HMRC internal manual

International Exchange of Information Manual

From:: HM Revenue & Customs
Published: 25 April 2016
Updated:: 5 November 2025 - See all updates

IEIM405060 - Compliance: Risk Management Process

Compliance: Risk Management Process

For those Financial Institutions with a Customer Compliance Manager (CCM), as part of the normal compliance management activity, a CCM should seek to understand how a business intends to meet its obligations under the legislation and the systems and processes that it has put in place.

Areas of difficulty or particular risk could form part of the discussions about business systems and governance and the CCM should work with the company/entity to identify and deal with any risks that could lead to non-compliance. Compliance with the legislation forms part of the Business Risk Review.

CCMs will be able to call on support from Governance Specialists in Large Business (LB) and Audit Specialists in both LB and Mid-Sized Business to help them to understand and address any issues identified.

For those Financial Institutions where there is no CCM, compliance activity will follow a risk based approach and will focus on those Financial Institutions where information indicates they are potentially in non-compliance with the legislation.

Any audit of systems and processes, of either CCM or non CCM businesses will encompass a review of whether or not a Financial Institution is able to correctly identify its account holders and meets its reporting obligations.

Help us improve GOV.UK

To help us improve GOV.UK, we’d like to know more about your visit today. Please fill in this survey (opens in a new tab).