Customer Risk Assessments (CRAs) are fundamental to running a compliant business, preventing financial crime and a priority of the Financial Conduct Authority (FCA). They help financial institutions identify, assess and mitigate the risks associated with their customers and ensure that they have appropriate anti-money laundering/counter terrorism financing (AML/CTF) measures in place.
Most firms today use models based on an assessment of risk factors such as customer information; geographical aspects such as residence, incorporation or location of the premises; products and services, estimated or transactions; and the distribution channel. The risk categories have a risk weighting assigned to each and together are used to calculate a risk-rating score and establish customer’s risk profile.
Regulators around the world, including the FCA, are paying more attention to risk assessments and encouraging innovative approaches to combat financial crime. So how can firms improve their risk assessments without overburdening their compliance teams?
Use a Holistic Approach
As frameworks adapt and grow with a business, there is a tendency for them to become too complex. Different lines of business might use different risk-rating scales and different risk factors might be used for different market segments. This can reduce the accuracy of risk scores as well as increasing the complexity, cost of monitoring and review.
Firms can reduce these issues by taking a more holistic approach to their Customer Risk Assessments, whilst still recognising unique elements represented by various products, services or customer types. By aligning all business areas to a consistent set of risk factors, firms can then determine the specific factors that are relevant for each line of business. Doing this not only makes risk assessments more effective, but it also increases efficiency across the business.
Build a proportionate framework
More controls do not necessarily mean better protection from financial crime. Firms should decide which risks they are willing to accept versus those that will be outside their risk appetite. Additionally, firms must evaluate effectiveness of their control mechanisms to ensure financial crime risks are appropriately managed.
Firms should also look at the impact of controls on the customer experience, particularly in respect of advantages of their service. For example, are there alternative solutions and controls that meet regulatory requirements whilst lessening the impact on the customer?
Firms need to do more than react to the regulatory requirements and attention from regulators. Anticipating risks and protections, firms should be continuously reviewing and updating their approach.
Keep the assessments up to date
Assessing a risk of a business relationship, is one of the key parts of customer due diligence. It is important that firms review the assessment on a regular basis and avoid a stereotypical approach of only risk rating at the start of the relationship. Customer circumstances can change at any point during the course of the relationship and firms are responsible to identify these changes and re-assess how they may impact the risk rating initially assigned.
Make the assessments meaningful
Whilst the assessment process itself is important in understanding a true customer risk profile, it is equally important to use a risk-based approach in using the results of the assessments. For example, what is the difference in KYC/KYB approach for a customer rated as low risk, as opposed to a high-risk customer.
Review Data Quality
Poor data quality is a significant issue for customer risk-rating models. Incorrect know-your-customer (KYC) information, missing information, and erroneous business descriptions impair the effectiveness of screening tools and needlessly raise the workload of compliance teams.
Regular reviews on the quality of data, and particularly false positives, can help firms continuously improve the quality of their data and the efficiency of their monitoring.
How Neopay can help
If you need advice or help with creating, reviewing or enhancing your Customer Risk Assessments or other aspects of your regulatory compliance, we can help. Neopay leads the market in providing regulatory compliance support for e-money and payments firms.
We offer a range of support tailored to the needs of e-money and payments firms, including Virtual Compliance Support providing ongoing expertise and audits focused on specific FCA priorities, helping your firm reduce risk from FCA scrutiny in a cost effective and practical way.
If you’d like to know more about how we can assist you with your policies and procedures and ensure your framework is compliant, or any other regulatory compliance matters, please contact our specialist team here.