A risk matrix is an ordering of the various data and information on the inherent ML/TF/PF risks and AML/CFT control measures that allows a justified and reasoned computation for the residual ML/TF/PF risks of an institution.
- Distinguishes risks between inherent as well as the residual ones once the controls have been considered.
- Consists of a Mix of quantitative and qualitative data to capture details relevant to risk.
- Considers the jurisdiction’s risks as detailed in the National Risk Assessment (NRA) or thematic risk assessments.
- Includes various risk factors and should use differentiated risk weights to reflect sectoral and institution-specific characteristics and regulatory concerns.
- Includes institutional features based on structural information on a financial institution. These can include corporate structure, transparency in the institution’s shareholding, culture of compliance, previous enforcement measures imposed, etc.
