Print Article

THE AML [financial crime] risk appetite statement

  1. Having a robust financial crime risk appetite statement together with its associated financial crime risk assessment is fundamental to an organisation properly understanding, managing and mitigating its financial crime risks - and therefore limiting the opportunities for criminals to access and use the financial services industry for illegal activities.
  2. The JFSC/GFSC/MFSC/ FCA and other regulators have put increasing focus on financial institutions’ financial crime risk appetite statements and broader financial crime risk management frameworks.  Specifically:-
    • how risk appetite is understood and defined;
    • how the risk assessment is undertaken; and
    • how risk is managed through policies and procedures and other aspects of the financial crime risk management framework.
  3. As an organisation you need to define the extent to which you are prepared to tolerate
    • being used by criminals for criminal activities or
    • to be exposed to a regulatory breach (i.e. how many times you are prepared to tolerate being punched in the face) and
    • put in place the appropriate controls to mitigate the risks to what you are prepared to tolerate.  This is the ‘tolerable’ or ‘residual’ risk.
  4. Often people misunderstand the term ‘risk appetite’.
    • frequently you hear very senior members of financial services organisations stating that they have
      • ‘zero appetite’ and/or ‘zero tolerance’ for financial crime as it is ‘illegal’.
    • While organisation
      • have no appetite for financial crime risk by carrying on business activities
      • they are exposing themselves to risk and therefore must tolerate the fact that at times they will be exposed
  5. A Risk Statement therefore should articulate
    • the appetite for risk that an organisation has,
    • the extent of the risks that an organisation is prepared to tolerate (‘residual’ or ‘tolerable’ risks)
    • the risks it is not prepared to tolerate (‘intolerable’ risks)
    • the extent it is prepared to tolerate the failure of its controls
    • a recognition of its potential exposure to regulatory breaches

The Team

Meet the team of industry experts behind Comsure

Find out more

Latest News

Keep up to date with the very latest news from Comsure

Find out more


View our latest imagery from our news and work

Find out more


Think we can help you and your business? Chat to us today

Get In Touch

News Disclaimer

As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email