Risk Management for Businesses by Dr Giulia Dondoli

Reporting entities in New Zealand must assess their money laundering risks, which means that they need to understand how their services can be exploited by money launderers, in the absence of any mitigation strategies. These risks are affected by several factors: the size and complexity of the reporting entity (big and complex organisations may have limited visibility on clients and transactions), the services offered (some services are more prone to favour anonymity than others), jurisdictional exposure, and so on. As an anti-money laundering consultant, I help my clients in assessing their money laundering risks and in developing adequate policies and procedures to mitigate such risks.

However, risk management principles apply to all aspects of business, and, whether consciously or unconsciously, we may often think about what we do in terms of risks. This post discusses how we can conceptualise risk and make informed decisions on risk management.

What is risk?

Risk is defined as the relationship between likelihood and impact. Likelihood is the possibility of a potential risk occurring. Impact is the expected harm or adverse effect due to exposure to such risk. With a simple likelihood-to-impact matrix, we can calculate a risk score by adding the value assigned to likelihood (from 1 to 3) to the value assigned to impact (also from 1 to 3).

For instance, the likelihood of spilling a drink in the kitchen can be rated as ‘Possible’, which we assigned a numerical value of 2. Meanwhile, the impact can be considered ‘Minimal’ since it only takes a few minutes to clean up, corresponding to a numerical value of 1. This results in a total risk score of 3, making drinking coffee a low-risk activity.

In our day-to-day lives, we may not need to use a risk matrix to assess risks. However, deconstructing risk between likelihood and impact can be a useful way to conceptualise risks when we need to make important decisions, like making an investment for our business, launching a new product or taking up a loan.

Once we have assessed risks, the next step is managing them.

Risk Management

We can use four key risk management strategies:

  • Avoid – The best way to manage any risk is to avoid it. I consider skydiving an extremely high-risk activity, and I chose to avoid it. However, this is not always possible or advisable.
  • Reduce – Our next best option is to reduce risk, by modifying our behaviour. I wear a seat belt while travelling in a car.
  • Transfer – We can also transfer our risk to a different entity. I am concerned for my family in the case of an illness; therefore, I take a life insurance policy to transfer some of my risks.
  • Tolerate – If we are not able (or willing) to do any of the above, the last remaining strategy is tolerating the risk.

These strategies do not exist in isolation, and they can be applied in combination with one another.

For more information on how Giulia supports her clients with anti-money laundering compliance, you can reach her at:

M: 021 0859 0042

E: giulia@total-aml.com