A Guide to Anti-Money Laundering for Crypto Firms

Customer Risk Assessment: What you Need to Know

KYC/KYB Knowledge & Training

A customer risk assessment is a necessity when onboarding new customers. It ensures that high-risk individuals are identified, and appropriate anti-money laundering (AML) measures are put in place.

But what elements should firms consider as part of an AML customer risk assessment? And how do they determine what to prioritize? 

What is a Customer Risk Assessment?

In order to understand the money laundering risks each customer poses, a customer risk assessment should consider a number of factors.  These include verifying the identity of a customer, considering how to engage with them – the products and services they access, the type of transactions they carry out, and how often – and the geographical locations to which the customer is linked. 

In addition, firms should ensure they comply with national and international sanctions by screening customer and beneficial owner names against United Nations and other relevant sanctions lists.

Firms will have different levels of risk appetite regarding the customers they are willing to work with. However, it is important that a consistent customer risk assessment methodology is implemented, setting out the criteria for customer risk scoring weighting mechanisms, and the rationale behind these.

The main purpose of the assessment is to identify the risks to which a firm may be exposed, either in the course of a business relationship, or for an occasional transaction. The more complex this interaction is, the more rigorous a customer risk assessment needs to be. 

By being well informed, firms will be better placed to determine the correct level of customer due diligence (CDD). Ongoing reviews should be completed, particularly if a customer starts to act in a manner that deviates from their risk profile. The Financial Action Task Force (FATF) recommends that where firms cannot apply the appropriate level of CDD, they should not enter into the business relationship, or should terminate the business relationship.

What Factors Should be Included in a Customer Due Diligence Risk Assessment?

There are four main pillars to consider in a customer risk assessment: 

  1. Customer riskThe type of customer (individual/company/trust etc) and their activities and behavior. Is the beneficial ownership structure clear? Are they involved in higher risk activities? Are activities conducted through complex structures or are they cash-sensitive, indicating an increased risk of money laundering? Are they mentioned negatively in the media, or tied to politically exposed persons (PEPs)? 
  2. Geographical risk – Particular risks relevant to a country or location, such as vulnerability to money laundering. This may include not only the customer’s residence or a business’s country of incorporation, but also the country where their main business is conducted, or jurisdictions where they have relevant personal links.
  3. Product, services and transaction risk – Products or services that pose a higher risk of money laundering due to their nature and features. To what extent is anonymity encouraged? Are multiple people or jurisdictions involved without clear reasoning? What is the value and size of the transaction – is it unusual for this customer? 
  4. Delivery channel risk – How firms interact with the customer, or the channels used to provide a product or service. This may be online, face-to-face, or through agents or intermediaries – all posing different levels of risk. The regulatory status of agents or intermediaries could impact overall customer risk.

In the US, the Financial Crimes Enforcement Network’s (FinCEN) CDD Final Rule clarifies and strengthens customer due diligence requirements. It requires applicable financial institutions to establish and maintain written policies and procedures that are designed to:

  • Identify and verify the identity of customers
  • Identify and verify the identity of the beneficial owners of companies opening accounts
  • Understand the nature and purpose of customer relationships to develop customer risk profiles
  • Conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information

Dynamic AML Customer Risk Assessment

An ongoing assessment of customers is needed to help firms mitigate money laundering risk, but what is suspicious for one customer won’t be for another. 

Some general behaviors that may raise a red flag, or prompt a re-evaluation of a customer risk assessment include: 

  • Changing banks a number of times in a short space of time 
  • Attempts to disguise the real owner of the business
  • Requests for short-cuts or unusual speed in transactions
  • Involvement of a third-party funder with no connection to the business 
  • A large amount of private funding from an individual running a cash-intensive business
  • False or suspicious documents used
  • A large amount of cash transactions inconsistent with the profile of the customer
  • Business transactions involve countries with a high risk of money laundering and/or funding of terrorism
  • Overly complicated ownership structures
  • Inconsistent level of business activity

Firms need to more accurately flag suspicious actors and activities. To do so, they need to understand the importance of dynamic risk assessments and have the data and technology to enable this.

Misclassification of low-risk customers as high risk, and inaccurate or insubstantial KYC information gathering, can dilute the effectiveness of AML measures – and a wholly manual and complex process may not be enough to guarantee the results needed.

Firms should consider simplifying the architecture of their risk models and introducing statistical analysis to complement expert judgment. Machine learning algorithms can improve the quality of data and help continuously update customer profiles, while considering behavior and additional factors.

Scale your business with a robust AML KYC solution

Automate customer onboarding and monitoring with a real-time AML risk database & an effective AML KYC solution.

Find out more
A customer risk assessment is a necessity when onboarding new customers. It ensures that high-risk individuals are identified, and appropriate anti-money laundering (AML) measures are put in place. But what elements should firms consider as part of an AML customer risk assessment? And how do they determine what to prioritize? 

