Customer Risk Assessment: Strengthening Security in the Digital Age

Business partners, vendors, and third parties play essential roles in daily operations, contributing to achieving organisational goals. Onboarding new business partners was relatively straightforward before the Target breach in 2013. However, this process now involves customer risk assessment in today’s landscape. Although this additional step is often perceived as an obstacle to business, it is crucial for ensuring security, as every new customer introduced increases the potential attack surface.

The only way to comprehensively assess the risk posed by a customer is through evaluating and validating customers with robust security controls and processes. This evaluation enables informed decision-making regarding the acceptable risk level and the necessary risk mitigation measures to keep scammers away.

Diving Deeper into Customer Risk Assessment

A customer risk assessment is necessary to evaluate each customer’s money laundering risk effectively. Firms must ensure compliance with national and international sanctions by screening customers’ names and beneficial owners against relevant sanctions lists, including those provided by the United Nations.

Different firms will have varying tolerance levels for customer risks they are willing to accept. However, it is imperative to establish a consistent methodology for conducting customer risk assessments. This methodology should outline the criteria for assigning risk scores to customers, the weighting mechanisms employed, and the reasoning behind these decisions.

The primary objective of the assessment is to identify the potential risks a firm may face, whether in an ongoing business relationship or occasional transactions. The more complex the nature of the interaction, the more rigorous the risk assessment should be.

By accessing comprehensive information, firms will be better equipped to determine the appropriate Customer Due Diligence (CDD) level. Regular reviews should be conducted, notably when a customer’s behaviour deviates from their established risk profile. The Financial Action Task Force (FATF) recommends that if firms cannot apply the necessary level of CDD, they should refrain from entering into a business relationship or consider terminating an existing one.

The Customer Risk Score

A risk score assigned to clients assists financial firms in identifying those who pose a higher risk of money laundering or illegal activities. This is a legal requirement for financial institutions operating under US law. The FinCEN CDD Rule was enacted in July 2016, with a final compliance date in May 2018, and it mandates that financial institutions must understand the money laundering and terrorist financing risks associated with their customers. Whilst the rule refers to this as a client risk profile, many financial firms define it using a customer risk score.

The risk score serves the purpose of identifying customers who require comprehensive monitoring for potential money laundering activities. Due to the impracticality of conducting in-depth tracking for every customer, a risk score enables targeting customers with a higher potential risk.

Categorising Risk Elements: Who, What, Where

Numerous risk factors are considered whilst assessing a client’s money laundering risk. These factors are logically grouped into categories. Although each risk category contributes equally to the total risk, this may not necessarily be the case.

• Who (Customer Risk Profile and Relationships): This category encompasses the risk factors associated with a customer’s characteristics and their relationships with other individuals and legal entities. 
• What (Products, Services, Behaviours and Activities): This category encompasses the actions and behaviours of the customer within the financial institution. It specifically addresses the types of products and services that may carry a higher risk of money laundering and the customer’s transactional activities, behaviours, and patterns that could indicate potential illegal activities. 
• Where (Geographic Risk): The geographic locations where a client’s payment activities and business relationships occur are naturally linked to the risk of money laundering associated with specific countries. 

Dynamic AML Customer Risk Assessment

To effectively address money laundering risk, firms must regularly assess their customers, recognizing that what may appear suspicious for one customer may not be for another. 

Certain general behaviours can raise concerns or trigger a reassessment of customer risk:

• Rapidly changing banks multiple times within a short period.
• Attempts to conceal the valid owner of a business.
• Requests for expedited or unconventional transaction processing.
• Involvement of unrelated third-party funders in the industry.
• Significant amounts of private funding from an individual operating a cash-intensive business.
• Use of falsified or suspicious documents.
• The unusually high volume of cash transactions is inconsistent with the customer’s profile.
• Business transactions involving countries are known for high risk of money laundering and terrorist financing.
• Excessively complex ownership structures.
• Inconsistent level of business activity.

Firms must enhance their ability to identify suspicious customers and activities more accurately. This requires a thorough understanding of the significance of dynamic risk assessments and the utilisation of data and technology to support these efforts.

Misclassifying low-risk customers as high-risk and collecting inaccurate or insufficient Know Your Customer (KYC) information can diminish the effectiveness of Anti-Money Laundering (AML) measures. Relying solely on manual and intricate processes may not be robust enough to achieve the desired results.

Companies should consider simplifying risk models and integrating statistical analysis to complement expert judgement. By incorporating machine learning algorithms, data quality can be improved, and customer profiles can be continuously updated whilst considering behavioural patterns and other relevant factors.

How Can Shufti Help?

Shufti offers a robust risk assessment solution that streamlines your business’s KYC and AML compliance efforts. Our AI-powered risk assessment solution detects financial crimes within seconds and mitigates the risk of money laundering and fraud. Our risk assessment solution keeps scammers away and prevents firms from hefty non-compliance fines. 

Want to stay ahead in the fight against financial crimes?