The Tribune

There is little doubt that 2020 drove individuals and businesses of all sizes to financial, human, technical and strategic limits. Corporate leaders were stretched to either "pivot or perish”. In 2020, company strategies were tested, frameworks were challenged and, in many cases, resources strained and depleted. These changes must be considered as supervised financial institutions (SFIs) prepare to complete annual risk assessments as prescribed by their regulators.

Deloitte & Touche's Dr Patchin Curtis and Mark Carey, in their presentation Risk assessments in practice, said: “Risk assessment is all about measuring and prioritising risks so that risk levels are managed within defined tolerance thresholds without being over-controlled or forgoing desirable opportunities.”

I am a proponent of the view that risk assessments are equally important to both SFIs and designated non-financial businesses and professionals (DNFBPs). This is not only because the Financial Transactions Reporting Act's section five requires every financial institution to take appropriate measures to identify, assess and understand its risks, or carry out a risk assessment and document its findings while keeping the same up-to-date and available for review. It is also because both regulated and non-regulated entities should be acutely aware of their vulnerabilities and dangers while simultaneously advancing their strengths and opportunities.

For the avoidance of doubt: Every risk cannot be predicted with complete certainty. Notwithstanding this fact, risk assessments allow businesses to strategically identify, assess and prepare for any danger, hazards and other potential disasters that could derail their goals and objectives. Additionally, risk assessments can be used as a tool to assess and understand a company's human capital capacity, shortfalls and the needs of their present compliance functions.

Brienne Bryson, in her white paper published on January 7, 2020, wrote: “Nearly as important as understanding the risk to an institution is understanding the staffing expertise and resources needed to adequately mitigate that risk. A lack of experienced and qualified staff may directly affect an institution’s ability to mitigate and manage the risks identified in risk assessment.”

Do not let your annual enterprise risk assessment remain devoid of assessing the experience and training for your compliance professionals, otherwise you would be doing a disservice to your business. What is evident is the apparent omission of qualifications that are normally used synonymously with the attainment of degrees. Risk and compliance professionals, and human resources professionals, often grapple with the balance and definition of qualifications when evaluating the skills needed for their entity’s compliance function.

According to David Schwartz, president and chief executive of the Florida International Bankers Association: “Too few universities have developed curricula that can produce professionals capable of stepping into high-demand compliance roles.”

I agree with Mr Schwartz and, further, submit that experience and tailored training are key components of qualifications in our compliance world. Experience is measured not only in terms of length of time in the industry, but also the types of experiences and functions executed during that time.

Throughout this series I will address the key aspects of risk assessments, inclusive of regulatory guidance, risk categories, risk analysis and the institutional benefits of deploying a robust risk assessment programme. I implore companies to use this crucial time to align their risk policies with business strategies, and ensure they are better prepared to deal with the next big disruptor.

NB: Derek Smith Jr is the compliance officer and money laundering reporting officer (MLRO) at Higgs & Johnson, and former assistant vice-president for compliance/money laundering reporting officer (MLRO) at an international private bank. His professional career started at a ‘big four’ accounting firm, and has spanned over 15 years including business risk management, compliance, internal audit, external audit and other accounting services.