CRA and BRA [EWRA] Made Simple: Comsure’s Two Powerful SaaS Tools for Regulatory and Business Compliance

Two risk assessment tools for two distinct risk assessment methodologies and processes

• Comsure works with two SAAS risk assessment tools to help regulated persons meet all their legal and regulatory requirements
• Comsure partners with two specialised Jersey-developed SaaS platforms — iTrackAML and RISQED — to enable regulated firms to effectively meet their obligations under the regulatory framework and equivalent international standards for:-
• AML/CFT/CPF and
• Broader governance, risk, and compliance (GRC)
• These solutions directly support the two core risk assessments required by regulators:
• Customer Risk Assessment (CRA), delivered by iTrackAML
• Enterprise-Wide Risk Assessment (EWRA) / Business Risk Assessment (BRA), delivered by RISQED

iTrackAML

• Is a complete AML client lifecycle management platform focused specifically on third-party and customer risk.
• It provides digital onboarding (KYC/KYB), configurable risk scoring, sanctions/PEP/adverse media screening, ongoing monitoring, and SAR support.
• Built in Jersey and aligned to AML/CFT/CPF rules, it replaces fragmented spreadsheets with a single, audit-ready system that produces consistent, proportionate, and fully evidenced compliance outcomes.

RISQED

• Built in Jersey and aligned to regulatory (e.g. JFSC/GFSC/MFSC/FSA, ETC.) rules: RISQED is an AI-powered GRC platform that modernises Enterprise-Wide Risk Assessments.
• It digitises the full risk lifecycle — identifying, scoring, and managing all organisational risks (regulatory, financial crime, operational, cyber, and more) using impact, probability, control effectiveness, and residual risk methodologies.
• With comprehensive audit trails, version control, and integrated reporting,
• RISQED turns risk assessment from a static compliance exercise into a dynamic, board-level governance tool.

COMPLEMENTARY

• While the two platforms are highly complementary and often used together, they address distinct needs with different methodologies, both clearly outlined in regulatory (e.g. JFSC/GFSC/MFSC/FSA, ETC.) rules:
• iTrackAML delivers targeted customer threat assessment,
• RISQED provides a holistic, enterprise-wide view of all material risks.
• Together, iTrackAML and RISQED help regulated firms (including TCSPs, fund administrators, banks, insurers, and fintechs) move away from manual processes to scalable, consistent, and regulator-defensible solutions.
• The result is stronger compliance, reduced operational burden, improved decision-making, and greater confidence during inspections and thematic reviews.

HERE ARE SOME MORE DETAILS

 Two assessments are  

• Customer Risk Assessment (CRA)
• Enterprise-wide risk assessment (EWRA)

The two tools are

• ITRACKAML is a Customer Risk Assessment (CRA) tool,
• https://itrackaml.com
• https://www.linkedin.com/company/itrackaml
• https://www.comsuregroup.com/advisory-product-support/itrack-aml/
• https://www.digital.je/membership/member-directory/itrack/
• https://www.youtube.com/watch?v=r7G6Fv-f5AY&t=6s
• RISQED is an enterprise-wide risk assessment (EWRA) tool.
• https://www.comsuregroup.com/media/mx1dgh2g/10851-comsure-risqed-brochure-4pp-lr-for-linkedin.pdf
• https://www.comsuregroup.com/media/rtpfa2rs/10842-comsure-risqed-a4-flyer-lr-for-linkedin.pdf  
• https://www.comsuregroup.com/news/risqed-is-comsure-s-new-ai-powered-governance-risk-compliance-grc-platform/
• https://www.comsuregroup.com/news/exciting-news-from-risqed-jersey-has-an-ai-powered-audit-ready-bra-system-ready-to-use/
• https://www.comsuregroup.com/news/mat-says-bringing-risk-assessments-into-the-21st-century-with-risqed/

The two solutions are highly complementary and work well together. Still, they address different needs and use different methodologies, as clearly outlined in regulatory rules (e.g., JFSC/GFSC/MFSC/FSA).

• ITRACKAML is a targeted threat assessment tool focused specifically on third parties – your customers.
• RISQED provides a full enterprise-wide risk assessment, evaluating ALL your risks (as you see them) based on impact and probability and reducing them from gross to residual levels across your entire organisation.

