Sometimes risk analysis can result in paralysis. Finding your risk tolerance and applying it to specific situations requires a nuanced approach.
I am always wary of anyone who tells me categorical rules – e.g. we do not do business in Russia because it is too risky. In this era of oversimplification, such statements border on intellectual dishonesty.
A careful approach to risk analysis always involves a cost benefit framework. Compliance is not a function that is dedicated to identifying risk and avoiding all potential risks. Compliance is part of an overall cost benefit risk analysis.
As a perfect example of what not to do in managing risks, many of the major banks have adopted a categorical approach to risks risk and declined to do business with money service businesses (“MSBs”). A categorical approach may seem justified based on risk tolerance but it represents a simplistic answer to an otherwise complex issue. To put it another way, it represents lazy compliance thinking.
In the last few years, banks have been accused of terminating all of MSBs as customers, claiming that the risk was too high to engage these businesses. In response, FinCEN issued an order reminding banks not to engage in de-risking by eliminating an entire category of customers.