Management of risk requires a four-stage approach.  The four stages form the risk cycle.   

The 1st and 2nd steps displayed below will be applied during an AML CFT risk assessment.   The 3rd and 4th steps will be applied when developing the AML CFT compliance programme.   
 

The process is not a one-off exercise but an ongoing requirement.