Skip to content

The Enterprise-Wide Risk Assessment (EWRA) Maturity Survey

WHAT IS THE

EWRA Maturity Survey?

Enterprise-wide financial crime risk assessments are a mandatory requirement for millions of businesses in over 200 countries and over 30 industry sectors. Whilst these obligations have been around for more than two decades, many organisations are still conducting these in a relatively immature way.

Gaining insight into the level of maturity of your organisation’s enterprise-wide financial crime risk assessment approach and how this can be developed is a crucial step to improving the maturity of your organisation’s financial crime risk management approach, which is why we’ve created the Enterprise-Wide Risk Assessment (EWRA) Maturity Survey

Completing the survey is just the first step to an effective understanding of your financial crime risks. Below we outline:

  1. What are the levels of maturity and what do they mean?
  2. How does the scoring work?
  3. Understanding the outputs of the EWRA Maturity Survey
  4. Understanding the common challenges and how to overcome them
  5. What should you do with the results of the survey?

By understanding your current level of maturity, you can establish how to manage your organisation’s financial crime risk assessment process in a less time-consuming and more cost-effective way.  

WHAT ARE THE QUESTIONS IN THE

EWRA Maturity Survey?

The EWRA maturity survey takes less than 3 minutes to complete and is based on the following seven questions:

What best describes the level of governance and oversight of your AFC Program?

What best describes the level of staff awareness of the AFC Program?

What best describes the level of understanding of AFC risk factors in the business?

What best describes the level of understanding of AFC controls in the business?

What best describes the level of dashboards, analytics and reporting availability?

What best describes the level of technology adoption related to EWRA's?

What best describes the frequency of conducting EWRAs?

WHAT ARE THE LEVELS OF MATURITY AND

What do they mean?

We’ve defined five levels of maturity, and in keeping with the Arctic theme, have used mountain climbing to describe each, ranging from Base Camp to the Summit and everything in between!

AI Infographic

HOW DOES THE

Scoring work?

The scoring system works on a simple count from 1 to 5, 1 being the least mature and 5 being the most mature.  The scoring table below summarises the maturity level based on the total score recorded.

AI AMLA Free Trial Email 2

UNDERSTANDING THE OUTPUTS OF THE

EWRA Maturity Survey

The table here outlines the maturity level and the common characteristics of operating at that level.

UNDERSTANDING COMMON CHALLENGES AND

How to overcome them

At each maturity level, there are several common challenges that regulated businesses typically experience and the table below summarises a few of these and provides examples of the steps that can be taken to overcome them.

Base Camp (Simplistic)

Common Challenges

  • Limited or no formal Board oversight of the EWRA
  • No clearly defined risk methodology or indicators
  • Conducting risk assessments using spreadsheets
  • More time spent administering a manual spreadsheet-based process than managing risk
  • Lack of audit trail to trace decisions made or actions taken

Steps to overcome them

  • Engage with Board to set risk appetite and tolerance
  • Document the risk methodology and risk factors
  • Start to investigate digitised platform solutions
  • Invest time in critically examining whether a spreadsheet-based approach is the best approach
  • Invest in a solution that has a full audit trail, workflow management, issue tracking and reporting

Advanced Base Camp (Established)

Common Challenges

  • Some, but infrequent Board oversight of the EWRA
  • Only a few people with intimate EWRA knowledge
  • More time spent administering a manual spreadsheet-based process than managing risk
  • Convincing stakeholders that current approaches are deficient and lead to suboptimal outcomes

Steps to overcome them

  • Increase frequency of discussion on the EWRA
  • Expand organisational EWRA knowledge by training
  • Invest time in critically examining whether a spreadsheet-based approach is the best approach
  • Start to pilot, then adopt EWRA digitised platforms to deliver tangible benefits and gain more control

Lower Peaks (Defined)

Common Challenges

  • Only annual Board oversight of the EWRA
  • Documented risk indicators, but no weighting
  • Ability to source some (but not all) data inputs
  • Only one or two types of risk assessment being digitised and automated rather than commonly done

Steps to overcome them

  • Increase frequency of EWRA discussions, quarterly
  • Apply weights at all EWRA levels, document rationale
  • Develop a plan for sourcing data of high reliability
  • Build stakeholder support to adopt a common approach for risk assessments across all domains

Upper Peaks (Embedded)

Common Challenges

  • Ability to obtain accurate and reliable data inputs
  • Agreeing risk weightings among stakeholders
  • Periodic ingestion of data into the EWRA
  • Time spent sourcing and cleaning data

Steps to overcome them

  • Engage with IT teams and define data requirements
  • Ingest data attributes that can be sourced easily
  • Data automation through API data feeds/file uploads
  • Investing to build a financial crime risk data store

Summit (Advanced)

Common Challenges

  • Perpetual ingestion of data into the EWRA
  • Real-time dashboards on inherent risk changes
  • Resources to monitor perpetual EWRA risks and adjust risk inputs and decide on the right controls

Steps to overcome them

  • Sourcing data continuously and in real-time
  • Determining the ky KPIs and metrics to monitor
  • Ensuring sufficient resources to monitor, report and act when risks are outside of risk appetite

WHAT SHOULD YOU DO WITH THE

Results of the survey?

Now that you have completed the Enterprise-Wide Risk Assessment Maturity Survey it is essential to take the time to reflect on what could be improved. Next, take action based on these findings to improve your financial crime program and mitigate financial crime risks.

Here is a suggested approach for looking at your survey results:

By taking these actions based on the results of your EWRA maturity assessment, your organisation can strengthen its EWRA and wider financial crime compliance program, reduce financial crime risks, and demonstrate a commitment to responsible and ethical business practice.

Take the EWRA Maturity Assessment Survey Today