ACAMS: The Challenge of Customer Risk Ratings


Customer risk ratings (CRR) was a hot topic at the ACAMS Annual AML and Financial Crime Conference that garnered many discussions both in and out of the plenary session. As mentioned in my blog about the keynote session, a customer rating based on one category, such as country, is not adequate. Two customers who live in the same country but have different transaction patterns are likely to have different risk profiles.


Instead, institutions need to look at various aspects of a customer’s profile, including their PEP (politically exposed person) status, adverse media on or subpoenas issued for the customer, whether any prior SARs (suspicious activity reports) have been filed on the customer, and  standard fields such as their geography (country), occupation/industry and which products/services they use.


The panel agreed, however, that there are many challenges including:

  • Availability and quality of risk intelligence data
  • Ability to view customer data across the enterprise
  • Judgmental nature of the risk rating process and the importance of governance to ensure it functions as planned
  • “CRR model” management
  • Potentially high costs of managing CRR and EDD (enhanced due diligence)
  • Evolving regulatory guidance


There is also the issue of volumes of false positives and the process to review and triage these to address the real and most pressing issues.


Many institutions are still updating their CRR base on a timed schedule: every year for high-risk customers, two years for medium-risk customers, and three years for low-risk customers. This can leave them open to additional money laundering risks. What should be done instead is to use a trigger-based approach, like real-time transaction monitoring, to better find suspicious transactions or bad actors and update the CRR accordingly.


At the end of the session, key takeaways for the audience included:

  • CRR is an evolving program
  • Document your control environment
  • It is important to do periodic reviews and linking
  • Data quality is extremely important
  • There must be a feedback loop between customer risk and transaction monitoring results


Contact us today to learn more about how Alessa can help streamline compliance tasks such as identifying customer risk ratings and more.

Schedule a free demo

See how Alessa can help your organization

100% Commitment Free

Schedule a free demo

See how Alessa can help your organization

100% Commitment Free

Recent Posts

AML geographic risk

Assessing AML Geographic Risk

Learn more about a methodology used by financial institutions on how to interpret an AML country risk rating assessment.

Please fill out the form to access the webinar: