New Product Features
Released May 2022: Risk Assessment Professional - Country Risk Management
This update will add “Risk lists” to RA pro to better capture the risk from high-risk country lists that originates from international bodies like FATF and the EU. Risk lists will be managed under a separate tab in the inherent risk assessment space and will seamlessly integrate with the threat intelligence content. Several country risk lists will be available by default in the tool and the user will have the possibility to edit existing lists or create new lists. As a result of this update other improvements have been made to the user interface in RA pro and more information is now available when assessing threats.
- Updated high-risk country lists always available in RA pro
- Existing country risk lists can be edited and new ones can be created by the users
- Each list can be configured to capture different types of lists e.g. straight “High-risk” lists (e.g. FATFs high-risk jurisdictions) or weighted index lists (e.g. Transparency Internationals CPI-index)
- Each list can have multiple risk area relevance if applicable. For example, the FATF high-risk jurisdiction list includes jurisdictions with weak measures to combat both money laundering and terrorist financing. A country on such a list will receive an inherent risk for both those risk areas
- A new residual risk view for geographies is available to clearly visualize country risks
- Existing risk assessment will not be affected by this update if you don’t change the data model (to the latest version) and activate this feature
- The implementation of country risk lists will make the existing threat “High-risk jurisdictions” redundant and it will therefore be removed from the data model
- The inherent risk score per country will either come from the highest risk list of from the relevant threats dependent of which is higher(additional configurations will be available shortly)
How to activate
- When you want to include country risk lists in your risk assessment you need to adjust you RA settings:
- Select a new data model (2022:20 or newer) and;
- Tick the checkbox “Use Risk Lists”;
- This will prompt a confirmation asking you to approve the change.
- When using risk lists we recommend a change in the risk configuration on how to calculate inherent risk for risk areas (e.g. Money Laundering). Currently this is based on an aggregation of the related threats, but when implementing risk list we will adopt a new default setting which will configure the risk engine to calculate risk areas based on a weighted average from the related risk categories (see below).
New Feature Screenshots
- Risk lists can be found under Inherent Risk Assessment:
2. Example of a country risk list (EU high-risk third countries):
3. The residual risk view for geographies with risk lists expanded for Barbados:
Released April 2022: Risk Assessment Professional - Comments
This update will add new functionality to “Comments” in RA Pro. Comments can be used to add e.g. conclusions and evidence to the risk assessment. Following this release comments will be managed in a side panel and users will be able to work with labels to categorize comments.
- Comments will be managed in a side panel for better overview
- Click on comments in the side panel to navigate to them
- Reply to a comment to start a conversation
- Add a label to the comment to categorize it e.g. “Action required”, “Conclusion” etc.
- Use filters and labels in the side panel to filter on certain comments
- Comments and labels can be used in the reporting (a later release)
- All existing comments will be available after the update
- Comments previously marked with the “Attention” triangle will automatically receive the “Follow-up” label
Released March 2022: Risk Assessment Professional - Change Manager
This new feature will add a Change Manager to the tool so changes to the risk assessment can be identified and handled in a structured way. The Change Manager can e.g. be used when updating the risk assessment, adding new products or if you want to compare the risk assessment to a historic date. The Change Manager can also be used to see changes made by another user.
- The Change Manager will list all changes to the Risk Assessment in a side panel
- While the Change Manager is active all current changes are highlighted in the application
- Click on items in the list to navigate and track your progress using the check boxes
- The Change Manager has a save and load functionality so that lists and progress can be stored and loaded
- Filters are used to help focus on certain change types
Use Case – Updating an existing risk assessment
When updating an existing Risk Assessment with a new data model the Change Manager will help you to assess changes to threats and risks following the standard risk assessment process steps.
- Go to settings and select the latest data model (e.g. 2022:9) which includes the latest version of Acuminors threat and risk analysis. When you save the settings page you will be asked if you want to open the Change Manager. Click “Save and use Change Manager”
- A side panel featuring the Change Manager will now open on the right side of the application. All changes that was triggered are now listed here
- Save the change report so that you can come back later if needed.
- By using the default filters: Inherent Risk Assessment, Control Assessment and Verify Residual Risk it is possible to go through, assess and handle changes following the risk assessment process order
- Start with the Inherent Risk Assessment filter and go through changes to threats. Do the changes you feel are needed and use the check boxes to track progress
- Continue with the Control Assessment filter to secure that added risks are mitigated
- When these two steps are completed you can use the Verify Residual Risk filter to assess changes to residual risks