Building an effective financial crime risk matrix before you buy RegTech.

Risk Matrix

Complete the enquiries form to host this seminar in-house or for your professional organisation.

The core element of any financial crime risk assessment process is the risk matrix. And it doesn't matter if your company is a mega-bank, a start-up challenger or a non-bank - the starting point is always the same.

Even more surprising is that it's the same starting point if you are thinking of buying-in any RegTech product. You need to know what you need to know. And you need to know what the salesmen won't, or can't tell you.

In this course, we will cover the elements of building a financial crime risk matrix so that you can build your own with specific reference to your customers, clients and third parties that you deal with.

The course is highly targeted at one topic. We don't discuss the nature of financial crime, we don't look at compliance and we don't even look at law. Or at least, not much.

Why? It's because, mostly, none of that matters when you are assessing the risk of new or existing business connections. The subject of regulatory risk is a separate, albeit related, topic. It's a topic that is jurisdiction dependent: understanding the risk matrix is not.

In this course, we look at the factors that increase or decrease the risk score that attaches to a person (be that a natural or a legal person).

The course deals with sensitive issues and explains that nothing can be taboo but that risk assessment should not be judgemental or, worse, prejudiced. Delegates must expect to find that there are no no-go areas but that does not mean there is no room for courtesy and respect.

A properly designed risk matrix reduces the risk of the equivalent of "driving while black" and militates against the use of blanket de-risking.
The Premise

Every financial crime risk assessment is made up of a series of algorithms. Algorithms are everywhere in everyday life but they have been accorded an almost mythical status, increasingly seen as the exclusive preserve of artificial intelligence. But there really is nothing special about the concept of algorithms, as this article shows.

My boss wants an algorithm

The fact is that only someone familiar with your business can properly define the algorithms that will protect your business. Generic algorithms are useful starting points but no system can know your customers if you don't know your customers so you can teach it.

Regulators are increasingly taking the view that where a tech-based KYC / risk assessment system fails, that companies cannot blame the tech. It is not a defence to say "we bought a black box and we expected it to work." The very regulators that are pushing companies to adopt RegTech are saying that those companies must understand and control what it does.

This makes perfect sense: it has long been established that function can be outsourced but responsibility cannot. It would be to stretch common sense beyond breaking point to imagine that responsibility can be outsourced to a computer program or to those who design and/or implement it. The simple fact is this: if your business is using it, your bank is liable for its faults.

This course is not about technology . It is about what the technology is, and must be, told to do. This requires some very basic knowledge of how it does what it does. The course is not about maths but some very basic mathematics / statistics knowledge might be useful.

The course is also about specifying reports to ensure both value and consistency.

The course is presented by Nigel Morris-Cotterill ( His knowledge of computing and his financial crime risk and compliance experience are extensive.

The course is in English.

Max 20 delegates.

Many businesses will prefer to host it in-house because they may wish to discuss confidential matters.

To enquire about in-house seminars, please complete the enquiry form.

Further Information

A practical and challenging two day workshop

An effective financial crime risk management programme depends on a series of decisions.

To make those decisions, you set a series of criteria and apply those as a template to new business and to transactions as they happen.

But how do you set those criteria in a structured way, and how do they link together, to give you an effective risk assessment and control measure?

How do you maintain the criteria in order to ensure you do not get too many false positives - and don't let important issues slip through?

The answer is a risk matrix.

What is a “Risk Matrix?”

We hear a lot about “black box” analysis. A risk matrix is not a black box : it's a dynamic decision-making tool that you can apply to all of your customers to identify those who are within the "safe" zone - and which allow you to identify those that are higher but still acceptable risk as well as those that you should consider a high risk, even if not reportable. And it's part of best practice.

The risk matrix is defined by and in turn defines your company's appetite for risk. The concept is simple: the execution is complex.

Building a risk matrix involves considering a wide range of factors, including an analysis of your company, its products and services, factors relating to the customer and counterparties and external factors. An effective risk matrix does not stand still: it changes as applicable circumstances change.

That sounds like hard work – but it need not be. And properly executed a risk matrix will provide the starting point for all of your other systems to detect and deter money laundering, terrorist financing and other financial crime.

In this intensive and highly practical course, you will build a risk matrix that suits a fictitious company and its products, and take away a model that you will be able to modify to take account of your own company's circumstances and changes in the environments in which you operate.

In this course you will learn how to design and use a risk matrix:
* factors that underpin risk matrix development
* economics factors that underpin the "proceeds" section of the matrix
* assessing countries risk
* assessing client types and risk
* assessing anticipated transaction profiles
*adding in external factors e.g. sanctions
* setting the weighting factors
* applying the matrix in practice
* the limitations of the matrix approach
* beyond the matrix – how it plugs into your existing systems and enhances them
* how to maintain the matrix

An effective Money Laundering Risk Matrix is:

- simple and inexpensive to set up

- simple and inexpensive to deploy

- simple to use

- simple and inexpensive to maintain

An effective Money Laundering Risk Matrix has the following outputs:

- prioritisation of risk based on factors you specify and applicable to you, your customers and your legal and commercial obligations

- alerts to higher risk customers and transactions based on your own assessment of risk

An effective Financial Crime Risk Matrix provides

- assessment information for you to make informed decisions for money laundering, terrorist financing and compliance purposes.

By designing your own risk matrix, you are in a much better position to assess the products and services of RegTech vendors both before you buy and as you periodically review existing implementations.