Risk assessment meaning

This timeline charts activity from 1 January 2024 onwards concerning the EU-facing legal and supervisory frameworks for anti-money laundering (AML), counter-terrorist financing (CTF) and counter‑proliferation financing (CPF) within the financial services sector. It traces both milestones and roll-out of the European AML, CTF and CPF rulebook. It also tracks cross-border initiatives in AML/CTF/CPF from the Financial Action Task Force (FATF), Basel Committee on Banking Supervision (BCBS), International Association of Insurance Supervisors (IAIS), IOSCO, the Egmont Group of Financial Intelligence Units (FIUs) and the Wolfsberg Group. For added detail on the EU AML/CTF regime, consult the Financial crime and sanctions (EU Law)—overview, including Practice Notes on AMLA—direct oversight of qualifying financial services firms, the EU Sixth Money Laundering Directive (MLD6) and the EU Recast Second Wire Transfer Regulation (Recast WTR2) on cryptoasset transfers... 2026 16 March 2026 — AMLA — AMLA starts a data collection exercise to test risk assessment models. AMLA has issued the reporting package for this data collection and testing exercise...

Anti-bribery and corruption Checklist This anti-bribery and corruption Checklist helps you assess whether your systems meet the Bribery Act 2010 (BA 2010) and the government’s guidance on bribery and corruption. Read it together with these subtopics: Anti-bribery and corruption—regulatory regime Anti-bribery and corruption—Identifying & assessing risks Anti-bribery and corruption—policy and procedures, or for law firms, Anti-bribery and corruption—policy and procedures—law firms Anti-bribery and corruption—gifts and hospitality Anti-bribery and corruption—agents and intermediaries Anti-bribery and corruption—joint ventures and acquisitions Anti-bribery and corruption—charitable and political donations Anti-bribery and corruption—staff training & awareness, or for law firms, Anti-bribery and corruption—staff training and awareness—law firms Anti-bribery and corruption—monitoring and review This Checklist signposts relevant Precedents you can use or tailor to satisfy these requirements and recommendations. It includes a box to indicate whether each item has been completed and a section to add comments or record action points...

This Checklist outlines pragmatic measures for senior managers falling under the FCA and PRA’s Senior Managers and Certification Regime (SM&CR), supporting them in meeting their individual regulatory duties and, in turn, mitigating the prospect of enforcement action. What do senior managers need to do initially when commencing their role? Upon starting a new position in a financial institution, senior managers ought to complete a recorded, early review of the risk management framework relevant to their business area, within the first two to three months. For the avoidance of doubt, regardless of the scale of the firm’s compliance or risk function, accountability for regulatory compliance—including the design and performance of the risk management framework—also rests with the senior manager accountable for that part of the business. That review should include setting up meetings with those in the business who best understand how the area was run before the senior manager arrived (ideally including the predecessor), as well as with Compliance, Risk Management, Internal Audit and HR. These steps support...

These Flowcharts These Flowcharts offer direction on the proper method for completing the parts of a stock transfer form that address consideration, stamp duty certification, and execution. They are included within an annotated stock transfer form, which clearly sets out instructions explaining how its sections should be properly filled in...

Flowchart This Flowchart outlines the key questions for deciding international jurisdiction in employment matters—namely, the appropriate forum for bringing proceedings and identifying the court and/or tribunal competent to hear the claim—applicable to proceedings commenced on or after 1 January 2021. For additional guidance on jurisdiction in employment disputes from 1 January 2021 onwards, consult Practice Note: International jurisdiction—the Civil Jurisdiction and Judgments Act 1982 in employment cases as set out therein...

This Flowchart This Flowchart helps determine the appropriate rate of stamp duty land tax (SDLT) for the transaction in question. Different SDLT rates may apply to purchases depending on the property type (residential, non-residential (commercial property), or mixed-use property). Use this Flowchart in conjunction with Practice Note: Rates of SDLT. This Flowchart proceeds on the basis that: the buyer is acquiring a single property and the purchase is not linked with any other transaction. For further detail on linked transactions, see Practice Note: SDLT chargeable consideration—Linked transactions no relief from SDLT applies to the transaction...

In this issue: Air emissions and climate change Energy efficiency of products Energy for environmental lawyers ESG and sustainability Hazardous substances and chemicals Marine Nature, biodiversity and habitat conservation Waste Daily and weekly news alerts New and updated content Air emissions and climate change Defra opens consultation on industrial emissions permitting reforms The Department for Environment, Food and Rural Affairs (Defra) has begun consulting on plans to modernise England’s environmental permitting regime for industrial emissions. The package aims to foster innovation, adopt agile standards, secure proportionate and coherent regulation, boost regulator effectiveness and efficiency, and deliver a transparent system. Suggested measures include a new registration route for low-risk installations, flexible site permits setting overall emissions caps, and faster approvals for time‑limited technology trials. The proposals reflect the Corry Review’s critique of regulatory inefficiency. The Environment Agency intends to roll out changes that could cut permit queues from months to days and lower...

