US Regulators Advise Banks to be Smarter About Managing AML Risk

5 mins

The US financial regulators called on banks and credit unions in the country to follow a risk-based approach to assessing customer relationships and to avoid blind de-risking.

De-risking is a practice followed by financial institutions wherein they decide to end or restrict business relationships with clients (with certain perceived money laundering/terrorist financing risks) rather than managing such risks. This can have an effect on financial inclusion.

The reminder came in a joint statement on July 6 by the Financial Crimes Enforcement Network (FinCEN), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC) and the Board of Governors of the Federal Reserve System.

The federal agencies noted that their statement neither alters the existing Bank Secrecy Act/Anti-Money Laundering (BSA/AML) requirements nor establishes new supervisory expectations.


‘No Customer Type Presents a Single Level of Uniform Risk’

The regulators ascertained that customers engaged in lawful activities should have access to financial services. They also reaffirmed that “no customer type presents a single level of uniform risk, or a particular risk profile related to money laundering, terrorist financing, or other illicit financial activity”.

While the statement did not mention any particular customer type as victims of de-risking practices, it listed out some common cases such as independent automated teller machine (ATM) owners or operators, foreign individuals, charities and non-profit organisations, professional service providers, cash-intensive businesses, nonbank financial institutions and customers the bank considers politically exposed persons (PEPs).

Earlier on June 22, FinCEN issued a statement to inform banks on how to apply a risk-based approach to conducting customer due diligence (CDD) on independent ATM owners or operators. The announcement came after some independent ATM owners and operators reported difficulty obtaining and maintaining access to banking services, jeopardising their services.


A Risk-based Approach to CDD

The agencies said banks must apply a risk-based approach to CDD – collecting, verifying and evaluating relevant information about a customer or potential customers to avoid AML/CFT risks.

Customer relationships present varying levels of financial crime risks, depending on the presence or absence of numerous factors, including facts and circumstances specific to the customer relationship. However, not all customers of a particular type automatically represent a higher risk of money laundering, terrorist financing, or other illicit financial activity.

When developing the risk profiles of their customers, banks must adopt appropriate risk-based procedures, they said. The procedures will enable banks to:

  • Understand the nature and purpose of customer relationships to develop a customer risk profile
  • Conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, maintain and update customer information.


Managing Customer AML Risk

Before onboarding customers and throughout the customer lifecycle, financial institutions must assess AML risk based on factors such as occupation, income sources, and the products used. They conduct customer due diligence and monitor the risk ratings throughout a customer’s lifecycle to make informed decisions on potential money laundering cases.

Banks usually do an identity verification and risk assessment for their individual and corporate customers by collecting various details about them. The process ensures they are not doing business with people or institutions involved in financial crimes such as money laundering and terrorist financing. Banks collect as much data as they can about their customers, analyse the information they obtained, determine their risk and provide a risk rating.

Customers with a high-risk rating are closely monitored for their actions. Low-risk customers are also monitored but not as diligently as high-risk customers. Even after onboarding a customer, banks periodically update their database about customers. Typically, they do data updates for high-risk customers more frequently than low-risk customers.


Challenges of Current Risk-rating Models

Many existing customers risk rating models are not robust enough to capture the complexities of modern-day customer risk management. Customer risk ratings are either carried out manually or are based on matrices that use a limited set of pre-defined risk parameters. This leads to inadequate coverage of risk factors which vary in number and weightage from customer to customer.

Furthermore, the information for most of these risk parameters is static and collected when an account is opened. Often, customer information is not updated in the required format and frequency. The current models do not consider all the touchpoints of a customer’s activity map. They inaccurately score customers, failing to detect high-risk customers and often misclassifying thousands of low-risk customers as high risk.

Misclassifying customer risk leads to unnecessary case reviews, resulting in high costs and customer dissatisfaction. Adding to this, the static nature of the risk parameters fails to capture the changing behaviour of customers and dynamically adjust the risk ratings, exposing financial institutions to emerging threats.

Read More: A Guide to De-risking AML

Dynamic Customer AML Risk Assessment with Tookitaki

In an increasingly complex financial services landscape, with growing sophistication in criminal activity, institutions and organisations need to evaluate customer risk for regulatory compliance and due diligence.

Keeping that in mind, we have developed a Customer Risk Scoring (CRS) solution as one of our award-winning Anti-Money Laundering Suite (AMLS) modules. The module streamlines operations and increases the effectiveness of risk mitigation efforts. It provides holistic risk coverage for each customer, with data ingested from multiple internal and external sources.

The major features of the solution are:

  • Comprehensive Risk Profiling: It helps build complete profiles of your customers, using up to 90 rules (including regulatory rules) as your business needs require.
  • Effective Risk Review: It helps you effectively manage risk via a comprehensive and holistic view of customers, their relationships and historical activity. The solution uses a risk-based approach to score customer risks on a scale of 0-100.
  • Flexibility and Scalability: You may configure the criteria and frequency of your customer risk scoring to suit your business and operational needs. The solution can be automated to risk profile new customers and re-score customer risk based on profile changes and changes in rule settings, among others.

As regulators are becoming more stringent globally around AML compliance, strengthening the AML systems remains among the top priorities. Our CRS solution enables financial institutions to realise benefits with dynamic customer risk scoring, leveraging advanced machine learning models for improved effectiveness of customer due diligence.

To learn more about our CRS solution and its unique features, speak to one of our experts today!