Skip to content

Implementation

An effective AML/CTF program starts with good implementation and setup. Drawing on insights from hundreds of businesses, we’ve created a guide to help you put our platform into action, fast.

Learn More
Request a Demo

RISK ASSESSMENT PLATFORM

Our approach to implementation

At Arctic, we recognise that every client and every business-wide financial crime risk assessment engagement is different - there is no one-size-fits all, but in our experience, there are common phases and implementation activities which we’ve outlined below.

Most of our clients work directly with us but others prefer to engage the services of risk consultants (who we also partner with) to support the planning, configuration and execution process and our team is adept with either approach, depending on our clients preferred delivery model.

The diagram below represents the “typical” steps that are involved in preparing to undertake a financial crime risk assessment (FCRA) framework and methodology review, configuration of the platform and the steps that are often involved in conducting the assessment, documenting report outcomes, and documenting any actions and follow-on activities. The timing and steps can vary and is meant as an illustration of what a typical engagement may look like.

RAP Value Proposition

Step 1- Mobilisation and Kick-off

Mobilisation and Kick-off

Depending on the size of the opportunity, we may engage in a timeboxed (45 day)  “proof of concept” (POC) phase* to understand your existing approach to financial crime risk assessments to determine the potential to digitise  your methodology, risk models, controls and operating structure into our Risk Assessment Platform.

Typically, this involves signing an NDA, then sharing existing workbooks and previously completed financial crime risk assessment reports, which we will review and assess whether this is fit for purpose, as is, or whether this will require some configuration and/or calibration decisions to be made to align to the functionality of the Risk Assessment Platform.  Following our initial review we will provide feedback and recommendations.

During this phase, we would typically engage with the risk assessment champions within your business, undertake several training sessions and agree a timeline for the POC and/or implementation project.

Deliverable(s):

  • Analysis of existing FCRA materials and demo / training sessions with your team.

* An alternative to a POC, is including a POC / cooling off period with a break-fee if you decide that following the POC that our solution will not work for your business (although we have yet to find one!)

Information Gathering and Discovery

During the information gathering and discovery phase we will be trying to ascertain how FCRAs are conducted within your organisation and during this phase we will be gathering information on previous FCRA processes including the methodology, approach, inputs and outputs used, so that we can gain a better understanding of the current state.

Input(s) Required:

  • Copies of previously completed FCRAs including methodology documentation, risk factor questionnaires, control assessments and final reports
  • Overview of the organisational structure and reporting structure for FCRAs

Step 2 – Current State Assessment

This step is optional and typically conducted by risk consultants when engaged to conduct a financial crime risk assessment review and capability uplift, whereas other clients seek to leverage our expert-developed risk and control modules to improve their current approaches rather than doing a current state vs. target state review.

We’ve described the activities that are typically conducted when a financial crime risk assessment uplift is required.

Current State Analysis

Typically a desk-based review is conducted and workshops (where required) to gain a clear understanding of your FCRA methodology, scope of risk factors assessed, the process followed and the outputs, including final reports from prior assessments.

The objective of this stage is to identify any gaps and potential opportunities for improvement across the FCRA, leveraging our Risk Assessment Platform.

Deliverable(s):

  • A summary of the key findings and recommendations on the FCRA framework and methodology

Playback Workshops

From the Current State assessment, observations, improvements and recommendations will be suggested on the future-state FCRA framework, methodology and.

Deliverable(s):

  • Review of the main findings, observations and recommendations of the changes
  • An ‘experimentation’ account may be set up and configured aligned to the methodology, risk model examples, controls and sample assessments / assessment units so you can understand how the Risk Assessment Platform will be used to manage the end-to-end FCRA process.

Updated FCRA Framework and Methodology

Building on the current and target state design workshop(s) recommendations would be provided, which may involve some (or all) of the following activities and ultimately decisions your organisation will need to make:

  • Proposed updates to the Inherent Risk, Control Effectiveness or Residual Risk methodology being used
  • Review structure and content of the risk model to determine the scope of risk indicators including:
    • Reviewing the preferred approach to assessing risk (i.e. manual using likelihood and impact vs. automatic vs. automated)
    • Reviewing Risk Groups, Risk Categories, Risk Factors and Risk Indicators to be included in the risk model
    • Including the “calculation techniques” to be applied (i.e., weighted average, additive, dynamic weight indicators, conditional skip logic etc.)
    • Reviewing any weightings to be applied and the rationale behind weighting decisions
    • Reviewing qualitative and quantitative answer sets and the thresholds that are aligned to risk factors/indicators
    • Reviewing any weightings to be applied to the risk model and the rationale behind weighting applications
    • Reviewing any control categories, controls, and any control weightings
    • Reviewing the organisational structure to define the enterprise-level and assessment unit structure(s)
  • Reviewing the roles and permissions to be granted to individual users or user groups.

