A risk-based approach to AML is defined by the Financial Action Task Force (FATF) as the identification, assessment, and understanding of money laundering and terrorist financing risk exposure by countries, competent authorities, and banks.
This type of approach to AML must also include these entities taking the appropriate steps toward risk mitigation according to their respective risk levels. The FATF further states that a risk-based approach is an important prerequisite for the effective implementation of official FATF standards.
In this article, we discuss why a risk-based approach is important, what is customer risk rating, and several of the key benefits of this approach.
Keep reading to learn about key factors that comprise an effective risk-based approach and how it relates to not just approving good customers but also maintaining well-updated and efficient AML systems.
The risk-based approach is steadily growing in popularity amongst financial institutions and regulators alike, large thanks to its ability to provide more accurate insights into customer-related risks while also helping to cut operational costs and boost AML efficiency.
As mentioned in the introduction, a risk based approach to compliance is now considered a requirement by the Financial Action Task Force — a major global regulator and watchdog for money laundering and financial terrorism.
In the FATF’s official Guidance for a Risk-Based Approach, it is stated that this approach:
“ allows countries, within the framework of the FATF requirements, to adopt a more flexible set of measures in order to target their resources more effectively and apply preventive measures that are commensurate to the nature of risks, in order to focus their efforts in the most effective way.”
A Customer Risk Rating is a total risk score used by financial institutions to determine if a customer presents a high risk of money laundering or other criminal activities (financial terrorism, fraud, etc.). Customer risk ratings are also sometimes referred to as KYC (Know Your Customer) risk ratings, as many of the factors used in KYC processes apply to customer risk ratings.
Customer risk ratings make up an important part of a strong risk-based approach to AML. Certain regions and nations legally require financial institutions to determine customer risk ratings, such as the U.S.
The customer risk rating methodology involves financial institutions determining customer risk rating scores using key factors sorted into three main categories:
Customer risk rating models are a crucial component of any financial institution’s risk-based AML strategy. Yet, the success of these rating models largely depends on how well an institution maintains and updates customer profiles over time.
When information for customer profiles is collected only when a new account is opened — rather than being updated over time as changes to the customer’s risk factors occur — this can result in highly inaccurate scores that lead to misclassifications of low-risk customers and undetected high-risk customers.
“This forces institutions to review vast numbers of cases unnecessarily, which in turn drives up their costs, annoys many low-risk customers because of the extra scrutiny, and dilutes the effectiveness of anti-money laundering (AML) efforts as resources are concentrated in the wrong place.”
The McKinsey report further states that more modern risk-based models that integrate transaction monitoring and customer screening help to create a more effective customer risk rating model that can, in turn, reduce the number of misclassifications by 25% to 50%.
These newer models of customer risk rating focus on dynamic risk — a type of risk assessment that accounts for changes to a customer’s behaviors, characteristics, or geographic location.
For instance, if a customer is living in a country such as Russia where political unrest is currently heightened, this can have a major impact on their risk rating score. Another example of dynamic risk is if a customer has a relative that enters into politics, rendering both parties as Politically Exposed Persons (PEPs) and raising their risk scores.
A dynamic risk approach allows financial institutions to automatically calculate these risk ratings continuously, ensuring that changes to a customer’s risk profile are always accounted for.
A risk-based approach that utilizes modern and technologically-supported customer risk rating not only provides a more effective AML strategy for financial institutions but also an enhanced overall experience for low-risk customers.
Past AML methodologies failed to account for changing risk factors, leading to many misclassifications of customers and, thereby, a heftier burden on low-risk customers. As a result, case management could quickly become disorganized and inaccurate, while low-risk customers became annoyed at the entire process and left with a bad taste for an institution’s overall service.
By contrast, a risk-based approach that utilizes customer risk rating scores allows for less risky customers to be processed faster, with only the more complex cases leading to high scrutiny. The ability to apply different risk policies and KYC strategies to various customer segments paired with an automated AML system offers a much more satisfactory experience to customers as a result.
As we have covered, customer risk ratings allow for much more specific and granular risk detection based on changing risk factors. Additionally, customer risk ratings enable institutions to maintain better control over which risk factors are the most relevant to their specific industry sector.
For example, the risk factors for a financial lender can vary drastically from those of a crypto firm, as the lender may deal with more domestic customers while the crypto firm deals with a larger range of international customers.
This ability to differentiate customers based not just on risk factors at an individual, segmented level but also on what industry they are operating in is a critical advantage provided by the risk-based approach.
Establishing an effective risk-based approach capable of accurate and efficient customer risk ratings is essential in the modern world of finance.
At KYC Hub, our solutions cover a wide range of activities necessary for building and maintaining a risk-based approach, including: