What is an enterprise-wide risk assessment?
According to MAS (Guidelines)
last revised 24 April 2015
In addition to assessing the ML/TF risks presented by an individual customer, a CMI shall identify and assess ML/TF risks on an enterprise-wide level. This shall include a consolidated assessment of the CMI’s ML/TF risks that exist across all its business units, product lines and delivery channels.
The enterprise-wide ML/TF risk assessment is intended to enable the CMI to better understand its overall vulnerability to ML/TF risks and forms the basis for the CMI’s overall risk-based approach.
The scale and scope of the enterprise-wide ML/TF risk assessment should be commensurate with the nature and complexity of the CMI’s business.
As far as possible, a CMI’s enterprise-wide ML/TF risk assessment should entail both qualitative and quantitative analyses to ensure that the CMI accurately understands its exposure to ML/TF risks. A quantitative analysis of the CMI’s exposure to ML/TF risks should involve evaluating data on the CMI’s activities using the applicable broad risk factors set out in paragraph 4-6.
The scale of the risk assessment should be commensurate with the nature and complexity of the CMI's business.