Logo
Platform Guide

Risk Assessment

How to use Verifia's risk assessment engine to evaluate your money laundering and terrorism financing risk exposure.

Your ML/TF risk assessment is the foundation of your AML/CTF program. It determines your overall risk rating, shapes your compliance policies, and sets the baseline CDD level for your customers. AUSTRAC requires every reporting entity to complete a risk assessment before developing their AML/CTF program.

Starting your risk assessment

  1. Navigate to Risk Assessment from the sidebar
  2. Click Start New Assessment (or Review Assessment if updating an existing one)
  3. Verifia loads an industry-specific questionnaire tailored to your business and designated services

The four risk dimensions

Your risk assessment covers four dimensions, consistent with AUSTRAC's guidance and FATF recommendations:

1. Customer Risk

Questions cover the types of customers you serve and their ML/TF risk characteristics:

  • What proportion of your customers are individuals vs entities (companies, trusts, partnerships)?
  • Do you serve customers from FATF-identified high-risk jurisdictions?
  • What percentage of your customer relationships are non-face-to-face?
  • Do you have customers who are Politically Exposed Persons (PEPs) or their associates?
  • Do you deal with customers who have complex ownership structures?

2. Service/Product Risk

Questions cover the designated services you provide and their inherent ML/TF risk:

  • Which designated services does your business offer?
  • Do any of your services involve high-value transactions?
  • Do you facilitate international transactions or cross-border arrangements?
  • Industry-specific questions (e.g., dual-party CDD frequency for real estate, cash transaction volumes for precious metals)

3. Delivery Channel Risk

Questions cover how you deliver services and interact with customers:

  • Are services delivered primarily face-to-face or remotely?
  • Do you use third-party agents, referrers, or intermediaries?
  • Do you rely on CDD performed by other reporting entities (third-party reliance)?
  • Do customers access your services through online or digital channels?

4. Geographic Risk

Questions cover the jurisdictions relevant to your business:

  • Do you deal with customers from FATF grey or black list countries?
  • Do you deal with jurisdictions known for corruption, weak governance, or inadequate AML controls?
  • What proportion of your business involves international elements?
  • Do you have any exposure to jurisdictions identified as tax havens or secrecy jurisdictions?

Understanding your results

After completing the questionnaire, Verifia calculates your risk scores and presents:

  • Overall risk rating — High, Medium, or Low
  • Dimension-level scores — individual ratings for each of the four risk dimensions
  • Risk heatmap — visual representation of your risk exposure across dimensions
  • Key risk drivers — the specific factors contributing most to your overall rating, helping you understand where your greatest vulnerabilities lie

Risk rating implications

Overall RatingDefault CDD LevelProgram ControlsAssessment Review Frequency
LowSimplified CDD for most customersStandard controls proportionate to riskAt least every 3 years
MediumStandard CDD for most customersEnhanced controls in key risk areasAt least every 2 years
HighStandard or Enhanced CDD as defaultComprehensive controls across all areasAt least annually

Your overall rating is a starting point — individual customers may still require a higher CDD tier based on their specific risk profile, regardless of your overall business risk rating.

Multi-service risk assessments

Legal Profession only: If your practice provides both conveyancing services and other professional services (trust/company services), Verifia creates two separate risk assessments — one for each service category. This follows AUSTRAC's approach for practices with materially different service risk profiles.

Each assessment has its own tailored questionnaire, and your AML/CTF program addresses both risk profiles.

Downloading your report

Click Download PDF to generate a formatted risk assessment report. This document forms part of your AML/CTF program documentation and is automatically archived in the Compliance Vault with version tracking.

Reviewing and updating

Your risk assessment is not a one-off exercise. It should be reviewed:

  • At regular intervals — at least annually for high-risk businesses, every 2–3 years for medium/low risk
  • When you start offering new designated services or discontinue existing ones
  • When your customer base changes significantly — new customer types, new industries served
  • When you begin dealing with new jurisdictions — especially FATF-identified high-risk countries
  • When AUSTRAC issues new guidance or ML/TF typologies relevant to your industry
  • After a compliance incident — a near-miss, an SMR filed, or an adverse finding from a review

Verifia tracks your assessment version history, compares changes between versions, and prompts you when a review is due based on your risk profile and any detected trigger events.

Onboarding

Step-by-step guide to registering your organisation, selecting your industry, and completing initial setup on Verifia.

KYC Workbench

How to use Verifia's KYC Workbench to onboard customers, verify identities, and manage ongoing due diligence.

On this page

Starting your risk assessment
The four risk dimensions
1. Customer Risk
2. Service/Product Risk
3. Delivery Channel Risk
4. Geographic Risk
Understanding your results
Risk rating implications
Multi-service risk assessments
Downloading your report
Reviewing and updating
Risk Assessment