Risk Assessment Policy
Table of Contents
- Introduction
- Risk Assessment Procedure
- The Risk Categories
- The Risk Assessment Scale
- The Company's Risk Appetite
- The Update of Risk Assessment
- Model to Identify Customer's Risk Profile
Introduction
This Risk Assessment Policy (Policy) establishes ground for the Company's risk management regarding money laundering and terrorist financing risks.
The Policy is subject to review by the Company's management board at least annually. The proposal for a review and the review of these Guidelines may be scheduled more often by the decision of the MLRO.
The words used in the Policy shall be interpreted in accordance with definitions provided for in the Guidelines, which annex this Policy is.
Risk Assessment Procedure
The Company shall prepare and regularly update the risk assessment in order to identify, assess and analyze the risks of money laundering and terrorist financing related to its activities.
The process of risk assessment, executed by Company shall include at least the following actions:
- Risks identification
- Risks analysis
- Risks evaluation
The risk assessment and the establishment of the risk appetite shall be documented, and the documents shall be updated where necessary.
The Risk Categories
The Company identifies the risks/threats related to its activities, as well as the risks/threats that may arise in the near future (foreseeable risks/threats), and assesses and analyzes their significance and impact. The risks/threats are identified and assessed on a case-by-case basis as of the moment of the risk assessment and separately considering the situation where the Company should take the risks to the maximum extent permitted by the risk appetite.
The Company identifies, assesses and analyzes risks of money laundering or terrorist financing taking into account the following risk categories:
- Risks relating to customers
- Risks relating to countries, geographic areas or jurisdictions
- Risks relating to products, services or transactions, including risks relating to new and/or future products, services or transactions
- Risks relating to communication, mediation or products, services, transactions or delivery channels between the Company and customers
The Risk Assessment Scale
The Company shall identify risk factors for the risk categories specified above that increase or decrease the risk of money laundering and terrorist financing. The following scale (score) for each identified risk factor grade impact (likelihood x impact) shall be used:
Low (1 point)
- Has insignificant or no effect on the occurrence of risks of money laundering or terrorist financing.
- Does not increase or increases insignificantly the occurrence of risks of money laundering or terrorist financing.
Medium (2 points)
- Has medium effect on the occurrence of risks of money laundering or terrorist financing.
- Increases the occurrence of risks of money laundering or terrorist financing.
High (3 points)
- Has significant effect on the occurrence of risks of money laundering or terrorist financing.
- Increases the occurrence of risks of money laundering or terrorist financing significantly.
Prohibited (4 points)
- Has significant effect on the occurrence of risks of money laundering or terrorist financing.
- Increases the occurrence of risks of money laundering or terrorist financing significantly.
- Does not meet the Company's risk appetite.
The Company's Risk Appetite
The following information establishes the Company's risk appetite:
- The Company management board made a decision on establishment of business relationships with the Customers from non-EEA countries.
- The Company will provide only services specified in the Services Description (annex of this Policy).
- The Company will provide only services with the max volume of services specified in the Services Description (annex of this Policy).
- Risks which correspond to the Company's risk appetite (the risks assessed from low to high) and their assessment are specified in the Customers' profiles (annex of this Policy).
- Risks which Company intends to avoid (the risks assessed as prohibited) are specified in the Customers' profiles (annex of this Policy).
The Update of Risk Assessment
The Company shall update or renew the risk assessment and the related documents when necessary, but not less than once per year. The Company is obligated to update or renew risk assessment in each of the following cases:
- Violations of restrictions set by the company's risk appetite.
- Significant increase in financial performance (profit or turnover) over a short period.
- Significant increase in Customers number.
- Significant increase in Customers with certain risk level.
- Significant increase in claims from Customers.
- Significant increase in refusals for business relation with Customers.
- Significant increase in notifications sent to authorized bodies.
- More than 20% of employees replaced or removed within 6 months.
- Significant increase in orders from supervisory authorities.
- Significant changes in IT systems used by the company.
- Changes in main service providers.
- New national risk assessment.
- Other cases if required by compliance officer or management board.
The Company shall update risk assessment and related documents before:
- Starting use of new or emerging technologies
- Starting provision of new products or services
- Starting use of non-traditional sales channels
- Starting use of new channels for providing services or products
Model to Identify Customer's Risk Profile
The Company shall analyze the data obtained during implementation of CDD, compare the data with risk factors identified for each ML/TF risk category and determine the Customer's risk profile accordingly.
Risk Categories for Customer ML/TF Risk Assessment:
- Risks relating to customers
- Risks relating to countries, geographic areas or jurisdictions
- Risks relating to products, services or transactions
- Risks relating to communication, mediation or products, services, transactions or delivery channels
Risk Scores for Each Category:
Low Risk (1 point)
- No influential risk factors exist
- Customer activities are transparent and do not deviate from usual activities
- No suspicion of money laundering or terrorist financing risk
Medium Risk (2 points)
- One or several risk factors exist that deviate from usual activities
- Activity remains transparent
- No suspicion of money laundering or terrorist financing risk
High Risk (3 points)
- One or several risk factors exist causing suspicion about transparency
- Person deviates from usual activity in the field
- Possibility of money laundering or terrorist financing exists
Prohibited Risk (4 points)
- Risk is not acceptable by the Company due to risk appetite
Risk Profile Determination Parameters:
- Low risk profile: x < 2
- Medium risk profile: 2 ≤ x ≤ 3
- High risk profile: x > 3
- Prohibited risk profile: if at least one risk category has 4 points
Important Exceptions:
- Low risk level can only be determined if no risk categories are scored as "high"
- High risk level must be determined if at least one risk category is scored as "high"
| Risks category/score | Low (1) | Medium (2) | High (3) | Prohibited (4) | Coefficient | Result |
| --- | --- | --- | --- | --- | --- | --- |
| Risks relating to customers | | | | | 2 | |
| Risks relating to countries, geographic areas or jurisdictions | | | | | 1 | |
| Risks relating to products, services or transactions | | | | | 2 | |
| Risks relating to communication, mediation or products, services, transactions or delivery channels between the obliged entity and customers | | | | | 1 | |
| The parameters for determining the risk profile of customer are:
The customer´s risk profile is low, if x < 2
The customer´s risk profile is medium, if 2 ≤ x ≤ 3
The customer´s risk profile is high, if x > 3
The customer´s risk profile is prohibited, if at least one of risks
categories has 4 points.
Exceptions:
- the Customer´s risk level may be determined as “low“ only if no
one of risks categories scored as “high“;
- the Customer’s risk level shall be determined as „high“, if at least
one of risks categories scored as “high“. | Average Result (X):
Risk Level of the customer: | |
| --- | --- | --- |