Risk Assessment

What is Risk?

The concept of risk can become incredibly complex, multifaceted and difficult to define – risk assessment and risk mitigation have grown into diverse fields of academic study and specialized professional work. 

If a broad and simplified definition is taken, risk can be understood as the probability that a detrimental and/or undesirable event may occur that, should it occur, will have negative consequences for the concerned individuals/entities.  

Types of Risk 

There are many different types of risk that span a broad range of contexts, industries, and social, political and economic factors. One example is political risk, which deals with the risk associated with political events; another example is investment risk, which deals with the risk of a loss associated with a financial investment. 

As a provider of tools for risk assessment that span identity verification and data validation, the type of risk most pertinent to our clients are risks related to personal identity. These risks will be the focal point of this article.  

What is Risk Assessment?  

Risk assessment is the process of collecting information that can empower a business to assess the level of risk in any given situation and then make informed decisions regarding how to go forward, after having evaluated the information that has been collected and assessing the associated level of risk. 

In other words, risk assessment is the process of gathering and analysing information so as to make informed decisions that take all pertinent factors into account. 

Difference Between Risk Assessment and Risk Mitigation 

As previously discussed, risk assessment refers to the gathering of information in order to build a better understanding of the risk inherent in a situation. 

On the other hand, risk mitigation refers to the actual decisions that are made based on the information that has been gathered. 

As a supplier of tools for risk assessment, ThisIsMe will never serve in an advisory capacity concerning how a business should or should not manage a specific situation or mitigate a certain risk.

ThisIsMe’s services empower businesses with the tools that are necessary to gather high-quality information that can then be used to assess risk. To find out how our suite of world-class solutions can empower your business to assess risk, contact our team here

Risk Assessment and Regulatory Compliance Obligations for AML/CFT 

Jurisdictions around the world have strict legislation concerning the regulation of financial activity in order to mitigate the risk of money laundering and the financing of terrorism. This portfolio of legislation is referred to as Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) and contains strict provisions for how financial institutions are to interact with their clients and conduct transactions. 

Much of global AML/CFT legislation centres on the verification of personal identity and the tracing of funds to ensure their legitimacy. 

South Africa is no different. National AML/CFT legislation requires businesses, institutions and organizations designed as Accountable Institutions (AIs) to adhere to a variety of obligations for the verification of client identities and the validation of information. 

What is the Process of Conducting Risk Assessments

In South Africa, AML/CFT legislation is governed by a Risk-Based Approach. In short, this means that every business will have to mitigate the risks that it is exposed to (within a certain set of laws that provide a baseline and framework for a business’s specific risk assessment and risk mitigation protocols). 

How exactly a business conducts a risk assessment and in what circumstances it does so will typically depend on the industry and specific legal requirements for doing so. Consequently, the exact tools used for risk assessment will vary depending on the use case. 

In the context of risk assessment related to personal identity, there is a wide variety of tools at a business’s disposal that are equipped to cater to a wide variety of broad and highly specific roles. 

Digital Tools for Risk Assessment 

There exists a wide variety of tools for risk assessment. 

Some of the most common tools are basic identity verification tools such as ID number verification, which can verify that an individual is real, is alive, and that the person using the ID number is who they claim to be. This basic tool can be enhanced with artificial intelligence and liveness detection in order to use and match real photographs of the person with their ID photo, thereby adding an extra layer of security.  

Other tools include more advanced identity verification and data validation tools such as Politically Exposed Person (PEP) checks, sanction checks, Bank Account Verification Services (AVS checks) and adverse media checks. These tools will typically be used in certain situations that call for advanced tools that gather more comprehensive information on an individual – transactions related to important political figures or ultra-high-net-worth individuals may call for the use of tools such as these. 

Regardless of the exact scenario, the underlying logic is the same: gather high-quality information to assess risk, thereby empowering a business to make informed decisions. 

Risks Related to Personal Identity  

For many businesses, institutions and organizations, there is significant risk associated with personal identity and the individuals with whom they do business, be they customers, clients, suppliers or other business partners. 

The risks related to personal identity are varied and complex. For some industries, the risks associated with personal identity are primarily regulatory. For instance, in order to mitigate against money laundering, banks in most jurisdictions are obligated to conduct significant due diligence on high-net-worth individuals to establish verified identities and track funds to ensure their legitimacy. Should this due diligence not be conducted and the bank facilitates the process of money laundering, the bank puts itself at high risk of being given severe penalties by national regulators. 

For smaller businesses, the risks associated with personal identity are more directly related to the fraudulent individual in question. For example, should the business fail to detect that a wholesaler is fraudulent, the victim business may get defrauded of assets worth a significant portion of its gross capital. 

Risks related to personal identity also expand to encompass legal entities such as companies and trusts. In these cases, a business may conduct checks on a legal entity to verify director information and validate information such as the legitimacy of associated bank accounts. 

The risks associated with are typically most serious for the financial services industries – banks, insurance and investment firms are some examples of financial institutions that are highly exposed to risks related to personal identity such as fraud, financial crime, money laundering and the financing of terrorism. 

Risk Assessment Services for South Africa – Identity Verification, Data Validation and KYC Solutions

All of the tools for risk assessment discussed in this article – and more – are offered by ThisIsMe. ThisIsMe provides businesses with the tools necessary to verify identities, validate information, secure transactions, and mitigate risk. 

As South Africa’s leading provider of world-class due diligence and remote-onboarding solutions, ThisIsMe is proud to be at the forefront of a trust-based and privacy-compliant digital world. To experience our full suite of advanced due diligence services, book a demonstration by contacting our team here.