

Risk Rating Key

LOW

MEDIUM

HIGH

EXTREME

1
Acceptable

2 – ALARP
(as low as reasonably practicable)

3
Generally unacceptable

4
Intolerable

Simplified CDD

Mitigation efforts

Enhanced CDD

Unacceptable

  1. Explanation of the risk rating as Low, Medium, High and Extreme are explained below:

Risk Level

Description

Color Code

Low

The consequences of the risk are minor, and it is unlikely to occur. Minimum information and monitoring required to satisfy legislative requirements, regulatory guidelines, policies, and procedures.

Green

Medium

Somewhat likely to occur with slightly more serious consequences. Additional information may be required, monitoring is more frequent than Low rated but not as frequent as annual.

Yellow

High

Serious risks with significant consequences that are likely to occur. Requires enhanced due diligence and BOD approval before acceptance.

Orange

Extreme

Catastrophic risks with severe consequences and highly likely to occur. Reported to the BOD as not accepted.

Red

  1. While the initial risk rating is to completed as a part of the onboarding process, subsequently, ongoing monitoring and implementation of reviews must be conducted, including refreshing information.

RISK PROFILE

DUE DILIGENCE

REVIEW FREQUENCY

Extreme

Unacceptable

Rejected

High

Enhanced

Annually

Medium

Mitigating Efforts

Every 3 Years

Low

Simplified

Every 5 Years

  1. Ongoing monitoring of the framework will encompass adding new factors, reflecting new technology or changes, and updating any changes to the existing factors, then assessment and management of controls, in accordance with current methodology.

  2. Methodology is to be reviewed periodically but at least annually, and updated to reflect industry standards, which are deemed as highly important to the Easyterms Ltd. Business.

Published with Nuclino