WHAT IS THE
EWRA Maturity Survey?
Enterprise-wide financial crime risk assessments are a mandatory requirement for millions of businesses in over 200 countries and over 30 industry sectors. Whilst these obligations have been around for more than two decades, many organisations are still conducting these in a relatively immature way.
Gaining insight into the level of maturity of your organisation’s enterprise-wide financial crime risk assessment approach and how this can be developed is a crucial step to improving the maturity of your organisation’s financial crime risk management approach, which is why we’ve created the Enterprise-Wide Risk Assessment (EWRA) Maturity Survey
Completing the survey is just the first step to an effective understanding of your financial crime risks. Below we outline:
- What are the levels of maturity and what do they mean?
- How does the scoring work?
- Understanding the outputs of the EWRA Maturity Survey
- Understanding the common challenges and how to overcome them
- What should you do with the results of the survey?
By understanding your current level of maturity, you can establish how to manage your organisation’s financial crime risk assessment process in a less time-consuming and more cost-effective way.
WHAT ARE THE QUESTIONS IN THE
EWRA Maturity Survey?
The EWRA maturity survey takes less than 3 minutes to complete and is based on the following seven questions:
WHAT ARE THE LEVELS OF MATURITY AND
What do they mean?
We’ve defined five levels of maturity, and in keeping with the Arctic theme, have used mountain climbing to describe each, ranging from Base Camp to the Summit and everything in between!
HOW DOES THE
Scoring work?
The scoring system works on a simple count from 1 to 5, 1 being the least mature and 5 being the most mature. The scoring table below summarises the maturity level based on the total score recorded.
UNDERSTANDING THE OUTPUTS OF THE
EWRA Maturity Survey
The table here outlines the maturity level and the common characteristics of operating at that level.
UNDERSTANDING COMMON CHALLENGES AND
How to overcome them
At each maturity level, there are several common challenges that regulated businesses typically experience and the table below summarises a few of these and provides examples of the steps that can be taken to overcome them.
Base Camp (Simplistic)
Common Challenges
- Limited or no formal Board oversight of the EWRA
- No clearly defined risk methodology or indicators
- Conducting risk assessments using spreadsheets
- More time spent administering a manual spreadsheet-based process than managing risk
- Lack of audit trail to trace decisions made or actions taken
Steps to overcome them
- Engage with Board to set risk appetite and tolerance
- Document the risk methodology and risk factors
- Start to investigate digitised platform solutions
- Invest time in critically examining whether a spreadsheet-based approach is the best approach
- Invest in a solution that has a full audit trail, workflow management, issue tracking and reporting
Advanced Base Camp (Established)
Common Challenges
- Some, but infrequent Board oversight of the EWRA
- Only a few people with intimate EWRA knowledge
- More time spent administering a manual spreadsheet-based process than managing risk
- Convincing stakeholders that current approaches are deficient and lead to suboptimal outcomes
Steps to overcome them
- Increase frequency of discussion on the EWRA
- Expand organisational EWRA knowledge by training
- Invest time in critically examining whether a spreadsheet-based approach is the best approach
- Start to pilot, then adopt EWRA digitised platforms to deliver tangible benefits and gain more control
Lower Peaks (Defined)
Common Challenges
- Only annual Board oversight of the EWRA
- Documented risk indicators, but no weighting
- Ability to source some (but not all) data inputs
- Only one or two types of risk assessment being digitised and automated rather than commonly done
Steps to overcome them
- Increase frequency of EWRA discussions, quarterly
- Apply weights at all EWRA levels, document rationale
- Develop a plan for sourcing data of high reliability
- Build stakeholder support to adopt a common approach for risk assessments across all domains
Upper Peaks (Embedded)
Common Challenges
- Ability to obtain accurate and reliable data inputs
- Agreeing risk weightings among stakeholders
- Periodic ingestion of data into the EWRA
- Time spent sourcing and cleaning data
Steps to overcome them
- Engage with IT teams and define data requirements
- Ingest data attributes that can be sourced easily
- Data automation through API data feeds/file uploads
- Investing to build a financial crime risk data store
Summit (Advanced)
Common Challenges
- Perpetual ingestion of data into the EWRA
- Real-time dashboards on inherent risk changes
- Resources to monitor perpetual EWRA risks and adjust risk inputs and decide on the right controls
Steps to overcome them
- Sourcing data continuously and in real-time
- Determining the ky KPIs and metrics to monitor
- Ensuring sufficient resources to monitor, report and act when risks are outside of risk appetite
WHAT SHOULD YOU DO WITH THE
Results of the survey?
Now that you have completed the Enterprise-Wide Risk Assessment Maturity Survey it is essential to take the time to reflect on what could be improved. Next, take action based on these findings to improve your financial crime program and mitigate financial crime risks.
Here is a suggested approach for looking at your survey results:
By taking these actions based on the results of your EWRA maturity assessment, your organisation can strengthen its EWRA and wider financial crime compliance program, reduce financial crime risks, and demonstrate a commitment to responsible and ethical business practice.