How effective is your financial institution (“FI”) at assessing the overall inherent risk within your organization? Where is the highest amount of risk concentrated within the enterprise? How is risk even assessed? The responses to these questions all converge to one locale—the foundation for maintaining and safeguarding the integrity of your FI begins and ends with your AML and OFAC Enterprise-Wide Risk Assessment (“ERA”). In this post, we examine the mechanism behind developing a resilient ERA and how FIs can effectively sustain a low-risk enterprise utilizing a methodical framework. Although you may think your institution maintains a strong ERA, this post may prompt you to reexamine your ERA. The AML and OFAC Enterprise-Wide Risk Assessment Methodology Though many FIs possess an AML/OFAC ERA, the actual methodology for how to appropriately conduct an ERA is oftentimes absent. In fact, many FIs do not implement this critical first step with an appropriately documented ERA methodology. The ERA should not be confused with the ERA methodology. The ERA methodology is basically akin to a user-friendly handbook that enables a FI to delineate in detail its approach to the who, what, when, where, why, and how elements involved in assessing risk, such as which databases and platforms the FI will be exploiting to obtain the information necessary to conduct the ERA, or the strategic framework for how risk will be assigned.