The systems and controls that firms should put in place to identify emerging risks should include:

a) Processes to ensure that internal information, such as information obtained as part of a firm’s ongoing monitoring of business relationships, is reviewed regularly to identify trends and emerging issues in relation to both, individual business relationships and the firm’s business.

b) Processes to ensure that the firm regularly reviews relevant information sources, including those specified in guidelines 1.28 to 1.30, and in particular:

i. In respect of individual risk assessments,

a. terror alerts and financial sanctions regimes, or changes thereto, as soon as they are issued or communicated and ensure that these are acted upon as necessary; and

b. media reports that are relevant to the sectors or jurisdictions in which the firm is active.

ii. In respect of business-wide risk assessments,

a. law enforcement alerts and reports;

b. thematic reviews and similar publications issued by competent authorities; and

c. Processes to capture and review information on risks, in particular risks relating to new categories of customers, countries or geographical areas, new products, new services, new distribution channels and new compliance systems and controls.