Customer risk ratings (CRR) was a hot topic at the ACAMS Annual AML and Financial Crime Conference that garnered many discussions both in and out of the plenary session. As mentioned in my blog about the keynote session, a customer rating based on one category, such as country, is not adequate. Two customers who live in the same country but have different transaction patterns are likely to have different risk profiles.
Instead, institutions need to look at various aspects of a customer’s profile, including their PEP (politically exposed person) status, adverse media on or subpoenas issued for the customer, whether any prior SARs (suspicious activity reports) have been filed on the customer, and standard fields such as their geography (country), occupation/industry and which products/services they use.
The panel agreed, however, that there are many challenges including:
- Availability and quality of risk intelligence data
- Ability to view customer data across the enterprise
- Judgmental nature of the risk rating process and the importance of governance to ensure it functions as planned
- “CRR model” management
- Potentially high costs of managing CRR and EDD (enhanced due diligence)
- Evolving regulatory guidance
There is also the issue of volumes of false positives and the process to review and triage these to address the real and most pressing issues.
Many institutions are still updating their CRR base on a timed schedule: every year for high-risk customers, two years for medium-risk customers, and three years for low-risk customers. This can leave them open to additional money laundering risks. What should be done instead is to use a trigger-based approach, like real-time transaction monitoring, to better find suspicious transactions or bad actors and update the CRR accordingly.
At the end of the session, key takeaways for the audience included:
- CRR is an evolving program
- Document your control environment
- It is important to do periodic reviews and linking
- Data quality is extremely important
- There must be a feedback loop between customer risk and transaction monitoring results
Contact us today to learn more about how Alessa can help streamline compliance tasks such as identifying customer risk ratings and more.