Below are some further notes on the two tools

What is iTrackAML?

iTrackAML is a Jersey-based, cloud-delivered (SaaS) RegTech platform that supports firms subject to AML/CFT/CPF obligations. It is designed specifically for businesses supervised under the Jersey (and other regulated countries/islands) AML framework, providing a single system to manage the full AML client lifecycle.

The platform is headquartered in St Helier, Jersey, and is used by regulated and supervised firms, including TCSPs, fund administrators, professional services firms, estate agents, and fintechs.

SaaS Delivery Model

iTrackAML is delivered entirely as Software‑as‑a‑Service, meaning:

• No on‑premise installation
• Secure browser‑based access
• Centralised data and audit trails
• Automatic regulatory and methodology updates
• Scalable licensing for small through to complex firms

This delivery model is designed to meet regulatory expectations that firms must evidence controls, not merely describe them.

Core Functional Capabilities

1. Digital Client Onboarding (KYC / KYB)

• Individual and corporate onboarding
• Structured client data capture
• Document management with retention controls
• Entity relationships and connected parties
• Ultimate Beneficial Ownership (UBO) identification and mapping

2. Risk Assessment (CRA / Business Risk)

• Configurable customer and business risk models
• Product, service, geography, delivery channel and client risk
• Scoring aligned to international and local standards
• Consistent, repeatable outcomes suitable for regulatory review

The risk methodology is designed to align with Jersey regulatory expectations and the FATF and Wolfsberg principles.

3. Sanctions, PEP & Adverse Media Screening

• Screening of customers, UBOs and associated parties
• Sanctions and politically exposed person (PEP) identification
• Ongoing monitoring triggers
• Documented decisions and escalation workflows

4. Ongoing Monitoring & Periodic Reviews

• Risk‑based review scheduling
• Change‑of‑circumstance tracking
• Full audit trail (who, what, when, why)
• Evidence suitable for inspections, thematic visits and data submissions

5. SAR & Internal Reporting Support

• Case records supporting suspicion assessments
• Documented decision‑making
• Management information dashboards
• Clear separation of operational activity and oversight

Jersey‑Specific Regulatory Alignment

iTrackAML is built specifically around Jersey’s AML/CFT/CPF regime, including:

• Alignment with the JFSC AML/CFT/CPF Handbook
• Support for increased scrutiny through inspections and supervisory data
• Capability to demonstrate compliance with evolving expectations (including complex ownership structures)

The current platform version (MKII) was launched in 2026 in response to regulatory changes and increased supervisory focus.

Governance & Design Philosophy

The platform is developed by a Jersey‑based team with deep AML advisory experience, rather than being a generic global compliance tool. This ensures that:

• The workflows reflect how Jersey regulators supervise
• Outputs are defensible, consistent and proportionate
• Firms can show decision‑based compliance, not box‑ticking

Practical Benefits for Jersey Firms

• Replaces spreadsheets and document silos
• Improves consistency of AML decision‑making
• Strengthens regulatory defensibility
• Reduces inspection and examination risk
• Scales across different business sizes and sectors

Summary

iTrackAML is a Jersey-built, Jersey-aligned AML SaaS platform that consolidates onboarding, risk assessment, screening, monitoring, and reporting into a single system designed to evidence compliance under the JFSC regime.

It is particularly suited to firms seeking to modernise AML operations while maintaining regulator confidence.

www Links

• https://itrackaml.com
• https://www.linkedin.com/company/itrackaml
• https://www.comsuregroup.com/advisory-product-support/itrack-aml/
• https://www.digital.je/membership/member-directory/itrack/
• https://www.youtube.com/watch?v=r7G6Fv-f5AY&t=6s

RISQED – Jersey SaaS Business Risk Assessment & GRC Platform

Overview

RISQED is a Jersey‑developed SaaS Governance, Risk & Compliance (GRC) platform created by Comsure to modernise Business Risk Assessments (BRAs) and Enterprise‑Wide Risk Assessments (EWRAs) for regulated firms. It replaces manual, spreadsheet-based risk assessments with a structured, AI-supported, audit-ready system aligned to Jersey and comparable jurisdictions' regulatory expectations.

The platform addresses long-standing weaknesses in Excel-driven risk processes, including version-control failures, manual errors, inconsistent scoring, and poor evidencing for regulators, auditors, and boards.

Purpose and Rationale

Jersey‑regulated firms are expected to demonstrate that their risk assessments are:

• Methodologically sound
• Regularly reviewed
• Properly documented
• Actively used to inform governance and decision‑making

In practice, many firms continue to rely on static spreadsheets that are time‑consuming to maintain and difficult to defend during regulatory examinations. RISQED was developed to address this gap by providing a centralised, regulator‑aligned risk platform that supports both compliance and business insight.

Core Capabilities

Business Risk Assessment (BRA) and EWRA Automation

RISQED digitises the full risk‑assessment lifecycle, including:

• Inherent and residual risk scoring
• Likelihood, impact, velocity, and interdependency analysis
• Control design and effectiveness mapping
• Risk appetite alignment
• Ongoing review and approval workflows

Assessments are structured, repeatable, and consistent across the organisation and, where relevant, across group entities.

AI‑Supported Risk Analysis

The platform uses AI to support risk professionals by:

• Accelerating risk identification and assessment
• Highlighting emerging or changing risk themes
• Reducing data‑entry and scoring inconsistencies

AI is used as a decision‑support tool, not a replacement for professional judgement, ensuring outputs remain explainable and defensible to regulators.

Audit‑Ready by Design

RISQED maintains comprehensive audit evidence, including:

• Full version history
• Change logs showing what changed, when, and by whom
• Clear rationale for score movements and control changes
• Traceable links between risks, controls, and monitoring activity

This design is intended to support regulatory inspections, internal audits, external audits, and board challenges without requiring the reconstruction of evidence.

Integrated GRC View

Rather than operating as a standalone register, RISQED connects multiple risk domains into a single framework, including:

• Regulatory risk
• Financial crime risk
• Cybersecurity risk
• Operational and business risk

This integrated view enables management and boards to understand how risks interact and aggregate across the business.

Group and Multi‑Entity Support

RISQED supports:

• Single regulated entities
• Group structures
• Multi‑jurisdictional firms (e.g. Jersey, Guernsey, Isle of Man, Mauritius)

This makes it particularly relevant to fund service providers, trust and corporate service businesses, and international regulated groups.

Target Users

RISQED is designed for organisations operating in supervisory‑intensive environments, including:

• Trust and Corporate Service Providers
• Fund services businesses
• Banks and deposit‑takers
• Insurance and captive insurance firms
• FinTech and regulated technology providers
• Any business required to maintain a formal BRA or EWRA

While built with JFSC expectations in mind, the platform is also relevant for firms regulated by other international financial services regulators.

Jersey Launch and Current Status

• RISQED has completed beta and pre‑launch testing
• A formal Jersey public launch has been scheduled for 7 May 2026 in St Helier
• The launch event includes live demonstrations, regulatory methodology walkthroughs, and CPD certification

The launch narrative focuses on regulatory substance, audit defensibility, and governance effectiveness rather than generic RegTech features.

Strategic Significance

RISQED reflects a wider shift in Jersey toward:

• Treating risk assessments as live governance tools
• Embedding risk directly into management and board decision‑making
• Moving away from compliance performed solely for inspection purposes

The platform positions risk assessments as a day‑to‑day management asset, not an annual compliance document.

Source List  

• https://www.comsuregroup.com/media/mx1dgh2g/10851-comsure-risqed-brochure-4pp-lr-for-linkedin.pdf
• https://www.comsuregroup.com/media/rtpfa2rs/10842-comsure-risqed-a4-flyer-lr-for-linkedin.pdf     
• https://www.comsuregroup.com/news/risqed-is-comsure-s-new-ai-powered-governance-risk-compliance-grc-platform/
• https://www.comsuregroup.com/news/exciting-news-from-risqed-jersey-has-an-ai-powered-audit-ready-bra-system-ready-to-use/
• https://www.comsuregroup.com/news/mat-says-bringing-risk-assessments-into-the-21st-century-with-risqed/