Risk Assessment Policy

RISK ASSESMENT POLICY

 

 

 

INTRODUCTION.. 2

 

RISK ASSESSMENT PROCEDURE.. 2

 

THE RISK CATEGORIES. 2

 

THE RISK ASSESMENT SCALE. 2

 

THE COMPANY´S RISK APPETITE.. 3

 

THE UPDATE OF RISK ASSESSMENT. 3

 

MODEL TO IDENTIFY CUSTOMER´S RISK PROFILE. 4

 

 

 

INTRODUCTION

This Risk Assessment Policy (Policy) establishes ground for the Company´s risk management regarding to money laundering and terrorist financing risks.

The Policy is the subject of a review by the Company's management board at least annually. The proposal for a review and the review of these Guidelines may be scheduled more often by the decision of the MLRO.

The words used in the Policy shall be interpreted in accordance with definitions provided for in the Guidelines, which annex this Policy is.

RISK ASSESSMENT PROCEDURE

The Company shall prepare and regularly update the risk assessment in order to identify, assess and analyses the risks of money laundering and terrorist financing related to its activities.

The process of risk assessment, executed by Company shall include at least the following actions:

• risks identification;
• risks analysis;
• risks evaluation.

The risk assessment and the establishment of the risk appetite shall be documented, and the documents shall be updated where necessary.

THE RISK CATEGORIES

The Company identifies the risks/threats related to its activities, as well as the risks/threats that may arise in the near future, that is foreseeable risks/threats, and assesses and analyses their significance and impact. The risks/threats are identified and assessed on a case-by-case basis as of the moment of the risk assessment and separately considering the situation where the Company should take the risks to the maximum extent permitted by the risk appetite. The Company identifies, assesses and analyses risks of money laundering or terrorist financing taking into account the following risk categories:

• risks relating to customers;
• risks relating to countries, geographic areas or jurisdictions:
• risks relating to products, services or transactions, including risks relating to new and/or future products, services or transactions:
• risks relating to communication, mediation or products, services, transactions or delivery channels between the Company and customers.

THE RISK ASSESMENT SCALE

The Company shall identify risk factors for the risk categories specified in above that increase or decrease the risk of money laundering and terrorist financing. The following scale (score) for the each identified risk factor grade impact (likelihood x impact) shall be used:

low (1 point) – assessed risk factor which meets the following:

• has insignificant or does not have affect to the occurrence of risks of money laundering or terrorist financing;
• does not increase or increase insignificantly the occurrence of risks of money laundering or terrorist financing.

medium (2 points) – assessed risk factor which meets the following:

• has medium affect to the occurrence of risks of money laundering or terrorist financing;
• increase the occurrence of risks of money laundering or terrorist financing.

high (3 points) – assessed risk factor which meets at least one of the following:

• has significant affect to the occurrence of risks of money laundering or terrorist financing;
• increase the occurrence of risks of money laundering or terrorist financing significantly.

prohibited (4 points) – assessed risk factor which meets all of the following:

• has significant affect to the occurrence of risks of money laundering or terrorist financing;
• increase the occurrence of risks of money laundering or terrorist financing significantly;
• does not meet the Company’s risk appetite.

THE COMPANY´S RISK APPETITE

The following information establishes the Company´s risk appetite:

• the Company management board made a decision on establishment of business relationships with the Customers from non-EEA countries.
• the Company will provide only services, specified in the Services Description (annex of this Policy);
• the Company will provide only services with the max volume of services specified in the Services Description (annex of this Policy);
• risks which correspond the Company’s risk appetite (the risks assessed from low to high) and their assessment are specified in the Customers' profiles (annex of this Policy);
• risks which Company intends to avoid (the risks assessed as prohibited) are specified in the Customers' profiles (annex of this Policy).

 

THE UPDATE OF RISK ASSESSMENT

The Company shall update or renew the risk assessment and the related documents when necessary, but not less than once per year. The Company's is obligated to update or renew risk assessment in the each of following cases:

• there are violations of restrictions set by the company’s risk appetite;
• the financial performance (for example, profit or turnover) of the the company has increased significantly over a short period;
• Customers number significantly increased;
• Customers number with certain risk level significantly increased;
• number of claims from Customers increased significantly;
• number of refusals for business relation with Customers increased significantly.;
• number of notifications sent to the authorized bodies increased significantly;
• more than 20% of the employees were replaced or removed within 6 months;
• the number of orders from supervisory authorities has increased significantly;
• it systems used by the company were changed significantly;
• main service providers of the company were changed;
• new national risk assessment occurred;
• in the other cases if it’s required on the opinion of compliance officer or management board of the company.

The Company shall update risk assessment and the related documents before:

• starting of use new or emerging technologies;
• starting of providing new products or services;
• starting of using non-traditional sales channels;
• starting of using new channels for providing services or products.

MODEL TO IDENTIFY CUSTOMER´S RISK PROFILE

The Company shall analyze the data obtained during implementation of CDD, compare the aforementioned data with risk factors identified for each ML/TF risk category and determine the Сustomer´s risk profile in accordance with the following.

For the Customer´s ML/TF risk assessment the Company uses the following risk categories:

• risks relating to customers;
• risks relating to countries, geographic areas or jurisdictions:
• risks relating to products, services or transactions;
• risks relating to communication, mediation or products, services, transactions or delivery channels between the obliged entity and customers;

For the each of aforementioned risk categories following risk score may be identified:

• low risk (1 risk point) – No influential risk factors exist in risks category, the customer itself and the customer’s activities are transparent and do not deviate from the usual activities, i.e. the activities of a reasonable and average person, in that field of activity, and there is no suspicion that the risk factors as a whole could lead to the realization of the risk of money laundering or terrorist financing;
• medium risk (2 risk points) – One or several risk factors exist in the risks category that deviate from the usual activities of a person acting in that field of activity, but the activity is still transparent and there is no suspicion that the risk factors as a whole could lead to the realization of the risk of money laundering or terrorist financing;
• high risk (3 risk points) – One or several risk factors exist in the risks category that as a whole grows suspicion of the transparency of the person and their activities, which causes the person to deviate from persons usually acting in that field of activity and it is at least possible that money laundering or terrorist financing is taking place;
• prohibited risk (4 risk points) – Risk is not acceptable by the Company due to risk appetite.

Each risk category shall be assessed in accordance with risk factors identified for the assessing customer´s risk profile. The score for risks category shall be determined in accordance to higher identified risk factor´s score in the risk category.

The risk score of each risk category shall be used in the following table to determine the Customer´s risk profile.

 

Risks category/score	Low (1)	Medium (2)	High (3)	Prohibited (4)		Coefficient	Result
Risks relating to customers						2
Risks relating to countries, geographic areas or jurisdictions:						1
Risks relating to products, services or transactions						2
Risks relating to communication, mediation or products, services, transactions or delivery channels between the obliged entity and customers;						1
The parameters for determining the risk profile of customer are: The customer´s risk profile is low, if x < 2 The customer´s risk profile is medium, if  2 ≤ x ≤ 3 The customer´s risk profile is high, if x > 3 The customer´s risk profile is prohibited, if at least one of risks categories has 4 points. Exceptions: the Customer´s risk level may be determined as „low“ only if no one of risks categories scored as „high“; the Customer´s risk level shall be determined as „high“, if at least one of risks categories scored as „high“.					Average result (x):
					Risk level of the customer: