How To Prioritize Risk During Customer Onboarding

Customer onboarding is any financial institution’s first line of defense when tackling money laundering and financial crime. Before providing access to their services, firms must legally vet new clients for money laundering, terrorist financing, and sanctions evasion. As a result, organizations invest billions of dollars in building and deploying anti-money laundering and counter-terrorist financing (AML/CFT) processes at onboarding.

Part 1 of The Compliance Team’s Guide to Customer Onboarding discusses best practices for identifying, prioritizing, and mitigating risk during this preliminary stage. These crucial steps form the foundation for any successful compliance program, so teams should regularly refresh their knowledge and test their program against the fundamentals. 

Implementing a risk-based approach

Since not all risk is created equal, compliance staff should be careful not to treat all threats with the same urgency and importance. Instead, firms should implement a risk-based approach (RBA) to deploy systems and risk management protocols that are flexible enough to devise an effective, proportionate response to different levels of risk. 

This process encompasses recognizing the existence of relevant threats, undertaking an assessment of the risks, and developing control strategies to mitigate and monitor them. In doing so, firms can improve compliance and lower the function’s overall cost by reducing the need for intervention where the threats are less severe. 

How to rate risk

At the time of onboarding, compliance staff also need to figure out what level of risk any given client or transaction presents. As part of a firm’s RBA, a risk-scoring approach can be employed to identify four levels of risk that directly impact the decision of whether to accept the new client and what level of due diligence to apply.

Organizations typically set out their tolerance for certain customer types in their risk appetite statement, taking into account all elements of financial crime, including bribery and corruption, AML, and sanctions legislation. 

Risk ratings are usually derived as a composite of the three main types of risk: Client, Geography, and Product. To ensure the customer type is correctly classified, many organizations use recognized Standard Industrial Classification Codes (SIC) published by authorities in their jurisdiction. Some clients can be deemed high-risk depending on factors such as the customer’s industry and their residential status. Similarly, firms may rate jurisdictions for risk based on publications from the Financial Action Task Force (FATF). Each product or service also carries a different level of risk. For example, private banking and correspondent banking are considered a higher risk, as transactions may be confidential and attempt to mask ownership.

Uncover more risk management best practices throughout each section of The Compliance Team’s Guide to Customer Onboarding, including:

• How to determine what level of due diligence is appropriate for different customers
• The importance of understanding ultimate beneficial ownership (UBO) structures
• How to report potentially suspicious behavior
• What training is required to equip new onboarding team members properly

After reviewing all five sections of the training, test your knowledge with a questionnaire and receive a completion certificate you can share with your LinkedIn network.