The level of sanctions risks before controls are applied to mitigate them. There are four main inherent risk categories: customers, products and services, countries, and delivery channels. Inherent risk is linked to the risk assessment process, which evaluates the effectiveness of an institution’s risk controls. Inherent risk considers the likelihood and impact of non-compliance before considering any mitigating effects of risk management processes.