We have discussed what is a coverage assessment before, in this article we highlight the major steps of doing coverage assessments and key considerations. You can request a free template and populate the red flags and risk mappings on your own or let us help you.
Steps:
1. Red flags: populate red flags from primary regulatory sources. You must remove duplicates as many regulatory guidance documents have the same or similar red flags.
2. Products and services: populate your LOBs (line of business), products, and services. Obtain key documents that describe how products and services work.
3. Controls:
4. Mappings: start to map red flags to products and services (M1), then map red flags to controls (M2). A four-eye check is recommended in this step. Resource permitted, an automatic mapping approach can be implemented through NLP (natural language processing) or simple token-based algorithms. Contact us to discuss this in more detail.
5. Assessment: this is the most important step. Once mappings are done, M1 represent inherent risk exposure whereas M2 represent coverage. Governance and communication are key here, stakeholders and SMEs (subject matter experts) must be involved to sign off on risk exposures mappings and coverage mappings. Gaps can be accepted within risk tolerance as specified in AML policies or an action plan in the form of a roadmap or equivalent must be put in place.
6. regular updates and refresh: coverage assessments must be updated regularly and refreshed when new products or services are added. Availabilities of more or updated external red-flag sources should also trigger a coverage assessment refresh.
Major red-flag sources: