Business Risk Assessment (BRA)

The Business Risk Assessment (BRA) allows the subject person to ensure that the current business model is in line with its risk appetite. In order to be effective, it must be drawn up using reliable quantitative and qualitative data and be regularly revised.

We have the tools and know-how to assist subject persons to draw up purposeful and relevant business risk assessments. Forvis Mazars created business risk assessment (BRA) models specifically designed for the following sectors:

  • Remote Gaming Companies
  • Company Service Providers (CSPs), Trustees and Fiduciaries
  • Financial Institutions

Our models meet all the requirements of the PMLFTR and FIAU Implementing Procedures, taking into consideration both quantitative and qualitative factors.

What makes our BRA models different?

Each of the BRA models are designed to service all subject persons within the above sectors. These are bespoke models which are designed around the specific risks of the subject person. A comprehensive scoring and weighting methodology is applied to analyse the inherent risks and relevant controls of the subject person.

BRA Image 1

The BRA model in practice

The BRA process includes an orientation phase, followed by a procedural walkthrough and workshops with the MLRO and risk owners. This will enable the MLRO to understand the BRA methodology and obtain a deeper understanding of the inherent and residual risks exposures of the subject person.

BRA image 2

Risk Classification

All evident risks are included. The BRA model delves into at least 5 risk categories that are specific to the relevant sector, including governance structures.

BRA Image 3

Control effectiveness

While the BRA is not an independent assessment, this model is designed to include and give due weighting to the mitigating measures applied to the identified risks.

Reporting – accuracy, consistency and simplicity

The methodology and workings together with the results generated from the model will be analysed and presented in an easy-to understand report. The Report also provides narrative on why controls are effective or otherwise in the context of the specific and holistic risk exposure, thereby control weaknesses can be easily identified.

Applying the BRA conclusions into practice

We can assist in the drawing up of remedial plans for the gaps identified during the assessment.

Data Sources – because data is key

The model is a data driven assessment which makes extensive use of quantitative and qualitative data 

We can also assist subject persons to manage their risk exposure. Measures are broad and vary on a case-by-case basis but may range from strengthening specific parts of the AML control framework to embarking on a structured de-risking exercise.

Submit RFP 

Want to know more?