CDD AML Risk Assessment Process | Customer Risk Rating Methodology

When conducting AML customer due diligence, financial institutions perform AML risk assessment to determine the overall risk rating for the customer.

Below is an overview of the various variables that are analyzed as part of a CDD AML risk assessment.

The overall customer risk assessment and subsequent rating is based on a risk rating methodology that is developed using industry standards or customized rules defined by the AML Compliance Officer.

CDD AML Risk Assessment Process

Image Source: Risk Assessed Variables – Customer Due Diligence

Customer Risk Rating Tool and Methodology

AML KYC BSA risk assessment and rating is performed during the client onboarding phase and also throughout the life of the customer.

A customer risk rating tool or solution is normally utilized in conducting due diligence and risk assessment on each customer prior to opening the account.

In most cases, after developing a risk rating methodology, it needs to be approved by both the firm’s Compliance and the Business senior management, before it is configured into the risk rating tool.

Generating a Customer Risk Rating

The below customer elements need to be risked assessed by entering into the risk rating tool to generate an overall customer risk rating of: Low, Medium or High [The firm may also use a risk category of Low or High, without the “Medium rating”]

When the risk rating tool generates a final rating, the AML Compliance Officer will be sent a notification for approval. Approval may be evidenced in writing or electronically. The AML Compliance Officer functions may be delegated to a designee. In such a situation, the designee needs to be a highly trained in AML compliance matters.

After risk rating the customer, all high risk cases will need to be escalated for further analysis.

List of Key Assessment Factors

An overall rating is to be assigned based on the evaluation of the client and account characteristics as presented below.

The rationale supporting each of the elements listed below must be clearly documented.

In the event that a risk rating platform is used to calculate the rating, reliance may be placed on the platform so long as the criteria conform to the requirements herein.

  1. Customer’s name
  2. Customer’s address and country
  3. Type of customer (Domestic, foreign, LLC, Corp, regulated, high-cash business, etc.)
  4. Industry in which the customer does business
  5. Anticipated account activities
  6. The customer’s source of asset / wealth
  7. Reputation of the customer (Cigarette company? Weapons dealer? Etc.)
  8. The account’s beneficial owners (individuals or corporations that benefit from or have controlling rights over the account)
  9. Purpose of the account

As part of a firm’s AML BSA operating model, there needs to be well-defined procedures and processes that list the key assessment factors that will be assessed when conducting customer due diligence.

All-in-One Change Management Tools

Top Rated Toolkit for Change Managers.

Get Your Change Management Tool Today...

Assessments and Risk Rating Methodology

Each assessed variable is assigned a low, medium or high risk rating.

For example, a customer’s domicile (country or operations or registration) might be rated low if the customer is domiciled in a low risk country (i.e., the US) or rated high if the customer is located in a high risk country (i.e., Colombia or Cuba).

In addition, customers involved in high cash usage businesses (e.g., gambling centers) might have a “customer type variable” that is rated high being that they possess a higher probability of money laundering risk. Drug cartels have been known to attempt to launder money via gambling centers.

The overall goal of customer risk assessment is to generate a single overall customer risk rating of low, medium or high. This overall risk rating is normally a cumulative average of the ratings of the respective “assessed variables”.

However, financial firms are responsible for designing their respective risk rating methodologies, which might differ from the one presented here. For example, rather than taking a cumulative average of the individual ratings, a firm might weight some individual ratings higher than others

AdvisoryHQ (AHQ) Disclaimer:

Reasonable efforts have been made by AdvisoryHQ to present accurate information, however all info is presented without warranty. Review AdvisoryHQ’s Terms for details. Also review each firm’s site for the most updated data, rates and info.

Note: Firms and products, including the one(s) reviewed above, may be AdvisoryHQ's affiliates. Click to view AdvisoryHQ's advertiser disclosures.