With any risk assessment you should keep it current. Add the business internet banking services and customers and the MFA methods you will be using. Over time, other changes could be required and a review of the risk assessment would be warranted at those times.
It really should be a part of your planning process. When anyone (like an examiner) asks how you determined what you would do, you have your risk assessment as part of the documentation to back up the actions taken.