While its true risk scoring is a customer due diligence (CDD) enabler, if it’s done right, it can be so much more than that. Risk scoring can open new revenue opportunities for banks because it can build better relationships and trust.

A customer’s risk score should be mapped against a risk rating/band (e.g., low, medium, or high). This way a customer carries both a numerical score and a risk rating. In doing so, financial institutions (FIs) provide the risk of their customers to regulators, know if they are operating within their risk appetite, and apply the correct policies and procedures for each risk band. Banks gain a more accurate view of who the customer is and the risk level they pose which enables them to decide which products they can offer to different risk cohorts. If a customer is incorrectly labeled as a high risk level an FI may be reluctant to offer them certain financial products or services. This is a missed revenue opportunity for the FI if the customer is in reality a medium or low risk. 

Here’s why customer risk scoring impacts the effectiveness of a bank’s AML compliance efforts and enables them to better serve both their new and existing customers.

What is Customer Risk Scoring

Customer risk scoring is part of the Know Your Customer (KYC)/Customer Due Diligence (CDD) pillar of an AML framework. The goal of any customer risk scoring procedure is for FIs to understand the risk that a customer (or potential customer) poses to their organization both when they onboard with the bank and across the entire customer lifecycle. 

As part of the CDD process, customer risk scoring involves reviewing a customer’s background and his behavior to arrive at their score. The risk score is based on:

  • Demographic Review: This includes checking attributes like nationality, occupation, length of time with the FI, date of birth, residential and mailing addresses, occupation, credit score (amongst others).  
  • Customer Screening: Customer screening is critical to CDD as it allows FIs to continuously guarantee that the commercial relationship with each customer remains permissible under their jurisdiction. Each customer of the FI is required by regulations to continuously be subjected to screening against multiple watchlists.
  • Operational Patterns: Banks must review any record of fraud alerts, suspicious activity reports (SARs), suspicious transaction reports (STRs), or other red flags that are related to the customer’s behaviors.
  • Transactional Patterns: Banks should review their customer’s source of wealth and consider if it makes sense with respect to their occupation or location. This includes analyzing whether transactions make sense taking into consideration the customer risk profile.

Problems with Customer Risk Scoring

This process is highly complicated and can create several challenges for banks to obtain accurate and reliable scores. Banks typically face three core challenges when it comes to measuring and tracking risk scores.

1. Customer Risk is Fluid

It’s important to note that a customer’s risk score is not set in stone after the initial onboarding stage. Instead, it’s fluid as customers change throughout their lifecycle with the FI. A customer could receive a medium risk score at onboarding – but shift to high risk over time if they perform a series of risky activities. Because customer risk can quickly change, banks need systems that continuously analyze their customers’ behaviors and update scores.

2. Conventional Tools are Insufficient

The fluidity of customers’ risk highlights the second-biggest problem banks face: getting the right tools for the job. Many CDD tools are often ineffective because they don’t continuously monitor how a customer’s patterns are evolving and how these changes affect their risk score. For example, a customer that onboards with a medium risk score/rating, may experience a change in risk profile overnight (e.g, if he becomes listed on a sanctions list or moves to high-risk location). If a bank only performs customer risk scoring on a yearly or quarterly basis, fraud and AML teams won’t be able to adjust their monitoring rules or know that a high-risk customer is transacting on their platform until it’s too late. Alternatively, it can also lead to incorrectly classifying low- or medium-risk customers as high risk.

3. Regulations are Vague, but Penalties are Severe

Finally, banks face a regulatory landscape that is frequently changing and intentionally vague. The expectations for banks to fulfill their KYC/CDD obligations can be unclear, which forces many banks to take a reactive approach to compliance. Some financial institutions develop their own solutions using multiple sources of information (both dynamic and static) that make it very challenging to monitor and react to customer risk score changes. This approach can also contribute to silos emerging within an organization as different solutions struggle to communicate with each other – and makes it even more difficult to comply with current regulatory requirements. While regulations might be complicated, regulators can still issue serious penalties for non-compliance. In other words, banks face a potential minefield in which it’s almost impossible to know how to move forward safely.

Tips for Banks to Improve the Customer Risk Scoring Process

Culturally, banks have viewed CDD as a “check the box” activity that an FI only has to perform during onboarding and then periodically. But banks have an opportunity to reconsider their traditional view of risk scoring, a move that could open new revenue streams, protect their reputation, and enable banks to understand who their customers are and how they normally transact.

Improve Data Quality

Having a robust set of data is foundational for CDD and risk scoring. The data should also be easily available and clearly formatted. Without a robust dataset, your bank’s models just won’t work. Even your current processes will prove to be ineffective if you don’t have proper data practices in place. Make sure your bank embraces the right data tools to enhance your risk scoring capabilities.

Invest in a Robust Risk Assessment Model

Banks have an opportunity to embrace a robust risk assessment model that aligns with their core mission and quickly responds to new regulations, even if they are unclear. Perform a risk assessment to understand your organization’s risk appetite and ensure it’s aligned with business goals and your product portfolio. This insight enables you to decide if a customer’s risk level makes sense for their business goals or the geographical regions where they operate.

Practice Continuous Monitoring

Let’s face it: a lot can happen in between periodic reviews. If even one customer shifts to risky or ethically questionable activities in between review periods, your bank may not realize it until the next review period, which could be years later. It is better to have a simpler model in place, with fewer variables that can continuously monitor a customers’ activity for any red flags for financial crime. 

The focus of risk-scoring shouldn’t be limited to how and when banks should issue alerts and raise red flags. Implementing a robust risk-scoring model will enable banks to develop a deeper understanding of who their customers really are, how they transact, and open new business opportunities by trusting their customers with their portfolio of products and services. 

Download our eBook 6 Crucial Capabilities to Protect the Online Customer Journey to learn how continuous authentication ensures customers are consistently who they claim to be.