A Sanctions Risk Assessment is a methodology to identify and understand the inherent risks faced by an organisation and whether the controls in place are sufficient to mitigate those risks. The outputs are the residual sanctions risks, which (if outside risk appetite) will feed into the Financial Crime Framework enhancement initiatives.
This Sanctions Risk Assessment consists of two documents:
1. A Risk and Controls Scoring Tool (in Excel) utilising 45 inherent risk questions and 87 control questions to calculate the organisation's quantitative residual risk rating.
2. A Risk Assessment Template (in Word) to provide qualitative analysis of the residual risk rating.
The Risk Assessment covers the following Inherent Risks:
- Industry/Sector
- Products/Services
- Delivery Channel
- Clients
- Countries
- Transactions
- Organisations
- Third Parties
The Risk Assessment covers the following Controls:
- Governance
- Reporting
- New Products/Services
- Due Diligence
- Monitoring
- Employee Engagement
- Third Party Oversight
- Assurance