The Financial & Operations Compliance Risk Assessment Model is a risk management tool to help identify, define, assess and "weigh" risks in respect to IIROC Dealer Member firms and determine priority focus in the examination cycle of Dealer Member firms. Essentially, the model gives an indication of the comparable risk assessed for each Dealer Member firm relative to all other firms under the jurisdiction of IIROC.
The objective of the FinOps Risk Assessment Model is to identify Dealer Member firms having a higher than average probability of incurring a capital deficiency. With this information, IIROC ensures that regulatory focus is placed on higher risk firms.
The model identifies three risk types, seven risk categories and twenty-one specific risks. Each specific risk is assessed and weighted to determine an individual firm business risk score. See Components.
The model then calculates the risk control score by identifying two risk control categories and six specific risk controls. Each specific risk control is assessed and weighted. Risk control is the method the firm uses to mitigate or reduce its business risk. The higher the risk control score the higher the quality of overall risk control.
The resulting risk control score is discounted and 40% of the score is subtracted from the business risk score to achieve a residual risk score for each firm. The discount factor is applied consistently to all Dealer Member firm risk control scores to better differentiate residual risk scores.
In summary, the formula for the FinOps risk assessment model is as follows:
Residual Risk Score = Business Risk Score - [40% of Risk Control Score]
Business Risk Weightings
Each risk type is assigned a fixed weighting to differentiate the level of its importance in the model.
| Type |
Aggregate Weighting |
| Inherent Risks: |
81% |
| Internal Factors: |
18% |
| External Factors: |
<1% |
Schematic
Residual Risk Rating
Components