How to perform a firm-wide risk assessment
- Identify the money laundering risks.
- Assess the likelihood and impacts of each risk.
- Review the mitigating checks, systems and controls you have in place.
Key risks to consider
The assessment should consider factors such as the customer base, the countries and geographies in which the firm operates, and the products and services offered (eg, clients’ money accounts or incomplete records engagements). Firms can then design their policies and procedures to respond to the level of risk identified. Whereas, in the past, we have found that firms hadn’t performed a firm-wide risk assessment, now we find that firms are performing one but that the assessment doesn’t cover all the risks faced by the firm, or fails to conclude on the level of risk.
Quality assurance monitoring
ICAEW reviewers will compare the risks the firm has identified in its own assessments with the knowledge the reviewer has gained about the firm (taken from opening meeting discussions, annual return information and other client data) to ensure the firm-wide risk assessment is comprehensive and complete. The reviewer will also assess the mitigating actions described in the firm-wide risk assessment and ensure that what the firm has designed will be relevant and effective to mitigate the firm’s gross risk profile as well as ensuring that staff are implementing those mitigating actions.
Resources to support compliance
Read the report
Read our 2023/24 anti-money laundering supervision report for more detail on the results of our monitoring reviews.
Download
