National Risk Assessment

Since 2017, the WODC (Research and Data Centre) has conducted three NRAs on money laundering and three NRAs on terrorist financing for the European part of the Netherlands. For the Caribbean part of the Netherlands (the islands of Bonaire, St. Eustatius and Saba), two NRAs have been conducted on both fields since 2017. In 2024, the WODC will start an NRA on the field of corruption.

What does a National Risk Assessment entail?

An NRA rates the risk level of all relevant threats in a particular field. In doing so, the NRA facilitates risk-based policy. The results of an NRA help policymakers develop, prioritise and justify policy choices. The elements that make up an NRA are threats, vulnerabilities of the context in which the threats occur, the potential impact of the threats and the resilience of the available policy instruments to combat the threats.

‘Threats’ refer to methods that can be used by people to commit a type of crime. More specifically: the NRA on money laundering concerns methods that (groups of) individuals can use to launder money that has been obtained illegally. The ‘context’ within which the threats occur is an important factor in the vulnerability to and the prevalence of the threats. Context factors may include, for instance, the geographic location of the Netherlands, located in the rich and the well-situated Western Europe or the ethnic composition of the Dutch population. The context in which threats may occur generally can not or only to a very limited extent be influenced by policy. If threats are prevalent, they may differ in their ‘potential impact’. ‘Resilience’ relates to the effectiveness of the policy instruments that are available in the Netherlands to prevent and/or combat the crime type in question. This concerns both the content/scope and the implementation of those instruments. Resilience therefore concerns the effectiveness of the existing policy to combat the threat. The final analysis is presented in a ‘heat map’, a graphical representation that compares the potential impact of the greatest threats with the resilience of the available policy instruments to prevent and/or combat these threats. The threats with the highest risk levels are threats with a high potential impact and low resilience.

The NRAs conducted by the WODC have a mainly qualitative approach where the risk analysis is based on judgements and estimates by experts in the field. This concerns their estimates of, on the one hand, the impact that 'threats' can have and, on the other hand, the 'resilience' of the available policy instruments to prevent or combat those threats.

Longlist of threats and context analysis

The first step in the initial phase of conducting an NRA is to make an inventory of all the possible threats that may occur for a given type of crime. For the threat longlist, relevant literature is studied and a survey is conducted among public and private parties that have varying degrees of knowledge of the relevant form of crime.

The context analysis looks at ‘vulnerabilities’ of the Netherlands with respect to the threats. These are context factors, for example, of a geographic, demographic, socio-cultural, economic and/or criminal nature, which may influence the criminal in using a certain method for the type of crime, but may also influence the possible impact of that method. More specifically: the Netherlands has several characteristics that make our country interesting for laundering illegally obtained money. This includes the open, trade-oriented economy, the large and internationally oriented financial sector, the fiscal attractiveness for multinationals and the fact that the Netherlands has one of the largest airports and ports in the world.

Expert meetings

Participants in an expert meeting identify the threats from the longlist of threats that – according to their judgement – have the greatest potential impact. This concerns the impact on a number of predetermined criteria. The participants can also add threats that – according to them – are missing in the list. The impact may vary for the different types of crime. Money laundering threats, for instance, can have an impact on trust and confidence in the financial system, the regular economy and the social order. In a second expert meeting, experts estimate the ‘potential impact’ of each threat on the relevant criteria (using a Multi Criteria Analysis). Finally, the experts determine the ‘resilience’ of the available policy instruments for the prevention and/or repression of the greatest threats in a third expert meeting. Resilience refers to the effectiveness of the total package of available policy instruments, which may include the content/scope as well as the implementation of those instruments, whereby the greater the resilience, the more the impact that the threats may have can be countered. The final result of an NRA is gaining an understanding of the risk level of the greatest threats by comparing the potential impact with the resilience. This is done in a ‘heat map’.

Why do experts have a key role in NRAs?

Ideally, a risk analysis is based on quantitative data. This requires an overarching data set that contains relevant data of adequate quality for all threats. In the NRAs that have been conducted, the possibilities for this were investigated, but the data available for the various threats differ so much in terms of characteristics that a comparative, overarching analysis cannot be carried out. The WODC considers an NRA that is purely based on quantitative data also unfeasible for NRAs on other topics than money laundering and terrorist financing. At least consistent and mutually compatible data on the prevalence and potential impact of threats as well as data on the resilience of the available policy instruments should be available. Experience has shown that data with these characteristics and quality are not available.

Even if these data were made available in a timely manner, various aspects would still complicate the risk analysis. First of all, all types of crime, and thus also all the various threats, remain hidden to a large extent. This dark number, which is relevant for the risk analysis, is not reflected in the data used for the risk analysis. Secondly, there are no data available on future or not yet identified threats that can be incorporated in the risk analysis. This is why the NRAs conducted by the WODC are primarily based on judgements and estimates of representatives of expert organisations.

Underlying scientific principles

The underlying principles for conducting an NRA were set out in 2016 in a methods and data study that was carried out by the WODC and Utrecht University (Exploratory study on methods and data for the Dutch National Risk Assessment of money laundering and terrorist financing (wodc.nl)). Since then, the ISO 31000 standard for risk management determines the structure of NRAs. A wide range of research methods can be used within this internationally standardised framework. Other principles that apply to NRAs concern the scientific approach, the inclusion of threats that have not yet been identified in the Netherlands and those that may materialize in the future. To be able to benefit from experiences in conducting NRAs and advancing insights, reporting is transparent and the NRAs include a self-evaluation section that gives them the character of a growth model.

For additional information on the methodology used for NRAs, please contact Lars Heuts (l.f.heuts@wodc.nl) or Henk van der Veen (h.c.j.van.der.veen@wodc.nl).