Overview
Risk assessments in Legl help firms consistently identify, assess, and manage client and matter risk.
This article explains how risk ratings are created, how firm-defined logic can be applied, and what the resulting risk outcome represents.
Customising Risk Assessment templates
Risk assessments in Legl are built using templates, which are configured to match your firm’s existing risk assessment questions and policy.
Templates can be customised to reflect:
Your firm’s own questions and structure
Which answers trigger low, medium, or high risk
Whether certain answers should override others
Which follow-up questions appear based on previous answers
Whether additional details are optional or mandatory
This ensures that users only see questions that are relevant to the specific client or matter type.
Helper text
Each question in a risk assessment template can include helper text to guide users as they complete the assessment.
Helper text can be:
Added on a per-question basis
Used to explain what the question is asking or what to consider
Used to remind users of internal policy or regulatory guidance
Formatted using bold or italic text
Linked to external guidance or internal resources using hyperlinks
How the AI assistant helps
Risk assessments can include questions that are automatically populated using Legl’s AI assistant.
This helps by:
Pulling relevant information from elsewhere in the platform into the risk assessment
Highlighting which questions have been auto-answered, so users can clearly see what was pulled through
Reducing manual effort and improving consistency by using existing data already captured in Legl
For example, risk assessments can automatically pull through details such as:
Whether the client is a business or an individual
When client due diligence (CDD) was last carried out (based on the date of the CDD report)
Whether a client is based in a high-risk country or not (we use the FATF list of high-risk countries).
ℹ️ Important
Auto-answered questions are shown in a way that makes it clear they have been pulled through from other parts of Legl.
How risk ratings are calculated
At a high level, risk assessments work as follows:
Each risk assessment is built from a template, based on your firm’s own questions and structure
Certain answers are mapped to risk factors (for example, low, medium, or high)
As users complete the assessment, relevant risk factors are flagged
The platform aggregates those risk factors to produce an overall risk rating
For example:
Multiple medium-risk factors may result in an overall medium risk
A single high-risk factor may trigger a high-risk outcome
This ensures users only see questions that apply to the specific client or matter.
ℹ️ Important
If preferred, the Low, Medium, and High risk rating breakdown can be replaced with a numerically scored risk rating.
Escalation and review
Escalation
When a risk assessment meets your firm’s escalation criteria:
The assessment status is marked as escalated
A designated reviewer (for example, MLRO or compliance lead) is notified
The original user cannot complete the review themselves
This ensures that higher-risk matters receive appropriate oversight and creates a clear separation between assessment and approval.
Review
It is also possible to enable a Review step, which is configured per template.
When the Review step is turned on:
The user completing the risk assessment is asked to select a reviewer
The assessment is submitted with a Ready for review status
The assessment is assigned to the selected reviewer
Only the reviewer can complete the review and finalise the assessment
This allows firms to separate risk identification from risk approval, where required.
Manual overrides and audit trail
Authorised users may have permission to manually adjust a risk rating.
When this happens:
The change is clearly marked in Legl
A rationale must be recorded
The user name, date, and time are logged
All versions of a risk assessment are retained, creating a complete audit trail that can be reviewed or downloaded at any time.
What happens next
Once a risk assessment is completed:
The final risk rating is visible across the platform
The assessment can be downloaded as a PDF
Reassessments can be completed using the previous assessment as a starting point
Any future updates are tracked as new versions, not overwrites
This supports ongoing risk management without duplicating work.
Important information
Legl applies your firm’s logic but does not define risk policy or make compliance decisions
Risk ratings are based solely on the questions, answers, and weightings configured by your firm
Manual overrides are visible and fully auditable
Different templates can be used for different client types, matters, or scenarios