Know more about the risk engine

Risk Assessment Pro comes with a number of pre-defined settings to its risk engine. All settings can be changed to accommodate your specific needs. Described below are the current pre-defined settings.

Table of Contents

Pre-defined settings

Calculation of inherent risk for a threat

The probability for each threat is assessed and given a score between 1-4, where 1 is lowest and 4 is highest. The probability reflects how common the threat is in a certain region or country.


Threat: Individuals use of tax havens (avoidance, evasion and fraud) – Norway

Assessment method: Authority assessment

Motivation: It has become easier to use secrecy structures in tax havens and suspicion of tax fraud committed by Norwegian citizens is more often uncovered. The threat of tax evasion through tax havens is therefore considered to be high in Norway according to the authorities.

Probability is assessed as: High


Threat: Card-Not-Present (CNP) fraud – Norway

Assessment method: Statistics (estimated annual amounts)

Motivation: The amount for card fraud via online banking were EUR 150 million in 2018. The amount refers to the sum of transactions completed and attempted. The grand majority of card fraud were CNP fraud.

Probability is assessed as: High


Threat: Forced labour – Norway

Assessment method: Experts analysis

Motivation: The number of reports of forced labour and forced services have been rather low and stable in the past years. However, it is assumed that there are dark figures since the exploited victims do not report or cooperate with the police.

Probability is assessed as: Medium

Assessment of Impact

Impact is assessed manually using a scale of 1 – 4, where 1 is lowest and 4 highest. The impact assessment consists of three components as shown below.

Not used since very little financial crime normally result in direct financial losses (with exception of fraud). Financial losses can be a result of reputational and regulatory risks and is hence better included in the assessment of those two topics.

Level 1: No media coverage

Level 2: National negative media coverage

Level 3: International short term negative media coverage

Level 4: International long-term negative media coverage

Level 1: No FSA criticism

Level 2: FSA criticism but no fine

Level 3: FSA criticism and fine

Level 4: FSA revoke license to operate


If we are misused for the threat Large-scale money laundering, this may result in international long-term negative media coverage (Level 4) and regulator criticism and fine (Level 3).

This results in (4 + 3) / 2 = 3,5 which is rounded up to Level 4 on a 1-4 scale.

Assessment of inherent risk for a risk indicator

The inherent risks are first assessed for each threat. Once done, the risk indicators stemming from the threat will inherit inherent risks from the relevant threat according to an even-distrubution model as shown below.

Risk indicators that occur in several threats will obtain a calculated inherent risk based on the inherent risks from all the relevant threats. This allows an organisation to quickly see what customer types, products/services, transaction types, channels and countries that are most risky.


Based on one threat
One threat
Based on more than one threat
More than one threat
Compliance (available as add-on)
Compliance Inherent Risk

Assessment of controls

One control can target one or several risks.  As part of the control assessment, the user defines what risks each control mitigates.  The user also assesses how effective the control is by assigning a control level (1-4, where 1 is weakest and 4 is strongest).

Several controls for one risk indicator