According to the Third European Union Money Laundering Directive institutes have to establish reasonable business- and customer-related safety systems and controls for preventing money-laundering, the financing of terrorism as well as fraud at the expense of the institutes. Organizational duties are disposed for supervising institutes, groups of institutes, financial holding groups and financial conglomerates which are part of the general requirements for an adequate management.
This includes requirements for risk management and controlling of institutes as well as safety precautions for IT- and compliance regulations. The risk analysis according to the 3rd EU Directive has to comply with the respective requirements of an institute regarding structure and formal definition. The risk analysis of an institute has to be checked annually, updated, if necessary, and it has to describe the assessment of the institute regarding the following risks: