Risk Classification Policy
Last updated
Last updated
The Risk Classification Policy allows organisations to configure the risk classifications by which to categorise the risk profile of relationships. It also determines what each classification means for your AML/CFT approach to that relationship. It allows organisations to document and enforce:
The frequency of review for ongoing relationships depending on their risk classifications.
The level of sign off required for establishment or continuation of relationships depending on their risk classifications.
The legislation and regulator's guidance refers to two risk classifications - “higher risk” and “not higher risk”. It also allows for adoption of additional classifications if the organisation deems it appropriate. Risk classifications in Proofdesk are fully customisable to suit your organisations requirements, while keeping in line with legislation.
"The Code itself contains two very broad risk classifications particular to CDD procedures and controls. These are “higher risk” (where enhanced CDD requirements apply and specified Code concessions cannot be used) and “not higher risk” (which is everything else, and subject to specified conditions, certain concessions are allowed). The Code does not refer to “low” or “lower” risk. However, the Code does allow relevant persons to adopt more refined risk classifications, provided the requirements for enhanced CDD and the conditions for using Code concessions are adhered to and the relevant person is able to manage and mitigate their ML/FT risks."
The Handbook 2023 Section 2.2.4.2.2
An organisation has one risk classification policy form.
The risk classification policy is presented as a a table of risk classifications (see the screenshot above). This structure allows organisations to create as many risk classifications as they like, however they must maintain at least two at all times. This is in order to differentiate between "higher risk" and "not higher risk" for the purpose of applying ECDD (as per the regulator's guidance).
Each risk classification has the following properties:
Statistical Return Classification: The standardised classification from the Statistical Return Guidance (Lower, Standard, Higher) that this classification will correspond to on the statistical return.
Name: A custom name for the risk classification.
Colour: Used across Proofdesk to make each risk classification instantly recognisable.
Relationship Review Frequency: The frequency with which the relationship should be scheduled for review, having been assigned this risk classification.
Approval Requirements: Determines which members have the authority to approve the establishment or continuation of the relationship, having been assigned this risk classification.
Also refer to The Handbook 2023 section 2.1 through 2.2