Understanding Risk Mitigation
Inherent Risk: This is the initial risk level identified before any action is taken. Your organisation has pre-defined these levels based on your risk appetite and regulatory requirements.
Residual Risk: This is your target risk level after completing the mitigation process. The goal of mitigation is to reduce the inherent risk to this acceptable residual risk level.
Mitigant Templates: These provide the step-by-step instructions your organisation has established for addressing specific risks. Each rule in your system has at least one associated mitigant template to guide you through the process.
The Mitigation Process
Step 1: Review the Triggered Rule
When a customer assessment identifies a risk, you'll see which rule has been triggered. Review the rule details to understand:
The nature of the risk identified
The inherent risk level
The target residual risk level
Which mitigant template(s) are available to address this risk
See Rule Details:
Rule Details Page:
Step 2: Select the Appropriate Mitigant Template
If multiple mitigant templates are available for a rule, select the one most appropriate for the specific circumstances. Each template will display:
Title: The name of the mitigation approach
Description: Detailed instructions on the process to follow
Step 3: Follow the Mitigation Instructions
Carefully follow the step-by-step instructions provided in the mitigant template description. This may include actions such as:
Obtaining additional identification documents
Conducting enhanced due diligence checks
Verifying source of funds or wealth
Obtaining senior management approval
Conducting adverse media searches
Requesting clarification from the customer
Reviewing beneficial ownership structures
Complete all required steps before proceeding to document your actions.
Step 4: Document Your Mitigation Actions
Once you've completed the mitigation process, you must record your actions in the platform's documentation field. This is a critical compliance requirement that creates an audit trail of your risk management activities.
Your documentation should include:
Date of mitigation: When the actions were completed
Actions taken: A clear description of what steps were followed
Evidence reviewed: What documents or information were examined
Findings: What you discovered through the mitigation process
Outcome: The conclusion reached and whether the residual risk level has been achieved
Approvals obtained: If required, note who approved the outcome
Example Documentation Entry:
"Actions Taken: Conducted enhanced due diligence on investor John Smith following PEP match. Obtained certified copies of passport and proof of address. Verified source of wealth through statutory declarations and supporting bank statements covering 12-month period. Conducted adverse media search through [platform name] - no adverse findings.
Evidence Reviewed: Certified passport copy, utility bill dated 15/11/2025, statutory declaration re: source of wealth dated 20/11/2025, bank statements January-November 2025.
Findings: Customer confirmed as former local government councillor (ceased role in 2023). No ongoing political connections. Source of wealth verified as legitimate business sale proceeds. No adverse media or sanctions matches.
Outcome: Enhanced due diligence completed satisfactorily. Residual risk assessed as Low. Approved for onboarding.
Approved by: Sarah Johnson, Compliance Manager, 27/11/2025"
Step 5: Save and Complete the Mitigation
After documenting your actions, save the mitigation record in the platform. This will update the customer's risk assessment and allow the onboarding process to proceed (if the residual risk is acceptable) or trigger additional reviews (if further action is required).
Best Practices for Documentation
Be Specific: Avoid vague statements like "checks completed." Instead, detail exactly what was checked and what was found.
Be Timely: Document your mitigation actions as soon as they're completed while details are fresh.
Be Thorough: Include sufficient detail that another team member or auditor could understand exactly what was done and why.
Be Objective: Record facts and evidence rather than opinions or assumptions.
Reference Evidence: Note where supporting documents are stored (document IDs, file locations, etc.).
Include Dates: Always date your entries and note when evidence was dated or obtained.
Quality Control and Review
Depending on your organisation's policies:
Certain high-risk mitigations may require senior management or compliance team review before completion
Regular audits of mitigation documentation may be conducted
Incomplete or inadequate documentation may result in the mitigation being rejected and requiring rework
Ensure your documentation meets your organisation's standards and regulatory requirements.
Re-running Assessments
If circumstances change or new information comes to light, assessments can be re-run against your rule set. This may trigger additional mitigation requirements. Previous mitigation records remain in the system as part of the customer's history.
Support and Questions
If you're unsure about:
Which mitigant template to apply
Whether your mitigation actions are sufficient
How to document complex scenarios
Whether senior approval is required
Contact your compliance team or internal risk management function before proceeding. For technical platform questions, contact VerifiMe support.