Supervisory Methodology

Inherent Risk Assessment

Business Model,
Strategy, and
Corporate Governance
We assess the unmitigated risks to the underlying business model; the model’s revenue drivers and the risks associated with those drivers; and Firm’s strategy to develop a viable and sustainable business. We also consider the overall governance structure of the Firm and the fitness and probity of the Firm’s board of directors and senior management.
Financial Risk We assess the Firm’s unmitigated risk exposure to credit, liquidity, and market risk. To do this, we consider the nature and complexity of credit products and investment instruments, and borrower and depositor demographics.
Operational Risk We assess the Firm’s exposure to people, processes, systems, and external events. We consider the level of automation versus manual processes, technological complexity, the prevalence of legacy systems and integration risk, key staff competency, the level of outsourcing, and the Firm’s susceptibility to external events. 
Conduct of Business Risk We assess the risk that a Firm, or its employees, engage in inappropriate behaviour that results in client harm or market abuse or other seriously improper conduct by, or the unfitness or incompetence of, persons concerned in the provision of banking, insurance, investment or other financial services. To do this, we consider the culture of the Firm; the types of services offered; and the methods through which the Firm engages with clients and   generally conducts its financial services business. 
AML / Financial Crime Risk We assess the Firm’s country of origin, the products and services it offers, the distribution channels and business partners in which it engages, and its client and business demographics.  

Control Effectiveness Assessment

For each of the inherent risk categories we look at the role and effectiveness of the governance framework in mitigating the risk. We assess the Firm’s policies and procedures and review the management information systems and risk management framework. Finally, we assess the quality of the Firm’s internal controls and audit framework.

Residual Risk Assessment

Upon identifying the Firm’s inherent risk and assessing its control effectiveness, we net control effectiveness against inherent risk and make a determination as to the Firm’s residual risk.

For better web experience, please use the website in portrait mode