How to prioritize AML risks during customer onboarding

Customer onboarding is any financial institution’s (FI’s) first line of defense when tackling financial crime. Before providing access to their services, firms are legally obliged to vet new clients for risks relating to money laundering, terrorist financing, and sanctions evasion. As a result, they invest billions of dollars in building and deploying anti-money laundering and counter-terrorist financing (AML/CFT) measures at client onboarding. 

However, not all AML risks are created equal. The challenge facing any FI at onboarding is how to accept new customers and achieve business growth in a way that ensures compliance with AML regulations. To avoid wasting resources on ultimately insignificant threats – and, in doing so, restricting growth – compliance teams should be careful not to treat all threats with the same approach and urgency. Knowing how to prioritize AML risks is essential. 

A risk-based approach (RBA) is a foundational principle of AML onboarding, with systems and risk management protocols that are flexible enough to produce an effective, proportionate response to different levels of risk. This means recognizing the existence of relevant threats, undertaking risk assessments, and developing control strategies to mitigate risks. By reducing the need for intervention where threats are less severe, firms can improve compliance while lowering the overall cost. 

3 steps for prioritizing AML risks

1. Develop an AML risk assessment framework

Firms should ensure they are well prepared to conduct onboarding by carrying out a business-wide risk analysis, pinpointing the areas in which they are most likely to face risks, and outlining the procedures to be carried out when this happens. While risk assessments should be overseen by a compliance officer, teams across the firm should be trained on an ongoing basis to prioritize and respond to risks effectively. 

Firms also need to find an AML risk solution that enables them to assign risk scores to potential clients, ideally with the help of software that streamlines the process as much as possible and automates tasks that would slow the compliance process down if done manually.

Crucially, money laundering and terrorist financing methods are constantly evolving, which means that FIs’ AML risk assessments cannot afford to stand still. Instead, they should be updated and refined in response to new data and information on money laundering and terrorist financing threats. 

2. Identify AML risk factors

When prioritizing AML compliance risks during client onboarding, organizations need to know what they’re looking for. Risk factors that can affect prioritization decisions typically consist of the following:

Client risk

Certain clients present a higher money laundering risk than others due to their status, occupation, or past activity and therefore may require enhanced due diligence (EDD) at onboarding. These types of clients include: 

• Politically exposed persons (PEPs). 
• Those with previous involvement in money laundering or other criminal activity. 
• Money transfer agents, casino employees, and others involved in cash or cash-equivalent businesses. 
• Import and export companies.
• Travel agents.
• Unregulated charities, particularly if they operate across borders. 
• High-value dealers or businesses.
• Arms dealers and their intermediaries. 
• FIs, including virtual currency exchanges. 
• Public work contractors and construction businesses.

Geographic risk

Because some jurisdictions have weak AML/CFT legislation, are known to be offshore financial havens, or have high levels of corruption, drug trafficking, and other predicate crimes in money laundering, a potential customer’s location factors into their risk status. 

While there is no definitive global approach to identifying high-risk geographic locations, if a jurisdiction features on lists such as the Financial Action Task Force (FATF) ‘black’ and ‘grey’ lists, or a list of sanctioned or embargoed entities maintained by governments or international bodies like the United Nations, this is enough for them to be deemed high-risk. 

Product and service risk

Part of a risk-based approach to onboarding involves identifying which of the products or services you offer are more likely to be targeted for money laundering or terrorist financing so new relationships in these areas can be prioritized for risk assessment. 

Products or services that allow clients to conceal their identity or operate anonymously, act independently independently of oversight, or transact with third parties should be considered high-risk. Examples include: 

• Private banking services. 
• Correspondent banking services. 
• Precious metal trading services. 
• Foreign exchanges. 
• Wire transfer functions. 
• Loan guarantee schemes. 

Onboard customers and scale up securely.

Don’t let complex regulations slow down your growth. Our free guide gives you simple, practical approaches to customer onboarding.

Get your copy

3. Assign AML risk levels

Compliance staff must classify clients based on the risk level they represent. As part of a firm’s RBA, risk scoring can be used to label four levels of risk that influence whether a client is accepted and what level of customer due diligence (CDD) is applied to them during onboarding. 

Low risk

If none of the risk factors described above are found to apply to a client during know your customer (KYC) checks, then the client can be identified as low-risk, and the onboarding process can proceed as normal.

Medium risk

Some risk factors may be discovered during onboarding that warrant further investigation without necessarily being taken as evidence of involvement in money laundering or terrorist financing (or as an indication of future involvement). In these cases, the risk level can be classed as medium.

High risk

The discovery of multiple or more severe risk factors can lead to a client being judged as high-risk, and in these cases, firms must conduct EDD to determine whether or not they can begin a business relationship with the client.

Proscribed

A clear, direct risk of money laundering and terrorist financing prevents a firm from doing business with a client. Where suspicious activity relating to money laundering or terrorist financing has been discovered, firms must report this to the relevant authority.

Classify and prioritize risks with advanced AML solutions

ComplyAdvantage’s Mesh platform transforms the ability of FIs to prioritize AML risks during onboarding, with both customer and business screening powered by automation and market-leading data. Mesh gives organizations: 

• A cloud-based solution that draws on our proprietary risk database to provide true visibility into suspicious activities and AML risks. 
• Advanced matching algorithms, powered by AI, that screen clients for adverse media, enforcement data, presence on sanction lists or watchlists, and PEP status. 
• Fully configurable customer screening for compliance officers to meet risk and cost of compliance goals. 
• Automated event and customer risk rating, with fully configurable and dynamically updated risk scores that detect and respond to updates affecting customer risk profiles in near real-time.