CDD in 10 steps
Step 6: Risk Assessment
Reading time: 2 min.
After you have taken the previous steps, which include identifying and verifying client credentials, finding out the UBO, and checking the client risks, you are obliged to make an overall risk assessment. Based on this risk assessment you will then determine whether you want (and may) enter a business relationship with this client, or if additional client research is needed.
The risk assessment
To arrive at the right risk assessment, it is important to check whether the ultimate goals of the client make sense with their profile. To assess the risk associated with a client, there are several points to keep in mind:
- Country of origin and residence
- Clients and delivery channels
- Products, services and transactions
- Employees and the internal culture
- Third parties
Next, you should make a risk analysis in which you determine the likelihood of a risk, and its potential impact in terms of potential cost or damages.
Risk is commonly distinguished with four categories: low risk, normal risk, high risk In case of unacceptable risks, you may not enter a business relationship with this client, and you will be required to end the business relationship at the next opportunity.
Some examples of low risk transactions are standard services for individuals, pension products, and standard services for small-scale commercial relationships.
Examples of normal risk levels are bank accounts, routine international payments for medium and large enterprises, and routine services and products related to private banking. In these cases, the frequency for review can be as low as two to three years.
The high-risk category includes banking products and services which involve an increased risk (such as large cash deposits), or when your client is politically exposed.
Once you have assessed the risk of a client, you should decide whether you want to enter a business relationship with this client. When you are in a business relationship, you will need to monitor your clients against active Sanction Lists on a daily basis. More on this in the following blog: monitor the risk profile of the client!