This website uses cookies to enhance your experience. By using our website, you consent to the use of cookies. You can read more in our Privacy Policy.
kem
Background image | Dunes
Background image | Dunes

Policies

Browse our policies below.

Back

🟢  Risk Assessment Policy

Risk Assessment Policy

Table of Contents

  1. Introduction
  2. Risk Assessment Procedure
  3. The Risk Categories
  4. The Risk Assessment Scale
  5. The Company's Risk Appetite
  6. The Update of Risk Assessment
  7. Model to Identify Customer's Risk Profile

Introduction

This Risk Assessment Policy (Policy) establishes ground for the Company's risk management regarding money laundering and terrorist financing risks.

The Policy is subject to review by the Company's management board at least annually. The proposal for a review and the review of these Guidelines may be scheduled more often by the decision of the MLRO.

The words used in the Policy shall be interpreted in accordance with definitions provided for in the Guidelines, which annex this Policy is.

Risk Assessment Procedure

The Company shall prepare and regularly update the risk assessment in order to identify, assess and analyze the risks of money laundering and terrorist financing related to its activities.

The process of risk assessment, executed by Company shall include at least the following actions:

  • Risks identification
  • Risks analysis
  • Risks evaluation

The risk assessment and the establishment of the risk appetite shall be documented, and the documents shall be updated where necessary.

The Risk Categories

The Company identifies the risks/threats related to its activities, as well as the risks/threats that may arise in the near future (foreseeable risks/threats), and assesses and analyzes their significance and impact. The risks/threats are identified and assessed on a case-by-case basis as of the moment of the risk assessment and separately considering the situation where the Company should take the risks to the maximum extent permitted by the risk appetite.

The Company identifies, assesses and analyzes risks of money laundering or terrorist financing taking into account the following risk categories:

  1. Risks relating to customers
  2. Risks relating to countries, geographic areas or jurisdictions
  3. Risks relating to products, services or transactions, including risks relating to new and/or future products, services or transactions
  4. Risks relating to communication, mediation or products, services, transactions or delivery channels between the Company and customers

The Risk Assessment Scale

The Company shall identify risk factors for the risk categories specified above that increase or decrease the risk of money laundering and terrorist financing. The following scale (score) for each identified risk factor grade impact (likelihood x impact) shall be used:

Low (1 point)

  • Has insignificant or no effect on the occurrence of risks of money laundering or terrorist financing.
  • Does not increase or increases insignificantly the occurrence of risks of money laundering or terrorist financing.

Medium (2 points)

  • Has medium effect on the occurrence of risks of money laundering or terrorist financing.
  • Increases the occurrence of risks of money laundering or terrorist financing.

High (3 points)

  • Has significant effect on the occurrence of risks of money laundering or terrorist financing.
  • Increases the occurrence of risks of money laundering or terrorist financing significantly.

Prohibited (4 points)

  • Has significant effect on the occurrence of risks of money laundering or terrorist financing.
  • Increases the occurrence of risks of money laundering or terrorist financing significantly.
  • Does not meet the Company's risk appetite.

The Company's Risk Appetite

The following information establishes the Company's risk appetite:

  1. The Company management board made a decision on establishment of business relationships with the Customers from non-EEA countries.
  2. The Company will provide only services specified in the Services Description (annex of this Policy).
  3. The Company will provide only services with the max volume of services specified in the Services Description (annex of this Policy).
  4. Risks which correspond to the Company's risk appetite (the risks assessed from low to high) and their assessment are specified in the Customers' profiles (annex of this Policy).
  5. Risks which Company intends to avoid (the risks assessed as prohibited) are specified in the Customers' profiles (annex of this Policy).

The Update of Risk Assessment

The Company shall update or renew the risk assessment and the related documents when necessary, but not less than once per year. The Company is obligated to update or renew risk assessment in each of the following cases:

  1. Violations of restrictions set by the company's risk appetite.
  2. Significant increase in financial performance (profit or turnover) over a short period.
  3. Significant increase in Customers number.
  4. Significant increase in Customers with certain risk level.
  5. Significant increase in claims from Customers.
  6. Significant increase in refusals for business relation with Customers.
  7. Significant increase in notifications sent to authorized bodies.
  8. More than 20% of employees replaced or removed within 6 months.
  9. Significant increase in orders from supervisory authorities.
  10. Significant changes in IT systems used by the company.
  11. Changes in main service providers.
  12. New national risk assessment.
  13. Other cases if required by compliance officer or management board.

The Company shall update risk assessment and related documents before:

  • Starting use of new or emerging technologies
  • Starting provision of new products or services
  • Starting use of non-traditional sales channels
  • Starting use of new channels for providing services or products

Model to Identify Customer's Risk Profile

The Company shall analyze the data obtained during implementation of CDD, compare the data with risk factors identified for each ML/TF risk category and determine the Customer's risk profile accordingly.

Risk Categories for Customer ML/TF Risk Assessment:

  1. Risks relating to customers
  2. Risks relating to countries, geographic areas or jurisdictions
  3. Risks relating to products, services or transactions
  4. Risks relating to communication, mediation or products, services, transactions or delivery channels

Risk Scores for Each Category:

Low Risk (1 point)

  • No influential risk factors exist
  • Customer activities are transparent and do not deviate from usual activities
  • No suspicion of money laundering or terrorist financing risk

Medium Risk (2 points)

  • One or several risk factors exist that deviate from usual activities
  • Activity remains transparent
  • No suspicion of money laundering or terrorist financing risk

High Risk (3 points)

  • One or several risk factors exist causing suspicion about transparency
  • Person deviates from usual activity in the field
  • Possibility of money laundering or terrorist financing exists

Prohibited Risk (4 points)

  • Risk is not acceptable by the Company due to risk appetite

Risk Profile Determination Parameters:

  • Low risk profile: x < 2
  • Medium risk profile: 2 ≤ x ≤ 3
  • High risk profile: x > 3
  • Prohibited risk profile: if at least one risk category has 4 points

Important Exceptions:

  • Low risk level can only be determined if no risk categories are scored as "high"
  • High risk level must be determined if at least one risk category is scored as "high"

| Risks category/score | Low (1) | Medium (2) | High (3) | Prohibited (4) | Coefficient | Result | | --- | --- | --- | --- | --- | --- | --- | | Risks relating to customers | | | | | 2 | | | Risks relating to countries, geographic areas or jurisdictions | | | | | 1 | | | Risks relating to products, services or transactions | | | | | 2 | | | Risks relating to communication, mediation or products, services, transactions or delivery channels between the obliged entity and customers | | | | | 1 | |

| The parameters for determining the risk profile of customer are: The customer´s risk profile is low, if x < 2 The customer´s risk profile is medium, if 2 ≤ x ≤ 3 The customer´s risk profile is high, if x > 3 The customer´s risk profile is prohibited, if at least one of risks categories has 4 points. Exceptions:

  • the Customer´s risk level may be determined as “low“ only if no one of risks categories scored as “high“;
  • the Customer’s risk level shall be determined as „high“, if at least one of risks categories scored as “high“. | Average Result (X):

Risk Level of the customer: | | | --- | --- | --- |

Contact us