Many of us are aware of the requirement to include geography or country data in the mix when we are risk assessing our customers, but understanding how to determine the actual risk associated with a country and how to use the information can be more challenging?
The benefits and uses of country risk data are quite diverse, so while having an organisational wide approach to determining the country risk ratings makes sense it will require a more comprehensive methodology.
How can country ratings be used?
There is a need to understand the Sanctions risk associated with different countries when putting in place screening policies. For managing PEP risk other factors become important such as rates of corruption and tax transparency associated with a country. Similarly, for transaction monitoring (TM) purposes, knowing countries where there is a higher risk associated with terrorism will be relevant for monitoring rules focused on the financing of terrorism. Other TM rules will be looking at money laundering so knowing which countries have less stringent AML legislation comes into play here. They are just some of the uses for country risk data.
How do you determine the risk associated with the country?
An internal methodology can be developed using widely available data sources. It will require detailed research and thought to design the method, document it and then implement it. Finding an owner and team to manage the updates and in fact develop the tool has the potential to cause further challenges.
An internal approach will be suited to a more straight forward consideration of the country risk potentially focusing on the likes of FATF data, Transparency International, the EU list of Higher risk countries, high-level sanctions in place and a few other sources.
Some of the challenges with this approach is that maintaining it can be a burden depending on how many data sources you have incorporated and the fact that they will all update at different frequencies and different times of the year. With a more simplistic approach, the country ratings may not be as suited to diverse uses that you need it for as discussed above, for example for your specific TM rules.
There are some products available on the market which provide comprehensive country assessments. They should allow flexibility to use the data to focus on certain types of risk. For example, sanctions, PEPs, AML risk etc, as and when you need it. They will ideally contain a large range of data sources which is fully documented. The methodology should be transparent and clear. Updates should be available periodically at agreed timelines – very regular updates are not practical for the business and operations teams to manage changes in country risk profiles, very infrequent updates do not allow pertinent information about country risk to be used. Often business teams will have an internal view of the risk associated with a country, it is important that the country assessment product can incorporate this internal knowledge within the scoring.
The benefit of using an external source is that the methodology and updates will be maintained externally allowing a much more complex and diverse data set to be used to rate the countries. The layers of data will allow for more robust and refined country ratings and the product should satisfy the cross-organisational requirement for country ratings which have different focuses such as sanctions, PEPs, AML etc.
Choosing an internal method versus an external product will depend on internal risk appetite, scale and scope of the business. SQA Consulting offers a comprehensive country risk assessment tool called the Country Risk Index (CRI), please contact us or have a look at the CRI brochure here SQA Country Risk Index overview June 2020.