Compliance Risk Assessments
Where are compliance risks lurking in your firm?

Why Should Firms Complete a Compliance Risk Assessment?

As global regulations proliferate, and as the expectations of regulatory and enforcement authorities continue to increase, organisations are exposed to a greater degree of compliance risk than ever before.

At the same time, many compliance functions remain under pressure to closely manage their budgets and resources. Together, these factors have created a tension between growing regulatory obligations and the pressure on Compliance functions to do more with less.

Compliance heads (and senior management) need to be sure that they understand the full spectrum of compliance risks lurking in each part of the business. They then need to assess which risks have the greatest potential for legal, financial, operational, or reputational damage and allocate limited resources to mitigating those risks.

New Link Consulting has helped many clients to complete Compliance Risk Assessments (CRAs) in the context of money laundering (ML) and terrorist funding (TF), which are, of course, mandatory. But more and more clients are now asking us to apply ML-TF CRA methodologies and disciplines to assess all regulatory and compliance risks faced by the firm.

In essence, this requires us to work with our clients to systematically identify and assess all inherent regulatory risks, taking into account both the potential impact (including legal, financial, regulatory and reputational impacts), and the likelihood of the risk crystallising. We look beyond the specific regulatory requirements and consider all of the firm’s own compliance policies and standards. For each inherent risk, we then consider the design and effectiveness of the current controls in the first and second lines of defence, to enable us to identify and assess residual risks.

What do Firms do with the CRA?

The results of the CRA are used for a variety of purposes, including to:


Our Services


Designing a bespoke CRA methodology, proportionate to the firm’s scale and complexity.


Conducting the CRA, typically in conjunction with the senior compliance team.


Analysis of the results and preparing the CRA 

Our Approach

  • We aim to keep the CRA as simple as possible and tailor the approach to the client’s business model and risk profile.
  • We work with the firm’s CRA owner to transfer knowledge.
  • We gather input to the CRA from across all 3 lines of defence and we analyse the results and help answer the ‘so what?’
  • We help clients to establish clear risk ownership.
  • We make the CRA actionable.
  • We leverage data to identify risk.
  • We have the experience, credentials and tools to complete the CRA for any regulated firm.

Further Information

For further information on our approach to CRAs, or to arrange an initial discussion, please contact the Practice Lead for Compliance and Financial Crime, Peter Brooke []