The Financial Action Task Force (FATF) recommendations and the Anti-Money Laundering Act (AMLA) require a risk-based approach. In the following, we discuss some basic aspects of risk-based approaches.


A risk-based approach is an approach that takes risk into account. Risk is related to the impact of possible events and their probability. From a simplified point of view, risk can be defined as:

Risk Based Approach3

Assessment of risks allows resources to be allocated in the most efficient way such that the greatest risks receive the highest attention. It is crucial to distinguish between necessary and sufficient risk factors.

If a necessary risk is low, the overall risk is also. For instance, in avalanche risk, the steepness of the slope to be traversed and the danger lever of the avalanche bulletin are necessary risk factors. Traversing a horizontal plane is safe, even when the danger level of the avalanche bulletin is high.

Examples of necessary risk factors

Risk Based Approach

In contrast to necessary factors, a sufficient risk factor implies a risk independent of other factors. For instance, a ski tour should be cancelled if extreme weather conditions are expected independent of the avalanche risk. Similary, a cancellation is advisable in the case of a high avalanche risk, even when weather conditions are excellent. In this example, weather conditions and avalanche risk are sufficient risk factors.

Examples of sufficient risk factors

Risk Based Approach2

Complete Revision of the Federal Data Protection Act

The complete revision's draft of the Federal Data Protection Act is currently in political consultation. Data Protection is to be increased by giving people more control over their private data as well as reinforcing transparancy regarding the handling of confidential data.

Links: draft, report

Eurospider Information Technology AG
Schaffhauserstrasse 18
8006 Zürich