Articles & E-Books


Does your risk assessment pass muster?

Feb 23, 2020

When it comes to performing day-to-day functions at your financial institution, it is imperative to ensure that everything you do is in compliance. One of the most important ways to keep up with and consistently manage the risks facing your institution is to perform a routine risk assessment. But is your risk assessment protocol up to par with what is necessary for your institution?

Your risk assessment is a statement of management’s view of the risk profile of your institution. It is also a lens through which regulators will look at your BSA/AML program. The risk assessment should measure the inherent risks to your financial institution and determine how susceptible your institution is to money laundering.

The risk assessment should address the products and services offered by your institution, the geographical areas you service, as well as your customers. In addition, you should look at the controls you have in place to mitigate the risks identified and explain how you handle what residual risk remains. Both inherent risk and residual risk, along with analysis of quantitative data, should be considered when measuring and determining the overall risk rating for the institution. 

A key point to remember is that even if your institution does not engage in certain activities or provide certain services (such as private banking, pouch activities, etc.), inclusion of those items in your risk assessment will aid in supporting your institution’s lower risk rating and will also show awareness that management recognizes the various areas that could potentially pose a higher risk.

The risk assessment should be used to build awareness throughout your institution of all areas of risk, serve as a framework for everyday decision making, as well as drive your overall BSA/AML compliance program. Finally, your risk assessment needs to be an active document and should be updated as new products and services are introduced or new customers and geographies are onboarded.

Building a robust risk assessment will help strengthen the foundation of your BSA/AML program, as well as ensure that your financial institution is prepared for the various risks that it may face. Developing an effective risk assessment for your institution can be challenging, but Wipfli is here to help. Visit our regulatory compliance risk assessment page for more information.


Jennifer M. Lafferty
Consultant II
View Profile

BSA Workshop 2020 | Register Now

Video: Benefits of Co-Sourcing Your Internal Audit Plan
You don’t have to stress about making sure your internal audit plan is completed on time. Together, we work with you to identify risks, update processes and finalize your plan. Reinforce your team with the support you need to complete your annual internal audit plan with confidence.