The assessment of money laundering and terrorist financing risks indicates to what extent the institution is vulnerable to money laundering and terrorist financing.

Institutions have to identify risks, assess the probability of each risk occurring, specify the impact and/or damage if a risk appear and develop a response to each risk.

Risk assessment requires good knowledge of your business operations and sound judgment exercised by your personnel so the risks for money laundering and terrorist financing can be weighed according to each individual factor as well as a combination of them.

Your risk assessment is not fixed and will change over time.

Note:

1. The RMCP must fully identify and describe the sources of information on risk indicators and the processes by which the enterprise will consider those information sources. 
2. The Risk Management and Compliance Programme must fully document the money laundering and terrorism financing risk-rating methodology and procedures that it will apply, the criteria and the intervals for the re-evaluation of such risk-ratings and the conclusions reached through the implementation of these processes.
3. The Risk Management and Compliance Programme must fully document both the systems and controls it will adopt in managing money laundering and terrorist financing risks and identifying higher or lower money laundering and terrorist financing risks as well as the levels of due diligence that it will apply in respect of the various identified risk levels