Toll Free: 1-800-980-0959Direct: 786-800-9872
BlogAMLDo you have a Risk Based Program?

Do you have a Risk Based Program?


Written by Don Lee

The first question regulators often ask during an initial examination interview is ‘do you have a risk based program?’ Most compliance officers will jump the gun and reply ‘Sure we do!’. The follow up question however stumps compliance officers when the regulators ask ‘How do you monitor and maintain your risk based program?, to which most respondents answers fall terribly short and start backpedalling their responses.

What is a risk based program and how do you get one? A risk based program is an element of your compliance program that assesses the degrees of risk of various parameters of your compliance program resulting in risk rated categories of clients, events or other things that may have a higher degree of risk. Most firms today don’t have a formal risk rating program in place, and those that do maintain a very manual program with lists in one application and data in another resulting in an almost impossible task of effectively assessing and reviewing firm risk.

So what do you do? The first thing is you must have a risk based program, and to do this, you must be able to identify risk. Identifying risk can be done in a number of ways: Risk rating clients, transactions, countries or anything else that is pertinent to your firm’s revenues. The next thing you need to do is maintain a living list of the items identified as having a higher degree of risk sa your ‘risk list’. The next step is to set a review schedule based on the risk ratings or scale and make sure this is done periodically with higher risk items having a higher frequency of risk reviews. Finally you must document your risk reviews. I’m sure you’ve all heard by now, if you didn’t document it, you didn’t do it … well the same applies here. Document document document!!!

The issues that most compliance officers will have is that these steps of identifying risk, analyzing data and documenting are added on to the mountain of existing work with little resources. Automated software such as FinWebTech’s Catalyst solution allows compliance officers to identify risk, create rules around risk exceptions and document risk reviews and risk events. This allows firm to easily and readily identify risk events, review them and take the appropriate action on the event. Its better that the firm does this rather than the regulator who will run an automated data batch process to review and analyze your firm’s data looking for risk and/or anomalies. A systematized risk program such as this gives firms comfort when answering that question ‘do you have a risk based program?’ they can confidently respond YES!.


About FinWebTech

FinWebTech is a service as a software (SaaS) development company creating web applications to solve the growing needs of financial services firms. FinWebTech’s first product is Catalyst, an automated compliance solution for the securities industry.  Catalyst provides firms with: Transaction Surveillance for AML and Suitability;  Risk Assessments and Management; Supervisory Controls and Audit Logs, KYC, Document Repository and other tools to assist compliance departments manage their programs and reduce risk. Catalyst is priced to give small to medium sized firms access to compliance technology.

For more information on FinWebTech and Catalyst, please contact Don Lee at or 305-409-1307

Leave a Reply