To Boldly Go Where Risk-Based Approaches Rarely Go

Written By Stefania Cirignano

When people talk about the risk-based approach (RBA), I often think of Star Trek. On the bridge of the Enterprise, Mr Spock represents deduction: logic, rules, and structure. Captain Kirk represents induction: instinct, bold judgement calls, trusting experience over the manual. 

Both are essential. Spock without Kirk is rigid and paralysed. Kirk without Spock is reckless. But in financial crime compliance, the problem is when we think we’re being Spock while actually acting like Kirk, calling it the “risk-based approach” when in fact it’s just gut feel dressed up as logic. 

Deduction vs Induction 

The distinction matters: 

  • Deductive reasoning (Spock) → framework → case → outcome. “Dormant companies are higher risk, therefore enhanced due diligence applies.” 

  • Inductive reasoning (Kirk) → case → judgement → justification. “This looks straightforward, therefore I’ll apply simplified due diligence.” 

Deduction delivers consistency and defensibility. Induction provides flexibility and responsiveness. But when induction masquerades as deduction, the RBA loses its discipline. That’s Kirk going with his gut, but insisting the data supports it. 

The Value of Instinct 

None of this is to dismiss instinct. Like Kirk, experienced MLROs often see things rules can’t capture: patterns, anomalies, faint signals that suggest risk. That kind of expertise is valuable, sometimes critical. 

But instinct without evidence looks arbitrary. Regulators won’t see the “captain’s intuition,” they will see a compliance team that can’t explain its decisions. The challenge is to put Kirk’s instincts into dialogue with Spock’s logic, so that both are visible and testable. 

A Case in Point 

Consider a common scenario. 

Scenario: A prospective customer applies to open a corporate account. It’s a small UK-registered trading company with two directors. The business has been dormant for several years but is now seeking banking services. 

1. Spock (Deduction) 

  • Framework flags dormant companies as higher risk. 

  • Procedure requires enhanced due diligence (EDD). 

  • Outcome: Apply EDD because the framework dictates it. Logical, consistent. 

2. Kirk (Induction) 

  • Analyst thinks: “It’s just a small UK company, directors are longstanding UK residents.” 

  • Treats it as low risk, applying simplified due diligence. 

  • Outcome: Reflects instinct, but diverges from framework. Weak audit trail. 

3. Spock + Kirk in Dialogue (Instinct + Counter-Factual) 

  • MLRO senses dormant companies can be abused as shelf vehicles. 

  • But notes this one is in a sector with minimal exposure to international flows. 

  • Decision: Proceed with standard due diligence, but record rationale: “Framework suggests EDD → instinct suggests standard → justification: domestic focus, verified directors.” 

  • Counter-factual: “Had the framework been followed strictly, EDD would have applied.” 

The issue is not which outcome is right, but that the reasoning is transparent. Both Spock’s framework and Kirk’s instinct are visible and can be challenged. 

Why This Matters 

The RBA is meant to avoid box-ticking. Done well, it allocates resources intelligently. Done badly, it becomes box-ticking of a different kind, a compliance gloss for gut feel. 

Supervisors shouldn’t expect flawless logic, but they should expect reasoning that can be explained and evidenced. “Why was this case treated as low risk?” is not a trick question. If the only answer is “because it felt that way,” the RBA has failed. 

Towards a Mature RBA 

Maturity means Spock and Kirk working together: 

  1. Clarity of Method: Be explicit about whether a decision is deductive (Spock) or inductive (Kirk). 

  2. Respect for Expertise: Value instinct, but treat it as an input, not a substitute for logic. 

  3. Counter-Factual Thinking: Always record what the framework (Spock) would have dictated, even when following instinct (Kirk). 

  4. Feedback Loops: Test whether divergences improve outcomes or introduce bias. Adjust the framework accordingly. 

Closing Reflection 

The risk-based approach should not force a choice between Spock and Kirk. It should create dialogue between them. Logic ensures consistency and defensibility. Instinct surfaces anomalies and nuance. 

The real test of maturity is whether your institution can show both: the deductive baseline and the inductive override, the framework and the counter-factual, the Spock and the Kirk. 

If you can’t, then what you’re practising isn’t a risk-based approach at all. It’s just warp speed improvisation. 

Stefania Cirignano
Next

Risk management reframed