Illustration showing magnifying glass examining people in a pyramid. Demonstrating how the banking industry and financial services organizations should take a risk-based approach to anti-money laundering (AML).

No two banks are alike. They differ by size, customer base, products and services, geographic locations, and level of risk their organization is willing to assume. Given these factors, a “one-size-fits-all” approach to anti-money laundering (AML) has become increasingly outdated in the banking industry. Instead, embracing a risk-based approach to AML gives financial services organizations the autonomy and flexibility to pursue their own risk strategies.

Why a Risk-Based Approach to AML is Necessary

Today, many financial institutions understand that every customer, transaction, and business operation carries unique money laundering risks. But that doesn’t mean customers with higher risk should be turned away or riskier products and services avoided. Banks willing to accept the risks associated with these individuals, businesses, and transactions should be able to do so as long as they have appropriate controls.

The risk-based approach to AML recognizes the individuality of each entity and financial activity. It rests on the principle that no singular risk level envelops all. Instead, it acknowledges that certain customers or transactions carry varying degrees of risk, requiring a tailored strategy for each scenario. 

Empowering Financial Institutions with Choice

A pivotal tenet of the risk-based approach is the understanding that high-risk customers are not inherently bad actors or engaged in illicit activities. In fact, they could be desirable clients for the bank, such as high-net-worth individuals or firms in emerging growth industries. Therefore, they should not be treated as criminals attempting to launder money or commit related crimes. Instead, they should be treated as valued clients with unique characteristics that must be factored into AML controls. Similarly, expanding the banks’ business into higher-risk products or regions may present commercial opportunities with acceptable AML risk if managed appropriately.

This perspective is crucial in financial services. Banks willing to embrace this perspective can engage with higher-risk customers, launch innovative products and services, and expand their business internationally without compromising AML compliance. This nuanced approach disrupts the assumption that high risk is, by default, unbankable or connected to criminal behavior. It reflects a maturing understanding that calculated risks can open up lucrative opportunities for banks. Banks willing to accept calculated risks can engage with high-risk customers with legitimate reasons for their risk designation.

Factors to Consider When Taking a Risk-Based Approach to AML

Banks should evaluate several vital dimensions to make a practical risk assessment.

  • Geographic Risk: Analyze business countries, identifying regions with weak regulations or criminal activities to tailor AML controls to specific challenges.
  • Client Base Evaluation: Categorize clients based on different risk vectors such as demographics, associations, and activity patterns to allocate resources efficiently and apply tailored due diligence.
  • Products and Services: All financial products hold some money laundering risk. Assess each product’s vulnerabilities, regardless of its nature. For example, international transfers, cash transactions, and high-value loans demand diverse mitigation strategies.
  • International Jurisdictions: Transactions spanning borders introduce complexities. Assess risks tied to diverse legal systems, enhancing due diligence and controls.

Effective risk assessment isn’t uniform. It’s a multidimensional analysis encompassing geography, clients, products, and international intricacies. This insight empowers institutions to allocate resources adeptly and strategically reassess their approach to financial crime.

A Risk-Based Example: The Cannabis Conundrum

Consider the legalized cannabis industry, a prime example of how a risk-based approach revolutionizes banking. Very few banks have opted to serve legalized cannabis businesses because of their high-risk classification along with the industry’s inherent risks. However, as cannabis legalization continues to expand and gain acceptance, a risk-based approach acknowledges that these are legitimate businesses that present a commercial opportunity for FIs willing to work with this underserved, growing segment.  

A financial institution catering to legalized cannabis businesses can offer tailored products and services. However, they must simultaneously ensure that appropriate controls are in place, including targeted enhanced due diligence, monitoring to prevent the misuse of funds in jurisdictions where cannabis is not fully legalized, and additional processes for the required regulatory reporting. This exemplifies the essence of a risk-based approach – recognizing the legitimacy of high-risk businesses while mitigating their unique risks.

5 Tips for an Effective Risk-Based AML Approach

The risk-based approach to AML has been in practice for some time now. However, the banking industry can take several important steps to effectively implement this approach with maximum benefit.

1.  Shift to Granular, Perpetual KYC/CDD 

Shift from macro-level risk assessments to a more granular approach. Customize your Know Your Customer (KYC) and Customer Due Diligence (CDD) processes based on micro-level risks. Focus on applying precise controls rather than taking overarching macro decisions. Banks that haven’t implemented perpetual KYC processes should consider doing so and shifting away from cyclical risk reviews. Perpetual KYC (pKYC) enables banks to investigate event-specific changes in risk instead of waiting for a scheduled review to determine how a customer’s risk has shifted.

2. Utilize Advanced Technologies

Embrace advanced technologies, such as artificial intelligence and machine learning, to enhance the effectiveness of your risk-based approach.  Leverage these tools to ensure timely assessments and apply the right controls at the right time, with increased precision.

3. Perform More Accurate Risk Assessments 

Dive deeper into risk assessment by considering specific risk attributes of customers and leveraging data available from digital channels. Avoid relying solely on an overall risk level. Evaluate factors such as the customer’s stated and actual location, business operations, and activity patterns to tailor your due diligence and transaction monitoring approach accurately.

4. Customize Mitigating Controls

Tailor your mitigating controls to specific risk levels and the specific risks themselves. Periodic reviews should align with the type of risk involved. For instance, if a customer’s high-risk attribute is their location, monitor specific risks tied to that location. Similarly, customize transaction monitoring for businesses with high cash intensity to ensure alignment with their nature of operations.

5. Apply a Risk-Based Approach to Investigations

Recognize that not all alerts are created equal regarding their potential risk. A risk-based approach to investigation involves adopting a lighter touch for certain activities. Employ AI and machine learning to rank risks associated with transaction monitoring alerts. This smart alert prioritization allows financial institutions to allocate resources efficiently, focusing on alerts with the highest potential for uncovering suspicious activities.

A “one-size-fits-all” strategy is inadequate in an environment where risks are as diverse as the customers themselves. Moreover, it gives banks and financial institutions greater flexibility than a regulatory mandate requiring them to turn away high-risk customers or businesses. A risk-based approach to AML is a strategic imperative for modern financial institutions that shatters the myth of a uniform, rigid strategy by empowering banks to embrace flexibility and choice. 

By catering to the unique attributes of customers, transactions, and business operations, financial institutions can effectively combat money laundering and terrorist financing while fostering innovation and growth. As regulatory landscapes evolve and financial crime becomes increasingly sophisticated, the risk-based approach is the compass that guides financial institutions toward a resilient and agile future.