Version 7.7

Simplified Risk Rules – Custom Fields

As we did in the last release, have continued enhancing our Simplified Risk Rules with a complete overhaul on the way risk scores along pillars that are based on custom fields are configured. A detailed guide on how to leverage this feature is provided on our help website.

Simplified Risk Rules – Services

We have also rolled out another feature as part of our Simplified Risk Rules module, that allows users to assign the risk score for a Service directly via the Services screen (accessible from Settings > Services). This eliminates the need to create a segment every time a Service is created.

Managing Risk Pillars

Although InScope-AML did allow the addition of additional risk pillars, this feature was not available via the user interface and such changes had to be done by our support staff. We have now added the relevant functionality to allow you to add and delete risk pillars via the Settings > Risk Pillars screen. Note that adding or deleting a risk pillar will probably bring a large number of entities up for a risk assessment.

Managing Risk Classifications

Similarly, we have added a feature that allows users to add risk classifications via the user interface. This can be done from the Risk Settings screen found under the Settings menu option. As with modifying risk pillars, adding or removing risk classifications, will probably bring a large number of entities up for a risk assessment.

Risk Assessment Types

Two types of risk assessments are now supported – periodic risk assessments and ad-hoc risk assessments. All risk assessments carried out to-date on existing InScope-AML installations have been set to “Periodic”. When a new risk assessment is created, users now have the option to select whether the type of the risk assessment. The only difference between the two is the way the next risk assessment due date is calculated. The next risk assessment due date is based on the current risk classification and the last periodic risk assessment carried out.

For example, consider a set up where medium risk entities are configured to be reviewed every 12 months and low risk entities are set to be reviewed every 24 months. A medium-risk entity had a risk assessment carried out on 1st January 2019. The next risk assessment is due on 1st January 2020. If a risk assessment is carried out on 9th December 2020 and marked as periodic, the next risk assessment due date is moved to 9th December 2021. On the other hand if the risk assessment is set to ad-hoc the risk assessment remains due on 1st January 2020. If the risk score is changed as part of the ad-hoc risk assessment such the risk classification is set to Low, the next risk assessment due date is calculated as 24 months since the last periodic risk assessment thus the entity would be due for a next risk assessment on 1st January 2021.

Minor Changes

• Simplified Risk Rules now support a risk source for UBOs with any percentage. This allows you to configure rules that are only applicable to UBOs with a particular minimum percentage and other rules that apply to all UBOs irrespective of their ownership percentage,
• Recently a number of overnight workflows were failing due to failures downloading third-party sanction files. While this is beyond our control, we have baked in a mechanism to keep retrying for a longer period of time. This should hopefully reduced the number of times the overnight workflows fail.
• The Ultimate Beneficial Owners for trusts and other organisations are now visible on the trusts/other organisations dashboard.
• Implemented the option to delete all rules within for every risk pillar type. This option is only available if automatic risk assessments are switched off.

Bug Fixes

• For clients who have risk scores ranging from 1-100, some of the new simplified risk rules were incorrectly allowing users to set up risk scores that are not in multiples of 5 and this was breaking the user interface when creating a risk assessment.
• The guidance note for setups with risk scores ranging from 1-100 was incorrectly asking the user to pick a value between 1 and 10.
• The system was throwing an error when renaming a risk pillar and changing it’s risk pillar type at the same time.
• Risk Factors for Jurisdiction Risk pillar where not always ordered correctly.