Systematic Integrity Risk Analysis

SIRA (Systematic Integrity Risk Analysis)

An important part of the process is to perform a comprehensive integrity risk assessment that is of value and to map all relevant risks that have to be mitigated by the organisation. Both the business and risk management teams must be involved in the process, resulting in a SIRA that will be embraced by the entire organisation.

Once finalised, this detailed  risk assessment will provide a solid foundation for the next steps required to obtain control of the money laundering, terrorist financing and sanction risks.

Risk Assessment approach

Every risk assessment starts with a scoping stage (see next topic). Once the client’s requirements and wishes have been ascertained, we map the risks. The risks that are mapped depend on the specific models and methodologies within the relevant organisation. This risk assessment is in line with regulatory requirements. Different departments and teams within the client’s organisation will be involved in this process. The next step entails the assessment of risks and scenarios and may involve expert sessions and/or tools.

The results are subsequently compared to the organisation’s risk appetite statement, which provides a clear overview of risks requiring additional mitigation measures and risks that have already been mitigated. Once finalised, an action plan outlines what has to be done to gain control of the remaining risks in relation to integrity.

Scoping of the integrity risks

The objective of Systematic Integrity Risk Assessment is to map and assess all integrity-related risks. Initially, this includes the following topics: Anti-Money Laundering (AML), Counter-Terrorism Financing (CTF), circumventing sanctions regulations, corruption (bribery), Conflict of Interest (COI), internal and external fraud, regulations in relation to the evasion or avoidance of tax, market manipulation, cybercrime and anti social behaviour.

The scope of this assessment depends on the wishes of the organisation; for example, only a particular business area, geographic area or even a wider scope, including all enterprise-wide risks.

Alignment with the regulatory requirements

Besides laws and regulations, regulators often have additional requirements, best practices or requirements in relation to monitoring, methodology or reporting. Before assessments are commenced, this approach will be aligned with these regulatory requirements.

Embedding of the SIRA

The first SIRA is essential and involves an extensive amount of work, but once finalised and approved, subsequent maintenance and the periodic review is simple – provided this is properly organised.

BlueMonks and the company’s partners have tools to simplify this process. The tools include digital assessments (such as Brown Paper sessions), maintenance of mitigating measures and controls, and the creation of effective management information at several levels.

Services we provide:

  • Systematic Integrity Risk Assessments (SIRA)

  • Alignment of SIRA with regulatory requirements

  • Improvement of ownership of risks and mitigating measures

  • Implement tools to optimise Plan-Do-Check-Act (PDCA) within SIRA

Interested? Let's set up a call or a meeting.