A risk-based approach to AML is defined by the Financial Action Task Force (FATF) as the identification, assessment, and understanding of money laundering and terrorist financing risk exposure by countries, competent authorities, and banks.
This type of approach to AML must also include these entities taking the appropriate steps toward risk mitigation according to their respective risk levels. The FATF further states that a risk-based approach is an important prerequisite for the effective implementation of official FATF standards.
In this article, we discuss why a risk-based approach is important, what customer risk rating is, and several of the key benefits of this approach.
Keep reading to learn about key factors that comprise an effective risk-based approach and how it relates to not just approving good customers but also maintaining well-updated and efficient AML systems.
Why a Risk-Based Approach is Important & Recommended by Regulators
The risk-based approach is steadily growing in popularity amongst financial institutions and regulators alike, largely thanks to its ability to provide more accurate insights into customer-related risks while also helping to cut operational costs and boost AML efficiency.
As mentioned in the introduction, a risk-based approach is now considered a requirement by the Financial Action Task Force — a major global regulator and watchdog for money laundering and financial terrorism.
“ — allows countries, within the framework of the FATF requirements, to adopt a more flexible set of measures in order to target their resources more effectively and apply preventive measures that are commensurate to the nature of risks, in order to focus their efforts in the most effective way.”
Managing Risk & Value: For a risk-based approach to improve a financial institution’s overall spending on risk mitigation, it is important to manage both risk and value by enabling finer segmentation of customers (see What is Customer Risk Rating? below). This helps institutions to minimize expenditures on misclassified customers who pose little to no AML risk.
Using Cost-Effective Self-Service Solutions: Automatic, self-service solutions are essential for establishing a risk-sensitive KYC and AML model without posing an undue burden on low-risk customers. With self-service solutions, financial institutions can automatically send additional KYC questions and data collection to high-risk customers based on changing risk factors.
Tailoring & Tracking Remediation Efforts at the Individual Level: Rather than tracking the success of an entire AML strategy, financial institutions should instead prioritize tracking and tailoring their efforts at the individual customer level. This provides a more holistic view of how effective the AML efforts are, as well as allows for more accurate compliance reporting.
Making Use of Third-Party Data: With a growing number of customers — especially in the wake of the rising popularity of digital payments and online banking — technological support for an AML strategy is a necessity. By utilizing third-party data, external providers, and artificial intelligence, financial institutions can establish automatic AML systems that enable an integrated solution that can gather data and identify risks at a much more efficient pace.
What is Customer Risk Rating?
A customer risk rating is a total risk score used by financial institutions to determine if a customer presents a high risk of money laundering or other criminal activities (financial terrorism, fraud, etc.). Customer risk ratings are also sometimes referred to as KYC (Know Your Customer) risk ratings, as many of the factors used in KYC processes apply to customer risk ratings.
Customer risk ratings make up an important part of a strong risk-based approach to AML. Certain regions and nations legally require financial institutions to determine customer risk ratings, such as the U.S.
The customer risk rating methodology involves financial institutions determining customer risk rating scores using key factors sorted into three main categories:
Activities and Behaviors: The activities and behaviors of a customer can include many different things, including products or services the customer purchases, customer transactions, and the types of accounts a customer owns.
Customer Characteristics: Customer characteristics deal with both who a customer is and the customer’s relationship to other individuals, businesses, or legal entities. Characteristics that customer risk ratings look for include employment status, sources of wealth, citizenship or residency, foreign business activities, and more. This aspect of customer risk ratings is also referred to as customer due diligence.
Geographic Location: Geographic location refers to where a customer’s financial behaviors, transactions, business activities, and assets are physically located in the world. Certain geographic locations are considered to be at higher risk for money laundering, due to a lack of regulation or regulatory enforcement. As such, financial institutions conducting business internationally must be aware of where their customers are located when determining a customer risk rating score.
Understanding the Role of Dynamic Risk in Customer Risk Ratings
Customer risk rating models are a crucial component of any financial institution’s risk-based AML strategy. Yet, the success of these rating models largely depends on how well an institution maintains and updates customer profiles over time.
When information for customer profiles is collected only when a new account is opened — rather than being updated over time as changes to the customer’s risk factors occur — this can result in highly inaccurate scores that lead to misclassifications of low-risk customers and undetected high-risk customers.
“This forces institutions to review vast numbers of cases unnecessarily, which in turn drives up their costs, annoys many low-risk customers because of the extra scrutiny, and dilutes the effectiveness of anti-money laundering (AML) efforts as resources are concentrated in the wrong place.”
The McKinsey report further states that more modern risk-based models that integrate transaction monitoring and customer screening help to create a more effective customer risk rating model that can, in turn, reduce the number of misclassifications by 25% to 50%.
These newer models of customer risk rating focus on dynamic risk — a type of risk assessment that accounts for changes to a customer’s behaviors, characteristics, or geographic location.
For instance, if a customer is living in a country such as Russia where political unrest is currently heightened, this can have a major impact on their risk rating score. Another example of dynamic risk is if a customer has a relative that enters into politics, rendering both parties as Politically Exposed Persons (PEPs) and raising their risk scores.
A dynamic risk approach allows financial institutions to automatically calculate these risk ratings continuously, ensuring that changes to a customer’s risk profile are always accounted for.
How Customer Risk Rating Enables a Better Customer Experience
A risk-based approach that utilizes modern and technologically-supported customer risk rating not only provides a more effective AML strategy for financial institutions, but also an enhanced overall experience for low-risk customers.
Past AML methodologies failed to account for changing risk factors, leading to many misclassifications of customers and, thereby, a heftier burden on low-risk customers. As a result, case management could quickly become disorganized and inaccurate, while low-risk customers became annoyed at the entire process and left with a bad taste for an institution’s overall service.
By contrast, a risk-based approach that utilizes customer risk rating scores allows for less risky customers to be processed faster, with only the more complex cases leading to high scrutiny. The ability to apply different risk policies and KYC strategies to various customer segments paired with an automated AML system offers a much more satisfactory experience to customers as a result.
How Customer Risk Rating Allows for More Granular Risk Detection
As we have covered, customer risk ratings allow for much more specific and granular risk detection based on changing risk factors. Additionally, customer risk ratings enable institutions to maintain better control over which risk factors are the most relevant to their specific industry sector.
For example, the risk factors for a financial lender can vary drastically from those of a crypto firm, as the lender may deal with more domestic customers while the crypto firm deals with a larger range of international customers.
This ability to differentiate customers based not just on risk factors at an individual, segmented level but also on what industry they are operating in is a critical advantage provided by the risk-based approach.
Establishing an effective risk-based approach capable of accurate and efficient customer risk ratings is essential in the modern world of finance.
At KYC Hub, our solutions cover a wide range of activities necessary for building and maintaining a risk-based approach, including:
AML Screening and Monitoring
Customer Onboarding and Monitoring
To learn more about KYC Hub’s end-to-end solutions for both individual and business onboarding and monitoring, contact our sales team today.