Conduct a formal risk assessment at least once per year. Also conduct one within 30 days whenever a material change occurs. Three events qualify as material changes: an ownership change at or above 25%, a significant shift in the customer population, or a Geographic Targeting Order affecting Rapido Facil Exchange Co.'s market area.
\nFollow these five steps for every assessment:
\nEvaluate five risk dimensions. Each dimension gets an inherent risk rating and a residual risk rating.
\nProducts and services. Rapido Facil Exchange Co. provides check cashing exclusively. Check cashing carries elevated placement-stage risk.
\nCustomers. The customer base is walk-in retail with no account relationship. Flag customers with no fixed address, frequent large transactions approaching the CTR threshold, or third-party check presenters. EDD triggers are calibrated to these indicators.
\nGeography. Rapido Facil Exchange Co. operates in a HIDTA and HIFCA zone. Evaluate the location against current Geographic Targeting Orders. A new or modified GTO is an automatic reassessment trigger.
\nTransaction volume and channels. Review volume trends quarterly. A sustained shift of 20% or more in volume, product mix, or customer segment triggers an out-of-cycle assessment.
\nRegulatory environment. Evaluate regulatory changes at each assessment cycle.
\nMap each dimension to its mitigating controls. Controls include CIP procedures, OFAC screening, monitoring thresholds, SAR and CTR filing, EDD protocols, and staff training. Rate each control as strong, adequate, or needs improvement. Any dimension rated residual-high requires a documented remediation commitment with a target completion date.
\nBefore launching any new product, service, delivery channel, or location, conduct a pre-launch risk assessment using the same five-step process.
\nReview all monitoring thresholds at each annual assessment. Thresholds include transaction volume alerts, structuring indicators, and EDD triggers. Document and approve all threshold changes before they take effect.
\nTest key controls at least once per year. Testing includes transaction sample review, alert disposition audits, and training completion verification. Incorporate results into control effectiveness ratings for the next cycle.
\nDocument each completed assessment in a written report covering methodology, data sources, risk ratings by dimension, control effectiveness ratings, residual risk conclusions, and recommended adjustments. Present the report to the owner/principal for approval before updating the program. Retain completed assessments for a minimum of five years.
", "narration_text": "Conduct a formal risk assessment at least once per year. Also conduct one within 30 days whenever a material change occurs. Three events qualify as material changes: an ownership change at or above 25%, a significant shift in the customer population, or a Geographic Targeting Order affecting Rapido Facil Exchange Co.'s market area.\r\n\r\nFollow these five steps for every assessment:\r\n\r\nDefine scope. Identify all products, services, customer types, geographic locations, and delivery channels.\r\nAssess inherent risk. Rate each dimension before controls using transaction volume data, customer risk indicators, and jurisdictional exposure.\r\nEvaluate controls. Determine whether existing policies, procedures, and automated controls adequately mitigate each identified risk.\r\nCalculate residual risk. Identify risk remaining after controls. Flag any dimension where residual risk exceeds acceptable levels.\r\nDocument and recommend. Record findings, data sources, and proposed control adjustments. Present to the owner/principal for approval.\r\n\r\nEvaluate five risk dimensions. Each dimension gets an inherent risk rating and a residual risk rating.\r\n\r\nProducts and services. Rapido Facil Exchange Co. provides check cashing exclusively. Check cashing carries elevated placement-stage risk.\r\n\r\nCustomers. The customer base is walk-in retail with no account relationship. Flag customers with no fixed address, frequent large transactions approaching the CTR threshold, or third-party check presenters. EDD triggers are calibrated to these indicators.\r\n\r\nGeography. Rapido Facil Exchange Co. operates in a HIDTA and HIFCA zone. Evaluate the location against current Geographic Targeting Orders. A new or modified GTO is an automatic reassessment trigger.\r\n\r\nTransaction volume and channels. Review volume trends quarterly. A sustained shift of 20% or more in volume, product mix, or customer segment triggers an out-of-cycle assessment.\r\n\r\nRegulatory environment. Evaluate regulatory changes at each assessment cycle.\r\n\r\nMap each dimension to its mitigating controls. Controls include CIP procedures, OFAC screening, monitoring thresholds, SAR and CTR filing, EDD protocols, and staff training. Rate each control as strong, adequate, or needs improvement. Any dimension rated residual-high requires a documented remediation commitment with a target completion date.\r\n\r\nBefore launching any new product, service, delivery channel, or location, conduct a pre-launch risk assessment using the same five-step process.\r\n\r\nReview all monitoring thresholds at each annual assessment. Thresholds include transaction volume alerts, structuring indicators, and EDD triggers. Document and approve all threshold changes before they take effect.\r\n\r\nTest key controls at least once per year. Testing includes transaction sample review, alert disposition audits, and training completion verification. Incorporate results into control effectiveness ratings for the next cycle.\r\n\r\nDocument each completed assessment in a written report covering methodology, data sources, risk ratings by dimension, control effectiveness ratings, residual risk conclusions, and recommended adjustments. Present the report to the owner/principal for approval before updating the program. Retain completed assessments for a minimum of five years." }