Business Wide Risk Assessment
Published on 20.09.2024

Business Wide Risk Assessment (“BWRA”): Essentials for FCA Compliance and Financial Crime Prevention

Financial Crime

As per Regulation 18 of The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations (“MLRs”), it is a regulatory requirement that firms have a Financial Crime Business Wide Risk Assessment (“BWRA”) in place.

The importance of having a Financial Crime Business Wide Risk Assessment was reiterated in the most recent Financial Conduct Authority’s (“FCA’s”) Dear CEO Letter, where the regulator stated that it is the firms’ obligation to have a comprehensive and high-quality financial crime BWRA in place to effectively identify, assess, and mitigate financial crime risks. Firms may also be asked to provide a version of this risk assessment to the FCA upon request.

This financial regulatory requirement is particularly important for asset managers, as the FCA identified the asset management industry as an “inherently high-risk sector for enabling and/or participating in financial crime” in its November 2023 Dear CEO Letter. In our experience, asset managers often misinterpret their obligations concerning BWRAs and frequently fail to implement one, leading to a regulatory breach.

Where firms have a BWRA in place, it is often insufficient, resulting in frequent inquiries about how to design a proper and proportionate exercise. To ensure our clients’ BWRAs are both valuable and compliant with the latest regulatory guidance, we follow three key principles, which are outlined further in this article.

Going beyond regulatory requirements

As well as it being a regulatory requirement, developing a BWRA is a crucial component of the anti-financial crime framework for any financial services firm. A Business Wide Risk Assessment forms the basis for all financial crime framework elements, including systems, controls, processes, and resourcing. By thoroughly assessing where and how risks may arise, the BWRA ensures that these framework elements are not only compliant but also strategically aligned with the firm’s specific risk profile and operational capabilities.

Although often overlooked, the BWRA is an effective tool for identifying and managing risks, offering deep insights into potential vulnerabilities that might otherwise go unnoticed. Business Wide Risk Assessments form the foundation for an efficient and relevant roadmap that guides senior management in achieving business objectives while staying within the firm’s financial crime risk appetite. This regulatory roadmap helps prioritise resources, ensuring that the firm’s efforts are focused on the most significant risks, thereby enhancing both operational efficiency and the overall robustness of the financial crime prevention strategy.

While varying from firm to firm, the approach to the BWRA typically follows a standardised methodology for thorough completion.

 

1. Focus on relevant business risks

Focusing on risks that are directly relevant to the business is essential as it ensures that resources and efforts are effectively directed towards the most significant threats that could impact the firm. By concentrating on these pertinent risks, firms can tailor their anti-financial crime strategies to address specific vulnerabilities rather than applying a one-size-fits-all approach. Bespoke anti-financial crime strategies allow firms to remain compliant in the most cost-effective manner possible.

Business Wide Risk Assessments adapted to a firm’s specific offerings significantly reduces risk exposure. Therefore, it is essential to focus on risks directly relevant to your business model and operations. While some issues are universal, others are unique to an industry. For instance, consider risks associated with different investment products, such as equities versus illiquid investments. Where a firm invests in illiquid products, consider the characteristics of the investments and whether they bring a different set of risks to the rest of the book. Evaluate the potential for financial crime in client onboarding processes, third-party relationships, including any introducers and marketing relationships, a firm’s products and services, as well as in various distribution channels.

Additionally, a specific area of concern for asset management firms is the use of complex offshore structures to obscure the true ownership of assets. Asset managers often deal with clients who invest through a web of offshore entities, trusts, or shell companies. While these structures can be legitimate, they can also be used to launder money or evade taxes. Understanding these risks allows you to design and implement suitable controls to ensure ongoing compliance.

By focusing on the risks most relevant to your operations, you can develop more targeted and effective mitigation strategies, ensuring the integrity of the BWRA.

 

2. Utilise a scoring system for Effective Risk Assessment

Developing a scoring matrix with clear and objective parameters is key to achieving consistent and reliable results. Create scoring criteria that reflect the complexity and risk profile of different investment products, client segments, and jurisdictions. For instance, when assessing the risk of high-net-worth individuals, consider factors such as their source of wealth, transaction patterns, and geographical connections. Conversely, for institutional clients, parameters might focus on the nature of their operations, regulatory history, and involvement in complex financial transactions. Similarly, risk evaluation should differentiate between emerging markets, which may present higher geopolitical and economic risks, and developed markets, which typically offer more stability.

