Weighing up the risk
Organisations are switching to automated assessments of financial crime risks as regulators flag more rigorous scrutiny, says Darren Cade GAICD, CEO of Arctic Intelligence.
Risk assessments have in the past been conducted via spreadsheets and based on subjective assessments of what staff perceive to be the likelihood and impact of a potential risk.
“Regulators like AUSTRAC and equivalents overseas have been focused on the use of data and data points in an organisation to evidence and justify those risk ratings,” says Darren Cade GAICD, CEO of Arctic Intelligence, whose company conducts automated risk assessments. “The risk assessments become less subjective, more objective and are backed up by data about the business.”
Drawing on technology and data for a risk assessment also speeds up the process. Cade says that in large organisations financial crime risk assessments can take six months, meaning when the board receives the report, it can be based on out-of date data and that assessments become a once-a-year exercise.
As a regulatory technology provider, Arctic Intelligence delivers cloud-based compliance platforms with detailed content around risk models and the way to risk-assess different financial crime areas such as money laundering, fraud, bribery and corruption. It also has libraries of hundreds of different controls and control categories that companies should have in place — or consider having in place — and a workflow engine that makes sure they are capturing an audit trail, evidencing every level of review, sign-off and completion of that risk assessment over time.
“We’ve created a global community,” says Cade. “We have hundreds of clients in 12 countries, and whenever improvements can be made to the methodologies and models, we make those and everybody benefits. So no-one’s working in isolation.” This has been one of the problems with risk assessments in the past, he says, with companies having little idea of where they stand.
Rating your risk factor
Along with providing shared information on its compliance platforms, Arctic Intelligence has conducted an industry benchmark report to allow directors to assess how their organisation compares with its peers. The report found that 70 per cent of companies across different industries were rating themselves as a medium risk for financial crime. Most also believed they had adequate controls — and that overall, they had a low residual risk rating.
Flagging a lack of automation in financial crime risk assessments, 68 per cent of respondents advised the risk assessment process takes up to six months to complete. Over half conducted assessments only once a year.
“A key question for any board reviewing a risk assessment is how does their organisation compare with others,” says Cade, noting that the AML Industry Benchmark Report 2021 should help with this. He says that boards should also ask how a risk report is pulled together and how robust it is. “Financial crime risk is very much something that the boards and directors in any industry should be thinking about. If the organisation gets it wrong, there are huge penalties that can be levied by regulators. There is also huge reputational damage and the potential for civil action from the regulator against the organisation or individuals.”
Article first published in the Australian Institute of Company Directors in November 2021.
Follow us on LinkedIn and Twitter for a daily dose of financial crime news across the globe.