On 6 March 2025, the European Banking Authority (EBA) published a consultation paper setting out draft Regulatory Technical Standards (RTS). These draft RTS were issued following the European Commission’s (Commission) Call for Advice. They constitute a component of the European Union’s (EU) Anti-Money Laundering and Countering the Financing of Terrorism (AML/CTF) package, which was published in the Official Journal of the European Union on 19 June 2024...

In this issue: Investigating criminal conduct Criminal procedure and evidence Sentencing Bribery, corruption, sanctions and export controls Consumer protection and cartels Environmental offences Financial services and pensions offences Fraud, forgery, tax and theft offences Health and safety and corporate manslaughter offences Local authority prosecutions Money laundering International Daily and weekly news alerts New and updated content Dates for your diary Trackers Useful information Investigating criminal conduct Refusal to repurpose evidence in civil proceedings for criminal charging decision (WFZ v British Broadcasting Corp) The High Court has recently clarified the circumstances in which a party will be permitted to rely on witness statements outside the proceedings in which they were first served. In ongoing injunction proceedings aimed at stopping publication of a BBC investigative report into sexual abuse allegations, the court determined that the accused could not use sensitive excerpts from that report in representations to the...

Data security sits at the heart of the EU General Data Protection Regulation (EU GDPR). The sixth data protection principle—integrity and confidentiality—requires you to adopt suitable technical and organisational measures so that personal data is processed with appropriate security, including: protection against unauthorised or unlawful processing accidental loss, destruction, or damage This Practice Note reflects Data Protection Commission (DPC) guidance on personal data breaches under the EU GDPR, and also draws on guidance from the European Data Protection Board (EDPB). Data security requirements Article 32 puts practical detail behind the GDPR’s integrity and confidentiality principle. You must implement appropriate technical and organisational measures to achieve a level of security proportionate to the risk, taking into account: the nature, scope, context, and purpose of processing the risk of varying likelihood and severity for the rights and freedoms of data subjects Where appropriate, your security measures should include: the pseudonymisation and encryption of...

This Practice Note offers practical guidance on sanitary and phytosanitary (SPS) measures within the Australia and United Kingdom Free Trade Agreement (Aus-UK FTA). Introduction The Aus-UK FTA spans trade in goods and services, along with a range of matters linked to those areas. In respect of trade in goods, it covers: rules of origin. For guidance on rules of origin under the Aus-UK FTA, see Practice Note: Rules of origin of the Aus-UK FTA. For guidance on claiming origin under the Aus-UK FTA, see Practice Note: How to claim preference under the Aus-UK FTA customs procedure and trade facilitation technical barriers to trade, and trade remedies Chapter 6 of the Aus-UK FTA addresses SPS measures. Chapter 6 aims to: protect human, animal and plant life and health within the parties’ territories while enabling trade between them ensure the parties’ SPS measures do not create unjustified barriers to trade reinforce and build upon implementation of...

This Practice Note sets out your responsibilities for enhanced due diligence (EDD) and how to apply them in everyday professional practice. It aligns with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017), SI 2017/692, as amended. The guidance provided is of general application. You should determine whether the MLR 2017 impose additional or varied requirements for your sector, and whether your regulatory body sets any extra, sector-specific obligations relating to EDD...

1 General information Report date: [ Enter date ] Previous report date: [ Enter date ] Report submitted by: [ Enter name ] 2 Action points arising from last report Action item: [ Enter action point ], Responsible person: [ Identify person responsible for this action point ], Status: [ Enter status ] Action item: [ Enter action point ], Responsible person: [ Identify person responsible for this action point ], Status: [ Enter status ] Action item: [ Enter action point ], Responsible person: [ Identify person responsible for this action point ], Status: [ Enter status ] Action item: [ Enter action point ], Responsible person: [ Identify person responsible for this action point ], Status: [ Enter status ] 3 Executive summary This report covers the following items: 3.1 overview of business operations; 3.2 account of the operation of competition law compliance systems and controls;...

Precedent ICT (information and communication technology) risk assessment and risk management plan This Precedent ICT (information and communication technology) risk assessment and risk management plan lets you record risks linked to any proposed ICT development and explain how those risks will be handled. It is pre-populated with examples, which you can easily delete if needed...

1 Management commitment Person accountable for the Product Safety Incident Plan (PSIP) [ Insert name and contact details of senior person in the organisation responsible for leading, developing and periodically reviewing the policy, and reporting on its operation to the Board ] Plan Review Date [ Insert date of next plan review ] 1.1 [ Insert organisation name ] aims to ensure every product it [ produces AND/OR distributes ] is safe, of high quality and meets all applicable legislation and standards. [ Insert organisation name ] evaluates those products and acts to remove, or, where that is not achievable, to reduce, any identified safety risks. 1.2 [ Insert organisation name ] achieves this through quality assurance, ongoing product monitoring [ , review of customer complaints and product returns, ] and risk assessment, in accordance with the relevant section of the PSIP. 1.3 The PSIP has been shaped with contributions from across the business, including [ eg design, production, quality assurance, customer services,...