However robust our Risk Assessment Framework may seem, firms should conduct regular reviews to ensure the Framework is still relevant and effective to mitigate new threats and risks.