- Simplified Risk Rules – Custom Fields
- Simplified Risk Rules – Services
- Managing Risk Pillars
- Managing Risk Classifications
- Risk Assessment Types
- Other Minor Changes
- Bug Fixes
Simplified Risk Rules – Custom Fields
As we did in the last release, have continued enhancing our Simplified Risk Rules with a complete overhaul on the way risk scores along pillars that are based on custom fields are configured. A detailed guide on how to leverage this feature is provided on our help website.
Simplified Risk Rules – Services
We have also rolled out another feature as part of our Simplified Risk Rules module, that allows users to assign the risk score for a Service directly via the Services screen (accessible from Settings > Services). This eliminates the need to create a segment every time a Service is created.
Managing Risk Pillars
Although InScope-AML did allow the addition of additional risk pillars, this feature was not available via the user interface and such changes had to be done by our support staff. We have now added the relevant functionality to allow you to add and delete risk pillars via the Settings > Risk Pillars screen. Note that adding or deleting a risk pillar will probably bring a large number of entities up for a risk assessment.
Managing Risk Classifications
Similarly, we have added a feature that allows users to add risk classifications via the user interface. This can be done from the Risk Settings screen found under the Settings menu option. As with modifying risk pillars, adding or removing risk classifications, will probably bring a large number of entities up for a risk assessment.
Risk Assessment Types
Two types of risk assessments are now supported – periodic risk assessments and ad-hoc risk assessments. All risk assessments carried out to-date on existing InScope-AML installations have been set to “Periodic”. When a new risk assessment is created, users now have the option to select whether the type of the risk assessment. The only difference between the two is the way the next risk assessment due date is calculated. The next risk assessment due date is based on the current risk classification and the last periodic risk assessment carried out.
For example, consider a set up where medium risk entities are configured to be reviewed every 12 months and low risk entities are set to be reviewed every 24 months. A medium-risk entity had a risk assessment carried out on 1st January 2019. The next risk assessment is due on 1st January 2020. If a risk assessment is carried out on 9th December 2020 and marked as periodic, the next risk assessment due date is moved to 9th December 2021. On the other hand if the risk assessment is set to ad-hoc the risk assessment remains due on 1st January 2020. If the risk score is changed as part of the ad-hoc risk assessment such the risk classification is set to Low, the next risk assessment due date is calculated as 24 months since the last periodic risk assessment thus the entity would be due for a next risk assessment on 1st January 2021.