As an organisation you need to define the extent to which you are prepared to tolerate Often people misunderstand the term ‘risk appetite’. A Risk Statement therefore should articulate
THE AML [financial crime] risk appetite statement
- Having a robust financial crime risk appetite statement together with its associated financial crime risk assessment is fundamental to an organisation properly understanding, managing and mitigating its financial crime risks - and therefore limiting the opportunities for criminals to access and use the financial services industry for illegal activities.
- The JFSC/GFSC/MFSC/ FCA and other regulators have put increasing focus on financial institutions’ financial crime risk appetite statements and broader financial crime risk management frameworks. Specifically:-
- how risk appetite is understood and defined;
- how the risk assessment is undertaken; and
- how risk is managed through policies and procedures and other aspects of the financial crime risk management framework.
- being used by criminals for criminal activities or
- to be exposed to a regulatory breach (i.e. how many times you are prepared to tolerate being punched in the face) and
- put in place the appropriate controls to mitigate the risks to what you are prepared to tolerate. This is the ‘tolerable’ or ‘residual’ risk.
- frequently you hear very senior members of financial services organisations stating that they have
- ‘zero appetite’ and/or ‘zero tolerance’ for financial crime as it is ‘illegal’.
- While organisation
- have no appetite for financial crime risk by carrying on business activities
- they are exposing themselves to risk and therefore must tolerate the fact that at times they will be exposed
- the appetite for risk that an organisation has,
- the extent of the risks that an organisation is prepared to tolerate (‘residual’ or ‘tolerable’ risks)
- the risks it is not prepared to tolerate (‘intolerable’ risks)
- the extent it is prepared to tolerate the failure of its controls
- a recognition of its potential exposure to regulatory breaches