Deliverable(s): 

  • Updated FCRA Framework and Methodology (Updated) – estimated 1 - 4 Weeks Elapsed (depending on complexity).

Step 3 – Prepare/Setup the Risk Assessment Platform

Support the configuration of the Risk Assessment Platform

We will work with you and support you in applying the configuration settings in the following areas:

  • Create the account and configure the user role(s) and permissions
  • Configure the Risk Assessment Methodology (i.e., IRR, CER, RRR definitions, colours, and matrices)
  •  Configure the Risk Domain(s) and Risk Model(s) including Weightings and Answer Sets
  • Consider the approach to risk assessment (i.e., Manual vs. Automatic vs. Automated)
  •  Consider the Country Risk Assessment approach
  • Configure the Control Categories and Controls Library
  • Configure the Supporting Documents (if required)
  • Configure and Screen Forms (if required) for Context, Risk Analysis and Controls Assessment screens.

Typically, this phase in the project involves working with a smaller team of people, which are usually operating in the second-line risk and compliance teams that are responsible for establishing the FCRA framework and methodology, and for rolling out the FCRA processes across the wider organisation.

We can help your organisation to “digitise” their existing FCRA inherent risk questionnaire as a risk model and control questions, as a controls library.  At this point your organisation may elect to utilise some of the inherent risk indicators, controls or control tests from Arctic’s risk and control modules, essentially creating a hybrid of the content module.  We will train your team on how to make these changes themselves.

Deliverable(s):

  • Risk Assessment Platform training sessions with configuration settings – estimated 1 - 4 weeks.

Step 4 – Conduct the Risk Assessment and Generate Reports

Train Users

Once the Risk Assessment Platform has been configured to your requirements and signed off by your key stakeholders, we will work with you to plan the rollout of the platform to other first-line users by organising training session(s) so that people have a clear understanding of the FCRA project and platform that will be used and how to use it.   We usually operate on a train the trainer basis but can be involved in wider training sessions, if required.

Deliverable(s):

  • Risk Assessment Platform training with a broader set of stakeholders that are responsible for conducting the risk assessment, usually on behalf of the first-line, business teams.

Establish the Assessment Unit Structure and Invite Users

We will support the setup of the Assessment and Assessment Unit Structure to create the FCRA framework to allow risks and controls to be assessed by the business teams.

Deliverable(s):

  • Create the Assessment and Assessment Unit structure in the Risk Assessment Platform.

Support you in conducting the FCRA

We will support you (and your consultant, should you decide to engage with one) to conduct the FCRA using the Risk Assessment Platform, or we will provide support to the business users so that they can:

  • Complete the context section, by providing information related to the businesses nature, size and complexity
  • Complete the supporting documents section (if enabled) to upload relevant documents
  • Complete the assignment of risks and/or controls using the workflow processes
  • Complete the risk analysis section by responding to risk indicator questions, adding comments, supporting documents, actions, and mapping risks to controls as required
  • Complete the controls assessment section to assess the design and operational effectiveness of controls, including documenting any control tests that have been performed and the results
  • Create Assessment Unit(s) and Assessment level reports, document key observations, findings, recommendations, and actions and review the findings with relevant stakeholders
  • Create a list of recommendations and next steps for improving and maturing the FCRA further in future cycles.

Deliverable(s):

  • Completed FCRA across the business, documented reports at the Assessment Unit (i.e., country, operating group, business line, functional level, as appropriate) and Assessment Level (i.e., enterprise-level report aggregation).

Step 5 – Handover and ongoing support

Refresher training and help when you need it

We will ensure that your team is fully trained in how to configure and use the Risk Assessment Platform without our help, but if you need it, we are always on hand to provide this through email, telephone or meetings.

As a valued client of Arctic’s, we will provide ongoing refresher training and support as needed and we pride ourselves in our collaborative approach and we often solicit inputs from our clients and partners when contemplating and designing new features and making improvements to the platform.