As the need to stay in compliance continues to be at the forefront of every financial institution’s priorities, one of the key factors is The Federal Financial Institutions Examination Council’s (FFIEC) requirement for financial institutions to evaluate AML controls and execute an Enterprise Wide Risk Assessment (EWRA).

Beyond this requirement and the acknowledgment that the financial institutions (FIs) may employ a risk-based approach to the EWRA, the FFIEC provides very little guidance on how to execute an effective EWRA. The basic EWRA equation is simple: Inherent Risk - Control Effectiveness = Residual Risk. With AML RightSource regularly assisting FI clients with their EWRAs, our experience has shown that FIs overwhelmingly focus attention on evaluating the inherent risk factors over the control environment.

Understanding and evaluating AML controls

In our recently published white paper, Evaluating Controls in the Risk Assessment Equation, we constructed a framework to provide some guidance to FIs on how better to understand and articulate AML controls when executing their EWRA. This resource provides specific insights and tactics organizations can use to improve control effectiveness and protect their organizations from financial risk.

In this white paper, we define various types of controls, identify how properly to document manual controls, explain control granularity levels, and delineate the interrelationship among associated AML controls. While the FFIEC provides the FIs with a fair amount of leeway to execute its EWRA, no FI wants to be an outlier.

We hope this whitepaper will help you structure your EWRA in a way to accurately reflect risk for your organization, but also realize there’s a lot more that goes into the construction and implementation of one.

Advising clients on industry best practices is something that we take pride in; EWRAs are no exception. If you have additional questions on this critical aspect of FI compliance and crime prevention, contact us to talk to one of our AML experts.


Risk Assessment Equation