Risk Tolerance Workshop – Defining Our Boundaries
Summary
The meeting, attended by Nicholas Cargill, Dee Coakley, and Oliver Ryan, focused on establishing internal risk tolerance frameworks for sales, geographic locations, and specific industries. Key decisions included using reputable lists for high-risk countries (with case-by-case exceptions), avoiding the military and arms industries, and conducting thorough due diligence only when red flags arise, prioritising a process-based risk assessment system before signing any agreement.
Details
Internal Risk Tolerance and Sales Improvement: Nick initiated a discussion to establish an internal risk tolerance framework, driven by ongoing projects and a need for improved sales processes. They aimed to identify "showstoppers" and unsuitable clients early on to streamline sales. The discussion would initially focus on sales-related red lines, with a deeper dive into the risk and compliance framework planned later. Geographic Risk Assessment: The team discussed which countries they would avoid working with, considering both client headquarters and operational locations. Dee Coakley suggested using published lists of high-risk countries from reputable organisations, advocating for a blanket ban on supporting clients in those jurisdictions. Oliver Ryan strongly agreed, emphasising the importance of following best practices established by experts. They also decided to apply the rule to both the HQ country and the payment country. A more nuanced approach was later suggested by Nicholas Cargill referencing the FATF list which includes countries like Cyprus that might not be high-risk. They opted for a case-by-case assessment for countries appearing on lists like the UN sanctions list, due to the infrequent occurrence of such cases. Industry-Specific Risk Assessment: The team discussed industries they would be hesitant to work with. Dee Coakley identified the military and arms industries as hardline "no-go" areas. Adult entertainment was deemed suitable for a case-by-case assessment, acknowledging the need for nuanced consideration. Gambling was similarly assessed on a case-by-case basis, with varying opinions on ethical acceptability. Poor worker treatment was identified as a significant red flag, regardless of industry. Reputational risk, including previous enforcement actions or bad press, was a key consideration, with a time bar of two to five years considered. Red Flags and Due Diligence: Several specific red flags were identified, including suspicious website design, discrepancies in provided information (names, payment sources, etc.), unusually high salaries, and questionable “vibes” from potential clients. The team agreed that proactive in-depth research wouldn't be conducted for every client unless red flags emerged, though initial checks such as a Google search were suggested. Risk Assessment and Escalation: Nick proposed a scoring system for risk assessment, taking factors like country, industry, and contract size into account. This system would determine the level of due diligence required and whether to escalate the assessment. They agreed that a risk assessment and client due diligence process should occur before signing an employment agreement. The team preferred a process-based rather than software-based solution given the low volume of clients. They also decided that leveraging existing tools and spreadsheets for basic checks is a viable approach. The discussion acknowledged the need for future considerations regarding depth of due diligence, including source of funds and wealth and assessment of the corporate group.
Risk Tolerance