Regulators do not expect organisations to not take risks or to avoid high risks. But they expect them to have a robust risk assessment and apply a risk-based approach. Furthermore, they expect professionals and their organisations to have a well-documented risk appetite and a zero-risk tolerance for financial crime-related risks.
For more information, visit website.