What is a Customer Risk Assessment?

In order to understand the money laundering risks each customer poses, a customer risk assessment should consider a number of factors.  These include verifying the identity of a customer, considering how to engage with them - the products and services they access, the type of transactions they carry out, and how often - and the geographical locations to which the customer is linked.  In addition, firms should ensure they comply with national and international sanctions by screening customer and beneficial owner names against United Nations and other relevant sanctions lists. Firms will have different levels of risk appetite regarding the customers they are willing to work with. However, it is important that a consistent customer risk assessment methodology is implemented, setting out the criteria for customer risk scoring weighting mechanisms, and the rationale behind these. The main purpose of the assessment is to identify the risks to which a firm may be exposed, either in the course of a business relationship, or for an occasional transaction. The more complex this interaction is, the more rigorous a customer risk assessment needs to be.  By being well informed, firms will be better placed to determine the correct level of customer due diligence (CDD). Ongoing reviews should be completed, particularly if a customer starts to act in a manner that deviates from their risk profile. The Financial Action Task Force (FATF) recommends that where firms cannot apply the appropriate level of CDD, they should not enter into the business relationship, or should terminate the business relationship.

What Factors Should be Included in a Customer Due Diligence Risk Assessment?

There are four main pillars to consider in a customer risk assessment: 
  1. Customer riskThe type of customer (individual/company/trust etc) and their activities and behavior. Is the beneficial ownership structure clear? Are they involved in higher risk activities? Are activities conducted through complex structures or are they cash-sensitive, indicating an increased risk of money laundering? Are they mentioned negatively in the media, or tied to politically exposed persons (PEPs)? 
  2. Geographical risk – Particular risks relevant to a country or location, such as vulnerability to money laundering. This may include not only the customer’s residence or a business’s country of incorporation, but also the country where their main business is conducted, or jurisdictions where they have relevant personal links.
  3. Product, services and transaction risk Products or services that pose a higher risk of money laundering due to their nature and features. To what extent is anonymity encouraged? Are multiple people or jurisdictions involved without clear reasoning? What is the value and size of the transaction – is it unusual for this customer? 
  4. Delivery channel risk How firms interact with the customer, or the channels used to provide a product or service. This may be online, face-to-face, or through agents or intermediaries – all posing different levels of risk. The regulatory status of agents or intermediaries could impact overall customer risk.
In the US, the Financial Crimes Enforcement Network’s (FinCEN) CDD Final Rule clarifies and strengthens customer due diligence requirements. It requires applicable financial institutions to establish and maintain written policies and procedures that are designed to:
  • Identify and verify the identity of customers
  • Identify and verify the identity of the beneficial owners of companies opening accounts
  • Understand the nature and purpose of customer relationships to develop customer risk profiles
  • Conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information

Dynamic AML Customer Risk Assessment

An ongoing assessment of customers is needed to help firms mitigate money laundering risk, but what is suspicious for one customer won’t be for another.  Some general behaviors that may raise a red flag, or prompt a re-evaluation of a customer risk assessment include: 
  • Changing banks a number of times in a short space of time 
  • Attempts to disguise the real owner of the business
  • Requests for short-cuts or unusual speed in transactions
  • Involvement of a third-party funder with no connection to the business 
  • A large amount of private funding from an individual running a cash-intensive business
  • False or suspicious documents used
  • A large amount of cash transactions inconsistent with the profile of the customer
  • Business transactions involve countries with a high risk of money laundering and/or funding of terrorism
  • Overly complicated ownership structures
  • Inconsistent level of business activity
Firms need to more accurately flag suspicious actors and activities. To do so, they need to understand the importance of dynamic risk assessments and have the data and technology to enable this. Misclassification of low-risk customers as high risk, and inaccurate or insubstantial KYC information gathering, can dilute the effectiveness of AML measures - and a wholly manual and complex process may not be enough to guarantee the results needed. Firms should consider simplifying the architecture of their risk models and introducing statistical analysis to complement expert judgment. Machine learning algorithms can improve the quality of data and help continuously update customer profiles, while considering behavior and additional factors. [cta_card title="Scale your business with a robust AML KYC solution" cta_img="" category="" bodytext="Automate customer onboarding and monitoring with a real-time AML risk database & an effective AML KYC solution." cta_text="Find out more" cta_url="https://complyadvantage.com/customer-screening-and-monitoring/"]

Originally published September 23, 2022, updated September 23, 2022

Disclaimer: This is for general information only. The information presented does not constitute legal advice. ComplyAdvantage accepts no responsibility for any information contained herein and disclaims and excludes any liability in respect of the contents or for action taken based on this information.

Copyright © 2022 IVXS UK Limited (trading as ComplyAdvantage).