There are many ways for firms to assess the risk of money laundering by clients. This is an example of a financial institution's financial crime risk assessment model, which assigns a numerical score of one low, two medium, and three high to the four risk factors, and then gives unequal weights to the risk factors based on the business that they operate in, and use the sum of the weighted scores to determine the financial crime risk rating of its client. The approach shown here is not prescribed by regulators. Rather, the regulators have established the principles from which financial services providers must then build their own risk assessment models, incorporating their own perceptions of the risk factors. Here's a simple example to illustrate the risk assessment methodology. Imagine a firm's client is a UK regulated financial institution that is also one of the firm's correspondent banks, which means they are used for making international payments. The firm's risk assessment model scores, the risk factors as follows. Sector risk high three, because correspondent banking carries a high financial crime risk. Geography risk low one, because the UK is a low risk country for financial crime. Entity risk low one, because the entity is listed on the LSE and is a regulated financial institution. Product risk. High three. Payment services are a high risk product type when used by clients that are other financial institutions. Now let's see how the model would calculate a weighted total of these scores to generate the client's financial crime risk rating. This table shows how the black box, the risk assessment model determines a financial crime risk rating for the firm's correspondent bank client. Having already said that a firm is free to design its own risk assessment model and to choose the weights, it applies to each risk factor. It must apply the weights consistently. The geographical risk weight of 30% cannot be varied from one client to the next reading across the bottom row. The UK is a low risk country for financial crime, so the model assigns a score of one. After weighting this score at 30% geography or country risk contributes 0.33 to the weighted total score of 1.93, almost two, making the client's overall financial crime risk rating medium. The purpose of carrying out a financial crime risk rating is to determine the amount of resources deployed to mitigate the risk. So when the model says the client's risk rating is medium, do you think risk managers can override this to low or high? Well, it depends on the firm and its policy. For example, one, well-known Universal Bank allows risk owners to override the model output, but only when they're proposing a higher risk rating than the model derived one. And only by providing written justification for the override.
