A risk assessment allows the financial institution to look at itself with a sense of introspection; to “identify the specific products, services, customers, entities, and geographic locations unique to the financial institution” and the varying levels and types of risks involved therein. A risk assessment specific to a given type of regulatory governance, such as BSA, AML, OFAC, and USA PATRIOT Act compliance functions, allows executives to assess specific risk as it pertains to their consumer base, portfolios, processes, and procedures.
Once risk has been assessed and categorized, such as a simple high, medium and low format or a matrix, those risk attributes considered elevated need to be specifically defined and properly mitigated. Risk mitigation strategies vary, as the risk is dependent on the cause, the regulation, and the financial institution’s corporate governance structure. Specific to many internal compliance functions such as BSA/AML, OFAC, USA PATRIOT Act, and financial crime, a primary risk mitigation strategy is the implementation of automated customer, transaction, and data monitoring.