Consolidating Financial Crime Risk Assessments: Time for a Rethink? 

Thanks to the International Compliance Association (ICA) for the opportunity to participate in today’s panel discussion. It was an engaging and timely conversation, especially as we reflected on how the evolving regulatory landscape—particularly concerning fraud—offers a valuable moment to revisit our approach to financial crime risk assessments more broadly. 

As I mentioned during the panel, the increased focus on fraud from the regulatory, as well as the introduction of new legislation, such as the “failure to prevent fraud” offence, forces organisations to think more holistically about their exposure to financial crime. But this isn’t about ticking another compliance box—it’s an opportunity to evolve and consolidate our approach across risk domains, from money laundering and terrorist financing to the latest threats involving fraud. 

Consolidating Financial Crime Risk Assessments: How Hard Can It Be? 

Let’s start with the obvious question: why wouldn’t an organisation want a consolidated view of its exposure to financial crime? 

The current reality for many firms is fragmented—separate assessments for money laundering, terrorist financing, fraud, and other risks, often managed in silos. But fundamentally, these are all branches of the same tree: economic crime. So shouldn’t we be able to use a common methodology, a shared business risk profile, to understand and mitigate them together? 

At first glance, this makes perfect sense. But in practice, consolidation isn’t straightforward. Take, for example, the “failure to prevent fraud” offence. It brings a different philosophical and practical approach to risk. Where money laundering regulations typically focus on structural risk indicators like geography, client types, or delivery channels, the fraud risk model is rooted in human behaviour—more commonly the fraud triangle: motive, opportunity, and rationalisation. 

Trying to fit these two models together is like forcing a round peg into a square hole. Yet rather than treating this as a barrier, it may be more productive to treat it as a challenge worth solving. The existence of these distinct frameworks doesn’t mean we need to maintain siloed assessments. In fact, they make the case for an iterative and integrated approach even stronger. 

A Smarter Path Forward 

At the heart of this challenge is the business risk profile. This is something every regulated entity has to develop and maintain as a starting point for the corresponding risk assessment(s) —a structured understanding of who they are, what they do, and where the vulnerabilities lie. But instead of creating a new profile or risk framework for each financial crime domain, why not create one robust, shared profile that supports nuanced views across all relevant threats?  

This doesn’t mean oversimplifying. It means recognising that while risk conclusions may vary depending on the crime being assessed, the underlying organisational context remains the same. The make up and nature of your business is a matter of fact, not opinion after all. It’s the focus and interpretation that shifts, not the foundation. 

Lessons from Fraud for Broader Risk Thinking 

One unexpected benefit of recent fraud legislation is how it prompts us to think differently about other, more established risks. 

The “failure to prevent fraud” offence—and its sibling, the failure to prevent the facilitation of tax evasion—both demand that we look beyond policies and controls and into culture, behaviour, and opportunity. These behavioural dimensions, often overlooked in more traditional money laundering risk assessments, are critical. They point to vulnerabilities that aren’t just external but internal—like the risk of employees colluding with criminals to exploit the organisation’s systems for laundering money. 

This shift in lens can offer valuable insight. For example, applying behavioural thinking to anti-money laundering (AML) risk might uncover weaknesses in employee oversight or incentive structures—areas not traditionally flagged in AML assessments, but deeply relevant. 

Final Thoughts 

The evolving regulatory focus on fraud isn’t just another compliance burden—it’s an opportunity to reassess and modernise our risk management strategies. While it may take effort to reconcile different frameworks and methodologies, the payoff is significant: a more integrated, agile, and accurate understanding of your organisation’s financial crime risk landscape. 

In a world where financial crime threats are increasingly interconnected, our risk management approaches should be too. 

 We have done so much thinking on how you can better integrate your risk assessments, as well as how you can make them fundamentally more valuable. That’s the hard bit. No one knows your business better than you – so collaborating with us is your fastest way to successful outcomes.