How Customers are Risk Rated to Prevent Crime

As we begin the year 2020, institutions should put in place measures to determine the risk their customers pose to them. This is because, in today’s emerging risks and challenges of doing business, financial institutions are exposed to money laundering, terrorist financing and sanctions/ regulatory risks leading to the need to institute and/ or adopt preventive measures to mitigate the risks.

One of the ideal ways is to monitor every transaction customers perform through the institution but due to the limited resources available to institutions, this cannot be the case in practice. Millions of transactions occur every day throughout the world, meaning that institutions constantly receive vast amounts of data that need to be analyzed. KYC risk ratings allow for institutions to quickly and efficiently sift through this information and concentrate on the ones which possess the highest risk. Moreover, there are some customers who are more important than others and require much resources and attention to be allocated to them.

Another important reason for KYC risk rating is that, it allows institutions to make a prediction of what they believe a customer’s account should look like in the future. This is useful for determining whether something is unusual, out of place or suspicious. If a customer’s transactions begin to diverge significantly from the institution’s predictions, the institution will know to further analyze the transactions for suspicious behavior or activity.

At the onboarding stage, where a business relationship is being established, institutions must gather as much data as they can about their customers and analyze them to determine the KYC risk rating (whether high, medium or low) of that specific customer. If the risk rating is high, that client will be consistently and closely monitored. If the risk rating is low, the client will still be monitored, but not as diligently. The determining of the risk rating of a customer will differ from institution to the other because of the weight attached to each risk factor.

Identifying the inherent money laundering risk of an institution’s products and services, the channel via which the products and services are carried out, customers, and the geographic locations in which the institution and its customers operate is the first step in developing an effective AML/CFT compliance program. It is only after these risks are identified and analyzed that an institution can begin to develop a compliance program tailored to and commensurate with the risk profile of the institution.

In determining the risk rating of a customer, institutions especially financial institution should consider the customer, the product and service they offer, the channels via which these products and services are deliver and the location whether the institution and customers operate from or are residing as the four major risk factors.

The customer (whether retail or corporate) possesses a money laundering and terrorist financing risk which the institution need to identify and mitigate. The following factors must be considered.

• What type of identification card did the customer present to establish the business relationship? Also can the identification card be verified? Identification cards that cannot be verified possess a high risk than those that can be verified.
• How was the customer sourced? Is it a walk-in or marketed customer? Remember customers who walk in to establish a business relationship possess high risk to the institution than the ones the institution market for. Was the relationship established through the phone, any electronic platform such as mobile banking, USSD, website, mail etc?
• Were all the parties present or only a few people represented the lot before establishing the business relationship? Knowing all the parties (not only their identity cards) helps to identify any beneficiary owner and reduces the risk.

It should be noted that, some customers by their nature are considered high risk no matter what the above factors may say. These customers include Politically/ Financially Exposed Persons (PEPs/FEPs), Cash intensive business (retail stores, restaurants), dealers in precious metals, casinos, accountable institutions (financial institutions, insurance companies), gatekeepers (lawyers, accountants), real estate business, NGOs and associations, money transfer service operators etc.

The next factor to consider when determining the risk rating of a customer is the type of product and/ or service requested by the customer. The following factors must be considered:

• What type of account product is the customer requesting for? Is it savings accounts or current account?
• What type of service is the institution rending to the customer? Is it private banking or normal banking service? Is the customer interested in a safe custody services?
• Does the product or service allow unlimited third party funds to freely be received into it? Remember product and/ or service through which unlimited third party funds are freely received are viewed as being at risk of abuse by money launders especially without evidence of the identity of the third party being taken.
• Does the product allow a customer to readily convert cash into monetary instruments?
• Do the product and/ or service allow a customer to readily move value from one jurisdiction to another and which conceals the source of fund?
• What purpose is the use of the products or service?

The following type of products and/ or service are considered high risk: Money Transfer Service, Letter of Credits, Safe Custody/ Safety Deposit Boxes, Domiciliary Accounts, Private Banking Service, Wire Transfers Services, Travelers’ Cheque, Money Order, Cashier Cheque, Value Card, Correspondent Banking Services, Payable Through Account, Loan and Advance, Import Financing, Leasing, Life Insurance Products, Balance Fund, Equity fund, Commodities fund, Perpetual fund, Equity-linked investment and many others.

The channel(s) through which the product and/ or service selected by the customer will be delivered should be factored in the risk rating of the customer. Question such as the following should be asked:

• Can the customer still use the product or service without coming to the institution?
• Is the channel able to identify the actual beneficial owner of the account?

In trying to find answers to the above questions, the following channels are considered to be high risk: Internet Banking, Mobile Banking, USSD Banking, ATMs, Push and Pull services, POS Terminals, Remote Cheque Depositing Capture.

The last but not the least factor to consider in risk rating a customer is the geographic location of the customer. Consider the following in assessing the geographical location risk of the customer:

• How far is the customer from the branch of the institution the customer want to do business with?
• What is the National AML/CFT Risk Assessment of the location the customer stays or operates business from?
• What is the nationality of the customer or origin of the business? Is it a drug (contraband) producing nation, drug transshipment country, drug using country, country linked to terrorist financing or secrecy jurisdictions and tax havens?
• Is the customer a resident or non-resident?

OFAC and other agencies maintain watch lists of countries where there is a higher risk of money laundering and terrorist financing, and knowing whether its transactions go through these countries is an important risk factor for any institution. Also, the National AML/CFT Risk Assessment of Ghana points out certain locations in Ghana (such as Ashaiman, Nima, Sodom & Gomora) as high risk of money laundering and/ or terrorist financing activities.

All these factors are assign weights (depending on the risk appetite and profile of the institution) and the combinations of these factors determine the overall risk rating of the customer.

In summary, risk rating a customer, helps the institution allocate its resources effectively and efficiently in the fight against money laundering and terrorist financing.

Would you mind doing me a favor? Share this article with someone so that the awareness of money laundering and terrorist financing could be spread to avoid being use as a conduit by criminals.

If you require further information on this article, please contact Richieson @richieson.gyeniboateng@gmail.com