Risk Assessment

Last updated: October 7, 2025

Overview

This check provides the final risk determination for your compliance case by analyzing all evidence collected from previous verification checks. The Risk Assessment synthesizes findings from sanctions screening, adverse media checks, ownership verification, and other due diligence steps to deliver a comprehensive risk rating (Low, Medium, or High) for each business or individual.

This check helps compliance teams make informed onboarding decisions by consolidating multiple verification results into a single, actionable risk assessment based on your organization's compliance standards and regulatory requirements. The Risk Assessment supports your KYB (Know Your Business) and KYC (Know Your Customer) due diligence processes by providing clear risk classifications aligned with your risk appetite.

What This Check Does

This check analyzes all verification evidence to determine:

  • Overall risk rating (Low, Medium, or High) based on comprehensive evidence review

  • Key findings summary highlighting critical compliance concerns

  • Risk factors identified across all verification checks

  • Recommended actions based on identified risk level

  • Detailed explanation supporting the final risk determination

How to Add This Check

  1. Navigate to your compliance agent configuration page

  2. Scroll to the bottom of your verification workflow

  3. Find "Risk Assessment" in the available finish plan tools

  4. Click to add it as the final step in your due diligence process

Note: The Risk Assessment should always be the last check in your workflow, as it requires evidence from all previous checks to make an accurate determination.

Screenshot placeholder: Adding Risk Assessment to compliance agent as final step

Required Information

Before running this check, ensure your compliance case has:

  • Completed Verification Checks: At least one verification check must complete before risk assessment

  • Evidence Data: Results from checks like sanctions screening, adverse media, ownership verification, etc.

  • Standard Operating Procedure: Your agent must have a defined SOP describing the verification workflow

Screenshot placeholder: Required information and check prerequisites

Configuration Options

Basic Configuration

The Risk Assessment runs automatically after all other checks complete, using your organization's risk criteria and compliance standards.

Risk Criteria Configuration

You can customize the criteria used to determine each risk level:

High Risk Criteria

Define conditions that trigger a High Risk rating, such as:

  • Business appears on sanctions lists or watchlists

  • Evidence of fraudulent activity or misrepresentation

  • Operations in prohibited countries or jurisdictions

  • Critical ownership verification failures

  • Multiple significant compliance violations detected

Medium Risk Criteria

Define conditions that trigger a Medium Risk rating, such as:

  • Minor discrepancies in business documentation

  • Adverse media mentions without direct illegal activity involvement

  • Operations in high-risk but not prohibited jurisdictions

  • Incomplete ownership structure transparency

  • Some non-critical verification checks failed

Low Risk Criteria

Define conditions that qualify for a Low Risk rating, such as:

  • All verification checks passed successfully

  • Transparent ownership structure verified

  • No adverse media or sanctions concerns

  • Operations in low-risk jurisdictions and industries

  • Complete regulatory compliance demonstrated

Screenshot placeholder: Risk Assessment configuration panel showing customizable criteria

Standard Operating Procedure (SOP)

The SOP defines how your compliance team evaluates evidence:

  • Which checks are performed and in what order

  • How to weigh different types of evidence

  • Escalation procedures for different risk levels

  • Special considerations for your industry or jurisdiction

Screenshot placeholder: SOP configuration interface

Advanced Options

  • Language Model Selection: Choose the AI model used for analysis (Claude Sonnet 4 recommended)

  • Analysis Depth: Adjust the thoroughness of evidence analysis based on case complexity

  • Custom Risk Weights: Assign different importance levels to specific checks or evidence types

Screenshot placeholder: Advanced configuration options panel

Understanding Your Results

Risk Rating

  • 🟢 Low Risk: All checks passed, no significant concerns identified - case approved for standard onboarding

  • 🟡 Medium Risk: Some concerns identified but not critical - manual review recommended before proceeding

  • 🔴 High Risk: Critical issues identified - case requires enhanced due diligence or rejection

Information Retrieved

When the check completes, you'll see:

Risk Assessment Report

A comprehensive markdown report containing:

Summary Section

  • Final risk rating with clear justification

  • Overview of verification checks completed

  • Total number of findings across all checks

Key Findings Section

  • Numbered list of the most important evidence items

  • Summary of what each critical check revealed

  • Highlighted alerts and warnings from verification checks

Reasons for Risk Rating Section

  • Bullet points explaining the specific factors that led to the risk determination

  • References to supporting evidence from individual checks

  • Explanation of how criteria were applied to the evidence

Conclusion Section

  • Final recommendation paragraph

  • Suggested next steps for compliance team

  • Any additional context needed for decision-making

Screenshot placeholder: Risk Assessment report displayed in results panel

Evidence Summary

The results panel shows:

  • All Check Results: Complete list of verification checks performed

  • Pass/Fail Status: Visual indicators for each check outcome

  • Critical Alerts: Highlighted warnings from individual checks

  • Supporting Documentation: Links to detailed evidence from each verification step

Screenshot placeholder: Evidence summary section showing all check results

Common Issues and Solutions

"Insufficient evidence for risk determination"

Cause: Too few verification checks completed or most checks returned errors

Solutions:

  • Ensure all required checks completed successfully before risk assessment

  • Review and fix any checks that returned errors

  • Verify that your case includes all required business information

  • Check that at least one substantive verification check (sanctions, adverse media, etc.) completed

"Conflicting evidence from multiple sources"

Cause: Different verification checks returned contradictory information about the same business aspect

Solutions:

  • Review the conflicting evidence items individually

  • Determine which source is most authoritative for the specific data point

  • Consider requesting additional documentation from the business to clarify

  • Document the conflict and resolution decision in your case notes

  • The Risk Assessment will typically recommend Higher risk when conflicts exist

🔴 "High Risk rating triggered automatically"

Cause: One or more critical checks failed with conditions that automatically trigger High Risk

Solutions:

  • Identify which specific check(s) triggered the High Risk rating

  • Review the evidence from those critical checks in detail

  • Follow your organization's escalation procedure for High Risk cases

  • Consider enhanced due diligence before making a final onboarding decision

  • Document all review steps for regulatory audit purposes

"Risk rating seems inconsistent with individual check results"

Cause: The holistic risk assessment considers factors beyond simple pass/fail status

Solutions:

  • Review the "Reasons for Risk Rating" section in the report for detailed explanation

  • Check if your risk criteria properly reflect your organization's risk appetite

  • Consider that multiple minor issues can elevate overall risk rating

  • Review whether the SOP accurately describes your verification workflow

  • Adjust risk criteria if they don't align with your compliance standards

Best Practices for Compliance Teams

  1. Risk Criteria Standards

    • Define clear, measurable criteria for each risk level that align with your organization's risk appetite

    • Update criteria regularly based on regulatory changes and emerging risks

    • Ensure criteria cover all major compliance concerns (sanctions, fraud, jurisdiction, ownership)

    • Document the rationale behind your criteria for audit purposes

  2. Evidence Review Process

    • Always review the detailed Risk Assessment report, not just the risk rating

    • Pay special attention to the "Key Findings" and "Reasons for Risk Rating" sections

    • Cross-reference critical findings with original check evidence

    • Document any manual adjustments made to the automated assessment

    • Escalate Medium and High Risk cases according to your procedures

  3. Workflow Optimization

    • Place the most critical checks (sanctions, adverse media) early in your workflow

    • Configure checks to fail fast for known High Risk conditions

    • Use the Risk Assessment as a decision gate before final onboarding approval

    • Review borderline Medium Risk cases with senior compliance staff

  4. Quality Assurance

    • Periodically review a sample of Low Risk cases to validate criteria accuracy

    • Track false positive and false negative rates for continuous improvement

    • Compare manual compliance reviews with automated risk assessments

    • Adjust criteria and check configurations based on quality findings

  5. Documentation and Audit Trail

    • Maintain complete records of risk assessment reports for all cases

    • Document any manual overrides of automated risk ratings with detailed justification

    • Track changes to risk criteria over time with effective dates

    • Prepare risk assessment statistics for regulatory examinations

Regulatory Compliance Context

This check supports your compliance obligations for:

  • AML (Anti-Money Laundering): Under the Bank Secrecy Act, financial institutions must implement risk-based customer due diligence programs. The Risk Assessment check provides the systematic risk rating required to determine appropriate CDD or EDD procedures for each customer, supporting BSA compliance through consistent application of risk criteria.

  • KYB (Know Your Business): FinCEN's Customer Due Diligence Rule requires covered financial institutions to understand the nature and purpose of customer relationships and develop customer risk profiles. This check synthesizes verification results into a coherent risk profile that meets CDD rule requirements for risk-based due diligence.

  • Customer Due Diligence: The CDD Rule under 31 CFR 1010.230 requires financial institutions to conduct ongoing monitoring commensurate with customer risk. The Risk Assessment provides the foundational risk classification needed to determine appropriate monitoring levels and review frequencies.

  • Enhanced Due Diligence: For higher-risk customers identified through risk assessment, enhanced due diligence becomes mandatory under various regulations. This check clearly identifies which cases require EDD based on comprehensive evidence analysis, supporting OFAC compliance and high-risk customer regulations.

Regulatory References

  • Bank Secrecy Act (BSA): 31 USC 5311 et seq. - Requires risk-based AML programs including customer risk assessment

  • FinCEN Customer Due Diligence Rule: 31 CFR 1010.230 - Mandates understanding of customer relationships through risk assessment

  • FATF Recommendation 10: International standards for risk-based customer due diligence and risk assessment

  • FFIEC BSA/AML Examination Manual: Guidance on risk assessment as a core component of AML compliance programs

International Compliance

  • FATF Risk-Based Approach: The Financial Action Task Force requires financial institutions to identify, assess, and understand money laundering and terrorist financing risks, then take appropriate mitigation measures

  • EU Anti-Money Laundering Directives: European regulations mandate risk-sensitive customer due diligence with enhanced measures for high-risk situations

  • Basel Committee on Banking Supervision: Guidelines on sound management of risks related to money laundering and financing of terrorism emphasize comprehensive risk assessment

  • Wolfsberg Group Standards: International banking standards for risk assessment in customer onboarding and ongoing monitoring

Screenshot placeholder: Compliance documentation showing risk assessment audit trail

Technical Details

Check IDfinish_plan.risk_assessment Check Family: Finish Plan / Decision Making Typical Processing Time: 3-8 seconds (varies with evidence complexity) Data Sources: Evidence from all previous verification checks in workflow

Need Help?

If you're experiencing issues with this check:

  • Review the troubleshooting section above

  • Verify all prerequisite checks completed successfully

  • Check that your risk criteria are properly configured

  • Contact our support team with your specific case details - we're here to help!

Last updated: October 6, 2025 Related checks: Sanctions ScreeningAdverse Media ScreeningBusiness Ownership Verification