Money laundering presents a significant challenge in today’s economy – and to the financial institutions seeking to combat it. Financial institutions invest heavily in measures and solutions to identify clients involved in money laundering and to comply with regulations. Yet, as the complexity and sophistication of financial crime increases, penalties and fines persist.
Using client risk rating models is one of the primary ways financial institutions detect money laundering. Unfortunately, while operationalizing client risk rating models, financial institutions often face challenges relating to inaccurate risk ratings and the resulting increased level of effort. This article seeks to provide insight into what client risk rating models are and how financial institutions can address the issues that arise from them.
What are client risk rating (CRR) models and how do they work?
Client risk rating models typically classify the client into a certain risk category (e.g., low, medium, high) based on a set of client risk factors, such as source of wealth, source of funds, client domicile, transaction behavior, complex ownership structures, high-risk industries, negative news, wealth volume and politically exposed person status. The perceived risk from the perspective of anti-money laundering (AML) is reflected in the client’s client risk rating and typically drives how the financial institution monitors that client through varying degrees of due diligence during the whole lifecycle from onboarding, periodic review to offboarding.
To properly capture AML risk financial institutions should ensure the model considers all relevant risk factors and to potentially add an additional weighting to those factors that contribute to a higher degree of AML risk. In addition to weighting for those factors which have a very high correlation with AML risk, financial institutions will also set automatic “high” risk triggers if a certain factor or combination of factors are met.
There is no one-size-fits-all approach to client risk rating models. Each financial institution has its own complexities with differing regulatory requirements, business lines and geographical footprint. Financial institutions with a global footprint or operations across multiple business lines (e.g., wealth management, investment banking, asset management, retail banking) will have an increased degree of complexity in their model. They have to contend with many dependent questions and potential varying ways to apply risk factors to different lines of business. Furthermore, the approach to the model often differs across financial institutions. An example of a simpler model is a “risk point” model. This typically associates a certain amount of risk points (e.g., 1, 2, 3) to each risk factor and after adding all the points up, and considering automatic “high risk” triggers, the client is assessed relative to the classification thresholds (e.g., low, medium, high). More complex or advanced models are common in financial institutions with a higher degree of variety in the client base due to differences in business lines. Although models may differ across institutions, the primary focus should be to ensure that all relevant risk factors are included in the model, that the financial institution can manage the complexities associated with its respective model and that the model can be properly tested and calibrated to identify AML risk.