When it comes to jurisdiction risk, administrators should first define:
- The risk factors that affect risk scoring (e.g. nationality, residence of UBO, jurisdiction of source of wealth, etc…)
- How countries are grouped, the relevant categories and assigned risk scores.
These settings can be configured as follows:
Step 1: Preparing your Jurisdiction Risk Scores
Before configuring your Jurisdiction risks, it is important to ensure that you have an updated policy relating to how you are handling Jurisdiction risk, particularly considering recent regulatory actions and focus.
Part of this policy would include defining a risk score for each country, based on individual risk assessments of the jurisdictions you deal with.
Countries sharing the same risk score can be grouped into categories, such as High/Medium/Low risk or in any way you wish to categorize them.
Step 2: Create a new country category group
You can have more than one way of dividing all the countries in the world into different categories. For example, you can divide the countries based on risk for risk scoring purposes and also divide the countries based on geographical location for reporting purposes.
A country category group allows you to divide all countries in the world into specific categories. In the above example, you would need to have two country category groups – e.g. named “Risk Scoring”, “Reporting”.
In most cases, your InScope environment already contains a country category group and this step can be omitted.
- Go to Settings > Country Category Groups to see all the country category groups configured within your system.
- If you would like to create a new country category group, Select Add Group, in the top right of the Country Category Groups widget. In most cases you do not need to do this and will be using the “Default Grouping” group as the basis for risk scoring.
- If you choose to add a new country category group, the “Add Group” option will present you with the following widget. Fill in the form and press “Save“.
Step 3: Define Country Categories
Once you have identified the country category group that will form the basis of your jurisdiction risk scoring, you need to make sure that the countries of the world are divided into the appropriate country categories.
- Go to Settings > Country Categories.
- Once here you can filter the country categories by the relevant group, using the filter on the left of the screen. Click on a country category to edit it or select ‘Add Country Category’ in the top right.
- If you chose to create a country category, the system will present you with the following screen. You will need to enter the name, select the country category group created previously and add a description if you would like. Then select ‘Save’ at the bottom of the page.
- If you select an existing country category or create a new one, you will come to the overview of the country category. For a new country category, you will notice that the rules on the right are empty as shown below. Click ‘Edit’ from the Rules widget to edit the rules.
- In order to add countries to select ‘Add rule’ at the top right of the screen. This will display the following widget. To include a single country, you need to select ‘Rule type’ Country and Mode ‘Include’, followed by the country in question and then pressing ‘Save’.
- You will need to do this for all countries that you want to include in the list and apply the associated risk rating to. You may also want to bulk add multiple countries from one of the many lists maintained by InScope. To do so, you will choose ‘Rule Type’ List and then select a list. For example, you may want to add all countries on EU Weak AML List to your High Risk Countries category:
- Once you’ve added all the countries to the country category, you can add a risk score, which will apply this score to all jurisdiction risk factors based on this country. This can be found again under Settings > Country Categories > Country category created earlier > Details
Important: Note that each country category group will contain a “Others” country category that does not define any rules but will include all countries that do not fall into one of the other country categories. Make sure that this country category also has a risk score.
Step 4: Connecting a group of country categories to the jurisdiction risk pillar
- You can find risk pillars under Settings > Risk Pillars.
- Risk Pillars can be assigned a Risk Pillar type. A Jurisdiction risk pillar type can be configured using simplified rules. Select the jurisdiction risk pillar from the list above to open the Jurisdiction Risk Pillar dashboard as shown below:
- Make sure that the Risk Pillar Type shown in the Risk Pillar Details widget, is set to Jurisdiction as shown on the screen below.
- Click on the Edit button and set the Country Category Group to the group created/selected in step 2. This instructs InScope to apply the risk scores associated with the country categories you created earlier, to this risk pillar:
Step 5: Set up Risk Factors
- From the Jurisdiction Risk Pillar dashboard, click on Risk Factors. This will open up a screen as shown below. Now you can configure the Factors, which are the various places InScope will take risks from in order to work out the risk from the appropriate source.
- Select a factor that you want to consider and then tick which entities/entity factors or associations are going to affect the score, as per the below.
The Risk Sources allows you to define how nationality of individuals effects risk ratings along the Jurisdiction risk pillar.
For example, in this case we have selected “Entity”, “Ultimate Beneficial Owner” and “Director”. For a serviced individual, the nationality of the individual will be taken into account (since we ticked “Entity”).
For serviced companies, the nationality of its UBOs and directors will be considered. There is a small explanation for each, however, please contact support if you have any questions related to Risk Factors.
- After you have done this you should see the Factors listed next to the risk source:
Step 6: Review Risk Rules
Segments and risk scores should now be automatically generated as per the below:
