Lysis’s consultants bring a wealth of experience across sectors and jurisdictions. We have delivered risk assessments for firms at various stages of maturity—from startups seeking their first license to established institutions undergoing strategic transformation. Our work is characterized by a collaborative approach, clear communication, and a focus on delivering actionable insights.
Our EWRA and BWRA services are designed to provide not just compliance, but clarity—helping firms understand their risk exposure, strengthen their control environment, and make informed strategic decisions.
EWRA/BWRA Methodology
Our EWRA and BWRA services begin with the design and delivery of bespoke risk assessment methodologies. These frameworks are built to reflect the client’s risk appetite, regulatory obligations, and operational realities. We develop structured templates that assess risk across multiple dimensions—customer types, products and services, delivery channels, geographies, and regulatory exposure. Each template is designed to be data-driven, enabling clients to quantify risk using both qualitative insights and hard metrics. We ensure that all relevant regulatory requirements are considered.
We support clients through every phase of the assessment lifecycle. This includes discovery workshops to define risk categories and scoring logic, drafting of tailored templates, and optional review sessions to validate outputs. Our consultants ensure that the assessments are not only compliant with regulatory expectations but also practical for internal stakeholders to use and maintain.
A key strength of our service is the integration of external guidance and best practices. We incorporate insights from global regulatory bodies and industry groups to ensure that our clients’ assessments are forward-looking and defensible. Our frameworks are designed to evolve with changes in the control environment, business model, and regulatory landscape.
EWRA/BWRA Execution
In addition to methodology development, Lysis provides hands-on support for assessment execution. This includes:
• Workshops and guidance (including industry best practice) to identify inherent risks
• Facilitating risk scoring sessions
• Reviewing control effectiveness
• Identifying residual risks
• Assisting in the documentation of governance structures, escalation protocols, and reporting lines
• Ensuring that the EWRA or BWRA is embedded within the broader compliance and risk management framework
Post-EWRA/BWRA
Our services extend to remediation and uplift projects, where we help clients enhance controls and remediate existing risk assessments to meet new regulatory standards or address audit findings.
We also support firms undergoing regulatory registration or licensing, providing the necessary risk frameworks and documentation to satisfy supervisory expectations, including EWRA/BWRA
Lysis’s consultants bring a wealth of experience across sectors and jurisdictions. We have delivered risk assessments for firms at various stages of maturity—from startups seeking their first license to established institutions undergoing strategic transformation. Our work is characterized by a collaborative approach, clear communication, and a focus on delivering actionable insights.
Our EWRA and BWRA services are designed to provide not just compliance, but clarity—helping firms understand their risk exposure, strengthen their control environment, and make informed strategic decisions.
EWRA/BWRA Methodology
Our EWRA and BWRA services begin with the design and delivery of bespoke risk assessment methodologies. These frameworks are built to reflect the client’s risk appetite, regulatory obligations, and operational realities. We develop structured templates that assess risk across multiple dimensions—customer types, products and services, delivery channels, geographies, and regulatory exposure. Each template is designed to be data-driven, enabling clients to quantify risk using both qualitative insights and hard metrics. We ensure that all relevant regulatory requirements are considered.
We support clients through every phase of the assessment lifecycle. This includes discovery workshops to define risk categories and scoring logic, drafting of tailored templates, and optional review sessions to validate outputs. Our consultants ensure that the assessments are not only compliant with regulatory expectations but also practical for internal stakeholders to use and maintain.
A key strength of our service is the integration of external guidance and best practices. We incorporate insights from global regulatory bodies and industry groups to ensure that our clients’ assessments are forward-looking and defensible. Our frameworks are designed to evolve with changes in the control environment, business model, and regulatory landscape.
EWRA/BWRA Execution
In addition to methodology development, Lysis provides hands-on support for assessment execution. This includes:
• Workshops and guidance (including industry best practice) to identify inherent risks
• Facilitating risk scoring sessions
• Reviewing control effectiveness
• Identifying residual risks
• Assisting in the documentation of governance structures, escalation protocols, and reporting lines
• Ensuring that the EWRA or BWRA is embedded within the broader compliance and risk management framework
Post-EWRA/BWRA
Our services extend to remediation and uplift projects, where we help clients enhance controls and remediate existing risk assessments to meet new regulatory standards or address audit findings.
We also support firms undergoing regulatory registration or licensing, providing the necessary risk frameworks and documentation to satisfy supervisory expectations, including EWRA/BWRA
Lysis’s consultants bring a wealth of experience across sectors and jurisdictions. We have delivered risk assessments for firms at various stages of maturity—from startups seeking their first license to established institutions undergoing strategic transformation. Our work is characterized by a collaborative approach, clear communication, and a focus on delivering actionable insights.
Our EWRA and BWRA services are designed to provide not just compliance, but clarity—helping firms understand their risk exposure, strengthen their control environment, and make informed strategic decisions.
EWRA/BWRA Methodology
Our EWRA and BWRA services begin with the design and delivery of bespoke risk assessment methodologies. These frameworks are built to reflect the client’s risk appetite, regulatory obligations, and operational realities. We develop structured templates that assess risk across multiple dimensions—customer types, products and services, delivery channels, geographies, and regulatory exposure. Each template is designed to be data-driven, enabling clients to quantify risk using both qualitative insights and hard metrics. We ensure that all relevant regulatory requirements are considered.
We support clients through every phase of the assessment lifecycle. This includes discovery workshops to define risk categories and scoring logic, drafting of tailored templates, and optional review sessions to validate outputs. Our consultants ensure that the assessments are not only compliant with regulatory expectations but also practical for internal stakeholders to use and maintain.
A key strength of our service is the integration of external guidance and best practices. We incorporate insights from global regulatory bodies and industry groups to ensure that our clients’ assessments are forward-looking and defensible. Our frameworks are designed to evolve with changes in the control environment, business model, and regulatory landscape.
EWRA/BWRA Execution
In addition to methodology development, Lysis provides hands-on support for assessment execution. This includes:
• Workshops and guidance (including industry best practice) to identify inherent risks
• Facilitating risk scoring sessions
• Reviewing control effectiveness
• Identifying residual risks
• Assisting in the documentation of governance structures, escalation protocols, and reporting lines
• Ensuring that the EWRA or BWRA is embedded within the broader compliance and risk management framework
Post-EWRA/BWRA
Our services extend to remediation and uplift projects, where we help clients enhance controls and remediate existing risk assessments to meet new regulatory standards or address audit findings.
We also support firms undergoing regulatory registration or licensing, providing the necessary risk frameworks and documentation to satisfy supervisory expectations, including EWRA/BWRA
The difference between the two
A health check refers to a high-level review of the design of a framework and can identify major problem areas in a framework. A maturity assessment is more advanced and provides a detailed review of a firm’s framework which includes the testing of the effectiveness of the framework itself.
Health Check
Maturity Assessment
Review of policies relating to relevant regulations
Review of policies relating to relevant regulations
High Level mapping of policy to regulatory obligations
Detailed mapping of policy to regulatory obligations
Review all procedures relating to operational controls and map these back to the policies
Review all procedures relating to operational controls and map these back to the policies
High Level review of the regulatory framework covering relevant systems, processes and ensuring that governance is in place in order to meet current regulatory requirements
High Level review of the regulatory framework covering relevant systems, processes and ensuring that governance is in place in order to meet current regulatory requirements
High level review of all procedures and documents describing controls and processes (excludes control testing)
Review of all procedures, controls and processes including detailed controls testing.
Carrying out a sample review of the operational outputs (files, reports etc.) in line with current policy and procedures
Reviewing any risk methodologies applied in relation to the specific regulations
Reviewing and testing any monitoring programme - this will include system profiling and reviewing parameters, as well as sample checking the outcome.
Reviewing the firm’s reporting (regulatory reporting, SARs, STORs etc) and monitoring controls
Reviewing and testing the internal and external data inputs to the process and on-going review and escalation processes
Brief review of systems which the firm uses to benchmark to best practice
Brief review of systems which the firm uses to benchmark to best practice
Reviewing the training programmes
Reviewing the training programmes
Reviewing the data retention/record keeping arrangement in relation to its obligations
Reviewing the data retention/record keeping arrangement in relation to its obligations
Meeting with personnel in the 1st and 2nd line of defence to understand the processes they undertake and to ascertain the level of understanding of the regulatory requirements within
Presentation of detailed findings in report format
Presentation of detailed findings in report format including an assessment against the maturity of processes amongst similar firms in the market (market benchmarking) and its suitability for the firm's business mix and risks.
Increase effectiveness,
focus on efficiency
To optimise firms’ FC controls, require an increase in effectiveness of processes along with a dedicated focus on high efficiency which will facilitate sustainable processes to demonstrate effective FC controls under scrutiny.
Firms must also view the improvement of their FC controls as a good commercial investment by focusing on the business advantages these could have for the firm.
Developing Effective Financial Crime (FC) Frameworks
The following directional indicators provide a high-level overview of the implementation and ongoing assessment of sustainable FC controls.
Risks / Actions / Benefits
Assessment of FC risk & controls effectiveness (“FCRA”)
Understand the FC risk and the effectiveness of existing controls.
Create and maintain a library of existing FC risks & controls (tested & untested)
Conduct the mandatory annual FCRA, to drive decisions on: Improvements /transformations; Resources; Management of gaps and de-risking activities; Prioritisations and budgets; MLRO report.
Cost / benefit analysis and assessment of FC controls
Provide clearer understanding of the real cost of compliance.
Continuous risk/benefit assessment to drive controls enhancement and optimisation across FC operations (KYC/KYCC, TM, Screening, escalation);
Effectiveness of FC risk and controls reporting (MI – complete,
accurate and timely);
Costs and impact analysis on:
De-risking – cost/benefit, strategy, action;
Optimisation of FC controls - Sustainability
Improve the effectiveness and efficiency of FC controls driving sustainability.
Prioritisation & decision – FC governance - supported by complete, accurate & timely MI;
Budgets – Senior executive and board approval
Supporting resources planning for 6 months/12 months/3 years to
support:
Lean FC governance and robust 3LoD structure and capabilities;
Clear and realistic objectives taking into consideration the 10
universal outcomes of Principled Performance;
Adequate resources with the necessary skills and expertise to drive
high performance.
Automation focus on optimisation across:
Assurance and Testing
Assess, measure, and provide ongoing assurance.
Development of assurance plan and control testing – assess and measure;
Reporting into a functional FC Governance structure to support decisions:
Executive decisions;
Committees & forums.
Escalation and decision on tactical/planned improvements.