To ensure consistency within your risk management framework, ask yourself: if one employee conducts a BWRA and another employee updates it in a year, will they use the same scores for the same levels of risk? If the answer is yes, you are on the right track. This uniformity enhances the reliability of your risk assessments while ensuring that all staff members are aligned in their approach to identifying and managing risks. By creating a well-defined scoring system, you lay the groundwork for a robust and transparent risk management framework, enabling your firm to navigate financial crime risks with greater precision and confidence.

 

3. Engage relevant stakeholders in BWRA Development

Involving relevant stakeholders across your organisation in the BWRA process is critical for the strengthening of your risk management framework and effective collaboration across different lines of defence.  For asset management firms, this means engaging with portfolio managers, operations, risk managers, and client relationship teams to identify risks and sub-risks relevant to the specifics of the firm. Each group brings a unique perspective on the specific risks and sub-risks associated with their areas of expertise. For example, portfolio managers can provide insights into the risks related to investment strategies and market exposure, while client relationship teams can highlight potential risks associated with client interactions and behaviours.

Engaging these stakeholders may involve various methods, such as conducting interviews, jointly populating BWRA documents, and seeking input and feedback on completed assessments. This collaborative approach ensures that the Business Wide Risk Assessment is thorough and reflects the full range of risks facing the firm. By incorporating feedback from different part of the business, firms can enhance their risk management framework, ensuring that it is dynamic and responsive to emerging threats.

This engagement helps create a culture of compliance and risk awareness throughout the organisation. When employees are involved in the risk assessment process, they are more likely to understand and support the risk management framework, leading to more effective implementation and adherence. Regularly collecting and integrating feedback from these stakeholders allows firms to continually refine and improve their risk models. This process ensures that the BWRA evolves with the firm’s changing needs and external risk landscape, making it a practical and valuable tool for managing financial crime risks rather than just a regulatory requirement.

 

BWRA Key Takeaways:

  • BWRAs should be tailored to your business activities to identify, assess, and mitigate financial crime risks effectively.
  • Focus on risks that are relevant to your business.
  • Develop and utilise a scoring system to identify and mitigate risk now, and ensure consistency of results in the future.
  • Ensure a wide range of stakeholders with sufficient seniority are involved in the BWRA development to guarantee coverage of the entire risk profile.

 

Next Steps:

Novatus Global supports firms in designing, undertaking, refreshing and validating BWRAs. We’ve curated ready-made, client-tested templates that can be used as a basis to help accelerate your BWRA process, benchmark your assessments against industry peers, create new BWRAs or quality-assure existing ones. Our team of experts understands regulatory expectations and financial crime risks, having worked in a variety of organisations under regulatory scrutiny. Moving beyond ‘tick-box’ compliance, we deliver products that generate accurate, tangible, valuable results. Our tailored, comprehensive approach ensures compliance, enhances your risk management framework, and empowers senior managers and the Board to effectively execute oversight responsibilities.

Contact us today to learn more about our customisable BWRA methodology and assessment services designed to help you stay ahead of regulatory requirements and effectively manage your financial crime risk, and discharge regulatory responsibilities.

What is a BWRA?

A Business Wide Risk Assessment (“BWRA”) is a mandatory evaluation that helps financial services firms identify and mitigate financial crime risks. BWRAs form the foundation for key elements of a business’s anti-crime framework, such as systems, controls, and resource allocation, ensuring alignment with regulatory requirements and the firm’s risk profile.

Is a BWRA mandatory for all financial services firms?

Yes, the Money Laundering Regulation 2017 set out by the British government stipulate that all firms should have a Financial Crime Business Wide Risk Assessment in place. Regulatory bodies such as the FCA can review a business’ BWRA to assess that it meets the standard required to address and mitigate financial crime risk.

What are the key components of a BWRA?

BWRAs assess risk across key areas of business, these include but are not limited to, client onboarding, third-party relationships, product offerings, transaction volumes, and geographical exposure. Comprehensive BWRAs will involve creating scoring matrices to evaluate risks consistently and engaging stakeholders across the organisation for comprehensive insights.

Verified by

Francis Stroudley

Head of Compliance and Conduct