Skip to main content Skip to navigation

The State of Financial Crime 2024: Download our latest research

Risk-based approach to AML

AML Compliance Knowledge & Training

A risk-based approach to AML is key to effective compliance programs around the world.

Financial institutions face an expanding spectrum of money laundering threats, and modern financial criminals have a range of tools at their disposal to avoid countermeasures put in place to stop them. Accordingly, to balance efficiency and cost needs with compliance obligations, financial institutions must be able to respond to threats on a contextual basis. The most effective way to achieve that objective is to take a risk-based approach, meaning an AML compliance program tailored to each customer’s individual levels of risk exposure.

History of the risk-based approach

Before introducing risk-based approaches to AML, banks and financial institutions would manage their compliance obligations using a ‘checkbox’ approach – that is, simply fulfilling a standardized list of AML requirements for every customer. While that standardized approach prevailed in the 1990s, the UK’s Financial Services Authority (FSA), first proposed a “risk-based” approach in its 2000 publication A New Regulator for the New Millennium. The concept of risk-based AML was first implemented in 2007 by the Financial Action Task Force and further codified in its 2012 update to the International Standards on Combating Money Laundering and the Financing of Terrorism and Proliferation – also known as the ‘40 Recommendations’.

The FATF’s 2012 endorsement of the risk-based approach to AML set the global standard and ensured its ongoing use across all FATF member-states.

Customer Onboarding Guide

Read our Guide to Customer Onboarding

This 5-part training series is designed to enable you to mitigate risks you may encounter during the customer onboarding process. Learn more and earn a certificate at the end.

Read the Guide

Principles of the risk-based approach to AML

In principle, the risk-based approach to AML shifts the focus of AML compliance from post-analysis of data to proactive judgment. Financial institutions must work on an ongoing basis to understand the money laundering threats they face and deploy commensurate measures to manage their risk exposure.

In practice, this means that customers may be classified individually by their risk exposure – and that ‘higher risk’ customers are under greater levels of AML scrutiny. Broadly, the risk-based approach to AML allows financial institutions to:

  • Recognize the existence of risk
  • Perform assessments of risk
  • Develop and deploy strategies to address risks

Implemented effectively, the risk-based approach allows for a balanced integration of human judgment and smart technology in the AML compliance process.

Performing a risk assessment

An accurate risk assessment is central to the risk-based approach to AML. Two distinct categories of risk inform financial institutions’ compliance efforts. The first is the idea of geographic risk: the vulnerability to money laundering threats that countries face at a national level. The second is the idea of individual risk, the specific risks financial institutions face from their clients, and how their internal AML process manages that risk. In performing risk assessment, financial institutions must take into account:

  • Vulnerability: What money laundering and criminal threats – such as drug trafficking or gambling – is the firm exposed to?
  • Infrastructure: Does the firm have blind spots or administrative gaps that allow money launderers to thrive?
  • Regulations: Does the firm properly understand and satisfy its regulatory obligations?

Business Specifics: Are there more specific risks to which the firm might be exposed – for example, those presented by specific customers, products, or geographic locations?

How does the risk-based approach to AML work?

In compliance with the FATF recommendations, financial institutions must implement a risk-based AML program that includes a number of important measures, each designed to identify individual customers and clients accurately, and the businesses in which they are involved. In more detail, financial institutions must:

  • Develop and implement suitable know your customer (KYC) and customer due diligence (CDD) measures to verify that customers are who they say they are and are being truthful about the business they are engaged in.
    • KYC and CDD are foundational principles of risk-based AML: high-risk customers may be subject to enhanced CDD measures for which more identifying information is required.
  • Screen new and existing customers against domestic and international sanctions lists such as the United States’ Specially Designated Nationals (SDN) List and the United Nations’ consolidated list.
  • Screen against politically exposed persons (PEP) lists: when a client’s political status changes, their money laundering risk profile often changes.
  • Screen for Adverse Media: if a customer is the subject of negative news anywhere in the world, their AML risk profile may also change.
  • Appoint an AML Compliance Officer: the individual appointed to this position must hold sufficient authority within the company to identify and act on money laundering threats.

Ongoing monitoring: The risk-based approach to AML compliance is a process, which means customers should be subject to ongoing monitoring throughout the business relationship. Ongoing monitoring is important because customers’ risk profiles can change over time. Financial institutions must be able to react to new levels of risk exposure to ensure emerging money laundering threats are identified as quickly as possible.

Tools to help with the risk-based approach

Automate onboarding and monitoring processes, whilst minimizing false positives, by utilizing a live global AML database of Sanctions and Watchlists, Politically Exposed Persons and Adverse Media.

Request Demos

Originally published 16 August 2019, updated 12 February 2024

Disclaimer: This is for general information only. The information presented does not constitute legal advice. ComplyAdvantage accepts no responsibility for any information contained herein and disclaims and excludes any liability in respect of the contents or for action taken based on this information.

Copyright © 2024 IVXS UK Limited (trading as ComplyAdvantage).