This module overview will encompass some of the system configuration features in relation to Risk Assessment and Risk Classification.
Risk Classifications
Risk assessment is the process that allows an entity to be classified into a risk classification.
This feature allows you to customize the number and title of the risk classifications that the entities in the system will fall into. As an example, risk classifications in the system can be defined as Low, Medium, High and Extreme.
The system does support other risk classifications such as Low-Medium, Medium-High or Extreme High. Modification of risk classifications can be done via the Risk Settings option in the Settings menu.
Risk Pillars
Another important concept is the Risk Pillar.
Risk Pillars define the risk scores for a set of factors that share a common theme (e.g. Jurisdiction).
In most cases, the system is set up with four risk pillars:
- Customer;
- Product/Service;
- Interface; and
- Jurisdiction.
The system does support other risk pillars such as Customer: Economic Activity or Geography: Residence. Modification of risk pillars can be done via the Risk Pillars option in the Settings menu.
Risk Scoring
During the Customer Risk Assessment process, entities are assigned risk scores for each risk pillar (that can range between 1 to 10 or 1 to 100, with 1 indicating the lowest risk and 10/100 indicating the highest).
For each pillar, the system is configured to recommend an appropriate risk score based on the information provided. The rules of each configuration can be done via segments or via simplified risk rules, as explained further on in the links at the end of this article. The rules allow users to define a risk score for a particular cross-section of the client base. For example, a common rule is to have a customer risk score of 10 for a Politically Exposed Individuals segment.
When generating a Customer Risk Assessment, the system identifies all the rules that are applicable to the entity being risk assessed and recommends that the pillar is scored in line with the highest-scoring rule within that pillar. The system also recommends a risk classification for each pillar based on the mapping between risk scores and risk classifications.
As part of the Customer Risk Assessment process, the risk assessor will need to review these risk scores at the pillar level and accept or modify them (this action is permission based). Once this is done, the system will recommend an overall risk classification for the entity.
This overall risk score can be calculated in one of two ways, via:
- Maximum Score
When using the Maximum Score, if the Customer Risk Pillar is High, for example, and the other pillars have a Low risk classification, the overall risk classification of the client is High, as the system takes the highest score across all pillars as the overall risk.
- Weighted Averages
Whilst using a weighted average calculator, the score is reached by multiplying the score of each pillar against a specific weighting configured by the user, and then adding the result of all pillars to achieve an overall risk score.
In both cases the system translates this overall risk score into a risk classification.
Whilst defining the risk pillars’ weights, one out of two different weighting types must be selected:
- Overall Pillar Weight
The overall pillar weight method requires one weight per risk pillar to be defined, that will be applicable across all entities in the system.
- Per Entity Type Pillar Weighting
The per entity type pillar weighting method requires four weights to be defined per risk pillar, as it requires one weight to be defined per type of entity in the system, and there are four (i.e. individuals, companies, trusts and other organizations are the four entities in the system).
.Administrators within the system can choose between these options as well as define the weights for each risk pillar via the Risk Settings screen (chapter 9.6 provides further details).
Risk Classification Overrides
Administrators can define certain rules that override the overall risk classification.
This could be useful to specify that even if a weighted average approach is used, some scenarios (such as when dealing with PEPs), override this average.
This override could be set via the segments screen or within the different simplified risk rule screens – refer to links at the end of this article.
Customer Risk Assessment – Manual Overrides
When generating a Customer Risk Assessment, risk assessors with appropriate permissions can override the recommended risk score. However, whenever a recommendation is overridden, the user must supply comments explaining why such action was taken otherwise the risk assessment will not close.
Risk Assessment Warnings
The system will periodically generate warnings asking users to carry out risk assessments.
Such warnings are generated when:
- An entity is created in onboarding/serviced state;
- Periodically at a frequency defined by the administrator (via Settings > Risk Settings);
- Any time there are changes to the entity details; or
- Changes to rules are made that would change the recommended risk classifications.
Permissions
Users in the system with appropriate permissions are able to carry out a risk assessment on any serviced entity.
Risk assessors with appropriate permissions are able to override the recommended risk score. However, whenever a recommendation is overridden, the user will be forced to provide a comment to record why such action was taken.
Simplified Rules vs. Non-simplified rules
Within each risk pillar, the user can find the list of risk scoring rules that are applicable to that pillar.
A non-simplified rule is one that is associated with a manually-created segment. This type of rule leverages the flexibility of segments and allows for complex risk scoring rules.
The easiest way to create this type of rule is to create a new segment or update an existing segment through the Segments menu.
Alternatively, users can also assign risk scores for existing segments through the Segments sections within each Risk Pillar screen.
Simplified rules, as explained in the introduction to segments article, provide an easier way to assign risk scores without having to manually create segments. Simplified rules can be configured in four different ways, depending on the Risk Pillar Type. The following articles provide more information on each risk pillar type: