Start typing and press enter to search
Risk Management Consulting Services

Risk Management Consulting Services

The Risk Management function is crucial for all business entities, whether it is implemented voluntarily or mandatorily. To undertake this function, an organizational unit should be set up to be in charge of implementing this function. Further, specialized jobs should be created to perform the tasks of the function, including the development of risk management strategy, risk management framework that covers risk identification, risk analysis, risk measurement, risk mitigation, reporting and monitoring, collectively referred to as Risk Profile.

Given the critical role of risk management function, the regulators, e.g., Capital Markets Authority (CMA), Insurance Regulatory Unit (IRU) and Central Bank of Kuwait (CBK), stressed the requirement to set up an organizational unit for risk management and form a risk management committee to monitor the risk management activities and present the reports and findings to the Board of Directors.

What is the mandate for establishing and activating the risk management function as per the CMA’s regulations?

The CMA’s Executive Bylaws of Law No. 7 of 2010 regarding the Establishment of the Capital Markets Authority, Module Six “Policies and Procedures of Licensed Person”, Chapter Four, mandate establishing and activating the risk management function.

Is the Risk Management Officer a registered job with the CMA?

Yes, it is a registered job with the CMA in accordance with the Executive Bylaws of Law No. 7 of 2010 regarding the Establishment of the Capital Markets Authority, Module Five “Securities Activities and Registered Persons”, Article 3-2-2.

What are the tasks and duties assigned to Risk Management Unit as per the CMA’s Executive Bylaws?

Pursuant to the provisions of Article 6-3 of Chapter 6, Module 15 “Corporate Governance” of the CMA’s Executive Bylaws detailing the Risk Management functions including measurement, monitoring and mitigation of all types of risks encountering the Company, the risk management activity will be performed as follows:

  1. Establishing effective systems and procedures of risk management, so that the company can perform its key functions, i.e., measuring and monitoring all types of risks to which the Company is exposed, provided that such process shall be conducted on ongoing basis and reviewed periodically, and such systems and procedures shall be amended when necessary.
  2. Developing periodical reporting mechanisms, as they are considered a crucial tool in the process of risks monitoring and mitigation.
  3. Reviewing transactions to be made by the Company with the related parties and make proper recommendations in this regard to the Board of Directors.

Does the CMA allow licensed companies to outsource the Risk Management Officer?

Yes, the Capital Markets Authority allows this as the Executive Bylaws of Law No. 7 of 2010 regarding the Establishment of the Capital Markets Authority and the Regulating Securities Activities in Module Five “Securities Activities and Registered Persons”, Chapter 3, Article 3-2-8 sets forth the following:

A licensed person may engage an external firm to perform the tasks of the registered jobs as follows:
  1. An external firm may be engaged to perform the following tasks of the registered positions:
    • Risk Management Officer
    • …………..

What are the requirements for preparing risk management reports in accordance with the CMA’s Executive Bylaws?

Risk management reports shall be prepared every six months and shall particularly include credit risks, market risks, liquidity risks, operation risks and any other risks that the company may expose to. The report shall be submitted to the board of directors with a copy of the same provided to the CMA as required by the CMA’s Executive Bylaws of Law No. 7 of 2010 regarding the Establishment of the Capital Markets Authority, Module Six “Policies and Procedures of Licensed Person”, Chapter Four, Article 4-4.

What are the requirements for preparing Money Laundering and Financing of Terrorism Risk Profiling Study in accordance with the CMA’s Executive Bylaws?

Money Laundering and Financing of Terrorism Risk Profiling Study shall be prepared, periodically updated and provided to the CMA upon request as required by the CMA’s Executive Bylaws of Law No. 7 of 2010 regarding the Establishment of the Capital Markets Authority, Module Sixteen “Anti-Money Laundering and Combating Financing of Terrorism”, Chapter Two, Article 2-3, which sets forth as follows:

The Licensed Person is required to:

5. Assess their risk of money laundering and financing of terrorism, including risks of new products and technologies. The risk assessment and any underlying information shall be documented in writing, kept up-to-date and readily available for the Authority upon request.

What is the mandate for establishing and activating the risk management function as per the CBK’s instructions?

The CBK’s instructions issued on 10 September 2019 regarding the governance rules within the banks operating in Kuwait mandate establishing and activating the risk management function.

What are the requirements for preparing Money Laundering and Financing of Terrorism Risk Profiling Study in accordance with the CBK’s regulations?

  1. Banks

    Banks are required to prepare Money Laundering and Financing of Terrorism Risk Profiling Study and update it every two years, in accordance with the requirements of the Central Bank of Kuwait (CBK) pursuant to the CBK Circular issued to all local banks on 16 February 2023, regarding the amended instructions No. (2/BS, IBS/507/2023) on AML/CFT instructions, which stipulate the following:

    First: Identification and Assessment of Risks Associated with Money Laundering and Terrorism Financing:

    1) The bank shall establish risk management systems and prepare a written study, to be updated every two years, addressing all risks associated with money laundering and terrorism financing to which the bank may be exposed in the course of carrying on its licensed activity….

  2. Exchange Companies

    Exchange companies are required to prepare Money Laundering and Financing of Terrorism Risk Profiling Study and update it every two years, in accordance with the requirements of the Central Bank of Kuwait (CBK) pursuant to the CBK Circular issued to exchange companies on 16 February 2023, regarding the amended instructions No. (2/ES/508/2023) on AML/CFT instructions, which stipulate the following:

    First: Identification and Assessment of Risks Associated with Money Laundering and Terrorism Financing:

    1) The exchange company shall prepare a written study, to be updated every two years, addressing all risks associated with money laundering and terrorism financing to which the company may be exposed in the course of carrying on its licensed activity, and commensurate with the size of its business and the nature of the transactions carried out by it ….

  3. E-Payment Services Providers, E-Money Services Providers

    Electronic Payment Service Providers (EPSPs) and Electronic Money Service Providers (EMSPs) are required to prepare Money Laundering and Terrorism Financing Risk Profiling Study and update it every two years, in accordance with the requirements of the Central Bank of Kuwait, pursuant to CBK Circular No. (2/PS/529/2023) dated 05 July 2023, regarding AML/CFT instructions, which stipulate the following:

    “First: Study of Risks Related to Money Laundering and Terrorism Financing:

    Electronic Payment Service Providers and Electronic Money Service Providers shall prepare a study to assess the risks of money laundering and terrorism financing associated with the activities they intend to undertake and update such study every two years….

What is the mandate for establishing and activating the risk management function as per the IRU’s regulations?

The IRU’s Resolution No. 58 of 2023 regarding corporate governance, Article 33, mandates establishing an active risk management function within the insurance companies as part of the overall governance framework.

What are the roles and responsibilities assigned to the risk management function as per the IRU’s regulations?

Article 44 of the IRU’s Resolution No. 58 of 2023 regarding corporate governance provides for the roles and responsibilities assigned to the risk management function.

How mandated is the job of risk management officer at the IRU licensed insurance companies?

The IRU’s Resolution No. 58 of 2023 regarding corporate governance, Article 41, mandates employing a risk management officer at the insurance company.

Does the IRU allow insurance companies to outsource the risk management officer?

Yes, as per the IRU’s Resolution No. 58 of 2023 regarding corporate governance, it is permissible to engage a third party to perform specific functions or activities under articles 58 to 64 of the aforesaid resolution.

What is the added value to business entities from Risk Management Services?

  • Ensure compliance with the applicable legal and regulatory requirements in the State of Kuwait.
  • Utilize the expert knowledge and experiences brought through compliance consulting services.
  • Maximize competitive potential and resilience in doing business and minimize costs.
  • Improve processes and enhance the internal control and decision-making process.
  • Enhance stakeholders’ trust in the business entity.

What are the services offered by Baker Tilly Kuwait?

  • Outsourced Risk Management Officer function as per the CMA and IRU requirements
  • Preparing risk management reports as per the CMA requirements
  • Preparing / updating the Money Laundering and Financing of Terrorism Risk Profiling Study as per the CMA and CBK requirements

Related Services

Audit, Assurance, Tax and Consulting Now, for tomorrow
© 2026 Baker Tilly Kuwait. All rights reserved. An independent member of Baker Tilly International
E-mail Us
Call Us