Our recent experience of snow has taught me a couple of things: that tabby cats can disappear entirely if the snow is more than six inches deep, and that snow coming over the top of a boot is a most unpleasant sensation. It has also made me reflect – prompted in part by the unedifying squabble between (as the reporters soon started calling them) Mr Heathrow and Mr Gatwick about whose airport was better at dealing with (gasp!) snow in winter – that we are all sometimes guilty of ignoring risks entirely, simply because they are quite small. Granted, London’s airports are rarely troubled by the huge snowdrifts tackled annually by their cousins in Scandinavia – but snow is not unknown in England in winter, and so perhaps more contingency planning should be done.
Those tasked with preventing and forestalling money laundering may have derived false comfort from the ubiquitous risk-based approach – but nowhere does this approach suggest that any risks are so small that they can be ignored. Yes, you are encouraged to rank the risks, and then spend more time on mitigating the more serious and the more likely and the more potentially damaging – much as I should imagine Mr Heathrow spends quite a bit of time on securing his airport against terrorist attacks and plane crashes. But this does not mean that just because a risk is small or rare, you can discount it entirely. I am not advocating overkill; it would be daft for Mr Gatwick to worry for too long about the risk of a shop on his concourse spontaneously bursting into flames, or a cargo of poisonous snakes getting free, but I am sure that somewhere in his manual is a chapter on terminal fires and another on live cargo risks. And likewise, just because you know that it is highly unlikely that your most prized client is in fact a front-man for the Mafia, it does not excuse you from having in place a plan of action should that prove to be the case. And in case you’re wondering, I’ll take snowdrifts over snakes any day.
I hate money laundering 
Hello Susan,
my feeling is that there is a tendancy to use “a risk based approach” as the panacea to support all difficult decisions. i.e “its low risk so we did it”
While ideal in theory adopting RBA is far from easy and calls for a searching analysis of sources of risk at both the business entity level and transaction level. Plotting a matrix of probability against impact is useful again at both the transaction level, but probably equally important at business level as this provides the business leaders and MLRO with a view on the levels of risk carried by the business as a whole. – The heat map of the business.
Hello Paul
As incisive as ever – you are bang on when you say that adopting an RBA is far from easy. The theory is very simple, but the reality – particularly when trying to make it fit your own specific business (as all regulators require) – is far from straightforward.
And I love the concept of a business “heat map” – may pinch that term for my own training!
Best wishes from Susan
Hi Susan,
No problem pinching “heat map” – as I unashamedly look to your blogs for ideas for my training. – We are all in this together. Whilst I still use my yahoo address, you may know that I am now a regulator with responsibility for setting up a DNFBP compliance department. Team of one at the moment. Previous banker – so poacher turned gamekeeper!! You can see it on my Linked In profile.
Any one of your your audience who has involvement with risk management should be familiar with the concept of a heat map. Google it and you’ll find MS Excel has templates.
X and Y axes for impact and probability and where they converge is “Low” and stretch out through medium to high on each axis. Those issues in the High / High quartile are “the hottest” and at a business level – the numbers of transactions in that category signify the level of risk being carried by the business. The placement in categories (HML) should not necessarily be seen as an absolute placement, although some risk management techniques have complex methods of measurement. I prefer a gut feel in cases such as this. The heat map provides the MLRO with an excellent summary reporting to the Board or senior management. Too many in the top quartile should be of interest to the Board as it may mean that the business is acting beyond the risk appetite they have set.
Apologies Susan if I am stating what you already know.
Kind regards
Paul
Dear Paul
Thank you so much for this extremely helpful comment – you are not at all stating what I already know, and you are right that we are all in this together. It’s one of my mantras: the criminals are organised and co-operative, so we need to be too.
Congrats on the new appointment – I shall watch developments with interest!
Best wishes from Susan