Risk assessment entails the probability or likelihood that Easyterms Ltd. will be subject to ML/TF/PF via the risk factors and the impact on the company, if Easyterms Ltd. were to be subject to that risk.
In making these assessments, Easyterms Ltd., relies on standard and reports such as CFATF Mutual Evaluation, FATF reports, NRA and output from the regulators, however, some subjectivity is also involved.
Depending on the outcome of this analysis, a determination will be made as to what action is to be taken to bring the risk in line with the level of risk, which the Directors of Easyterms Ltd. deem acceptable risk to the business.
Options are as follows:
If risk is already within acceptable level, no action need be taken
If risk is unacceptably high and a cannot reasonably be reduced, it may be avoided
If risk is above the acceptable level, it may be managed
Transferred via insurance
Subject to internal controls, which brings the risk within an acceptable level.
Inherent risk
ACCEPT | CONTROL | TRANSFER | REJECT |
Low | Medium | High | Extreme |
1 | 2 | 3 | 4 |
Likelihood
IMPACT | Risk is unlikely to occur | Risk is likely to occur | Risk will occur |
Acceptable | 1 | 2 | 3 |
Tolerable | 2 | 3 | 3 |
Undesirable | 3 | 4 | 4 |
Intolerable | 4 | 4 | 4 |
Risk Level | Description |
Acceptable | Risks that bring no real negative consequences, or pose no significant threat to the company. |
Tolerable | Risks that could potentially bring negative consequences, posing a moderate threat to the Company. |
Undesirable | Risks with substantial negative consequences that will seriously impact the success of the organization or project. |
Intolerable | Risks with extreme negative consequences that could cause the entire company to fail or severely impact daily operations of the organization. These are the highest risk. |
Risk Category | Description |
Unlikely | Extremely rare risks, with almost no probability of occurring. |
Likely | Risks that are more typical, with about a 50/50 chance of taking place. |
Will Occur | Risks that are almost certain to manifest. Address these risks first. |
After managing inherent risk in each factor, to bring inherent risk in line with Easyterms Ltd. risk appetite, which the Directors determine to be acceptable to Easyterms Ltd. business, what remains is residual risk.
Residual risk levels, will be applied to each factor, and collectively form part of the overall ranking for each client. To determine if that client/customer relationship forms a low, medium, high or extreme risk of ML/TF/PF to Easyterms Ltd. By completing the Client Risk Rating Form (Appendix 1). This will be determined initially upon onboarding, and then re-assessed at each periodic review, based on the risk rating.
Applying factors, assessment and ranking to the client/customer profile and framework are ongoing, to update and reflect changes to the factors, technology and methodology.