Elements and Performance Criteria
- Analyse requirements and develop risk evaluation criteria
- Review all stages of the risk assessment process, including identification, assessment, evaluation, mitigation and monitoring, related to organisational requirements
- Analyse relevant industry related typologies including those issued by Australian Transaction Reports and Analysis Centre (AUSTRAC) annually
- Evaluate and select appropriate risk management tools for the organisation
- Develop risk criteria to evaluate risk appropriate to the organisation
- Formulate and document risk management methodology including assessing risk appetite and a holistic organisational money laundering and terrorism financing risk review process
- Assess the organisation’s current exposure
- Analyse the organisation's operations, including products offered, clients, systems, channels of access and geographical sphere
- Analyse the vulnerability of the organisation to money laundering and terrorism financing risks
- Assess and evaluate the overall level of risk posed to the organisation ensuring the level is within the stated risk appetite tolerance
- Design and implement controls
- Evaluate risk mitigation controls already in place and assess if proportionate to the nature, size and complexity of the organisation
- Determine risks that have ineffective or insufficient controls
- Discuss risk management deficiencies with relevant stakeholders and identify controls required
- Allocate responsibility for managing the controls to senior managers within the organisation
- Work with stakeholders to implement controls where required
- Monitor and maintain the effectiveness of controls
- Review the organisation’s overall risk assessment addressing methodology, and changes within the organisation and to the legislative and regulatory landscape
- Implement processes to regularly monitor and assess the effectiveness of mitigation controls
- Analyse deficiencies and work with stakeholders to ensure remediation
- Report deficiencies to relevant stakeholders including management, the Board and the audit and risk manager
- Report significant breaches to relevant authorities including AUSTRAC
- Monitor the implementation of improvements and changes to mitigation controls
- Research and analyse changes to the industry and environment that may increase risk and necessitate changes to controls
- Assess the organisation’s current exposure
- Analyse the organisation's operations, including products offered, clients, systems, channels of access and geographical sphere
- Analyse the vulnerability of the organisation to money laundering and terrorism financing risks
- Assess and evaluate the overall level of risk posed to the organisation ensuring the level is within the stated risk appetite tolerance