UAE Risk Management - Waystone

      UAE Risk Management

      Regulators expect all regulated organisations to have an enterprise-wide risk management process appropriate to the nature of the business undertaken.

      Whatever the level of risk that your business is exposed to, you must ensure you have in place a risk management framework that covers the following areas:

      • ‘the tone from the top’, for example, the active involvement of the board in the risk management process, including setting the risk appetite of your organisation
      • an appropriate risk management infrastructure, reflecting clarity of responsibility and accountability, together with independent oversight of the risk management framework, all of which should be supported by documented procedures
      • identification of all risks relevant to your organisation
      • assessment of the potential impact of each identified risk and an estimate of the likelihood of occurrence of such risk
      • controls to manage or mitigate those risks
      • testing of controls to ensure they are operating effectively, and remediating or enhancing the control environment when deficiencies are identified
      • reporting to senior management and the board.

      Our risk team can also assist with managing your:

      Cybercrime riskAtoms / Icons / plusExpand
      Cybercrime is an increasing threat to financial firms and their customers. The National Crime Agency of the UK estimates that cybercrime has now surpassed all other forms of crime experienced in the country.  The Office of National Statistics reported that there were 2.46 million cybercrime incidents and 2.11 million victims of cybercrime in the UK in 2015.

      Cybercrime risk can be broken down into three types:  fraud and theft; system destruction or corruption; loss or misuse of sensitive data.

      An enterprise-wide response is required which must be driven by your senior management. It should be a key part of your firm’s enterprise risk framework, and you should apply the same principles to cybercrime risk as you would to credit risk or market risk, including:

      • a documented policy
      • identification of material risks
      • assessment of inherent risk being the impact times the probability of occurrence
      • identification of key controls to mitigate the impact and probability of the risk
      • calculation of residual risk
      • assessment of residual risk compared with risk appetite set by the board.
      Cyber-attacks on a financial institution is a financial crime, and therefore consideration needs to be taken by the MLRO as to whether such events are reportable under the country’s suspicious activity reporting mechanisms.

      Assisting with the assessment of cybercrime risk your firm is exposed to:

      Knowledge and awareness are key when combatting cybercrime. Waystone can arrange training for your staff and presentations for your senior management team to raise awareness of the types of cyber-attacks employed by criminals and highlight the potential vulnerabilities your organisation may be facing. We can also review your control environment and procedures and identify any areas that may require improvement or enhancement.

      Read more
      Preparation of a risk inventoryAtoms / Icons / plusExpand
      A key part of the risk identification process is the preparation of a firm-wide risk register or risk inventory. Once your board has determined the correct risk appetite, the risk register is a key building block to ensure that you operate in line with that risk appetite.

      The risk register sets out in writing all the risks to which you may be exposed. It should cover all parts of your business and you may require different risk registers to address each part of your business.

      Having identified the potential risks, you should carry out the following:

      • assess the inherent risk of loss – the more complex your business model, the more sophisticated the methodology you will need to use
      • identify the controls you have in place – controls should be capable of being audited and should be periodically tested to ensure that they are reliable as a risk mitigating measure
      • assess the residual risk – the risk that remains should the controls be operating effectively
      • determine whether the aggregate firm-wide risk is in line with the risk appetite set by the board
      • prepare an ICAAP report – if applicable, an assessment as to whether your firm has sufficient capital in place to enable it to withstand risk events.

      Waystone has extensive experience in helping firms with preparing a risk register whether as part of a simple risk management framework or as a part of a larger ICAAP report.

      Read more

      The nature of assistance can be tailored to your specific needs and can include:

      Get in touch

      Call us

      Select phone
      • Cayman Islands
      • Chicago
      • Hong Kong
      • Ireland
      • London
      • Luxembourg
      • New York
      • San Francisco
      • Singapore
      • Switzerland
      • United Arab Emirates (Dubai)
      • United Arab Emirates (Abu Dhabi)