Are you able to react in real-time to changes in client risk levels throughout the client lifecycle?
Regulatory expectations are moving towards the industry being able to react swiftly to changes in client circumstances and to accurately reflect the risk at any given point in time. This is a significant step when compared to the traditional approach of periodic refresh.
Critical questions:
- Does your team understand the risk models in use today?
- Are you comfortable that your policy and procedure accurately address the real risks in your business?
- Do you experience regular audit fails in the same areas?
Aspirational state
Organisations should be seeking to implement transparent risk models which underpin a clearly articulated risk appetite, supported by continuous monitoring of the client base both for changes in client data and in terms of transaction behaviour.
Under this risk-centric model, it should be far easier to swiftly identify potential threats. Automated processes must be created to respond to low risk, non-complex changes, other more challenging items or exceptions should be raised to your team to address.