Skip to content


Risk Assessment

With the SCOPE CDD On Demand Risk Assessment you can easily automate your risk policy! After the initial configuration of your policy, you will obtain an unambiguous risk assessment. A time-saving solution!


According to section 2b of the AMLD, an institution must have a risk policy and record and update all the results of each risk assessment. Following the Annex III to the revised Fourth Anti-Money Laundering Directive, when making a risk assessment, an institution must in any case take into account the risk factors, this concerns:

The risk policy states which (type of) customers receive which risk “stamped” and the considerations and measures are associated with this. The data required for a risk assessment of a customer is created by combining already known customer data in besides the data obtained from external sources. The resulting risk assessment may also lead an institution to conclude that insufficient control measures are possible and that therefore certain risks should be avoided altogether.

Relevant factors for a good risk assessment

An important factor for a thorough risk assessment is good data. Incorrect or incomplete (know-your-customer) data plays a major role in the creation of incorrect risk assessments and also causes unnecessary manual work.

A risk assessment model should be clear, whether the input is (largely) automatic in an integrated system or the information is entered by the consultant. Moreover, questions should be clear and not multi-interpretable. Consistent risk assessments are only possible if the assessment is based on facts and clear questions. To ensure this, an (automated) risk assessment based on configurable business rules is required. The risk assessment is free of form, which means that the institution determines the policy itself and the risk assessment is a reflection of this policy. This policy obviously differs per institution and per sector and is subject to innovative insights and regulations.

In order to demonstrate which criteria were used at the time of the risk assessment, for example during a check or audit, it is necessary that the criteria used can be requested at all times.

How does it work?

You set up your risk sets only once. After entering the personal data, you can then choose which risk assessment set you want to use, for example, natural persons. The next step is to fill in the additional data for the risk assessment and the person or company is checked for all data entered. Finally, the risk conclusion is given (low, medium, high, no go).

Example of possible risk components

In the risk assessment of CDD On Demand you can enter the risk components yourself. This ensures that your own risk policy can be automated in the risk assessment. By this way you can link your own components to certain risk classifications. After you have entered all the parameters for all risk components, you are ready to perform the risk assessment. Basic sets are available for various industries.

Example of risk components. In the risk assessment of CDD On Demand you can enter the risk components yourself.


Several risk country lists are checked. The FATF list and the high-risk country list of the European Union can be included in this check, among others.

Client (e.g. PEP)

The compliance check within the CDD On Demand solution automatically requests data from various sources about the person and/or organization you entered. The person and/or organization is checked on various points, ranging from PEP and sanction lists to insolvency registers.


You can determine the industry risk in two ways. 1) Use the list of the SBI codes of the Chamber of Commerce to assign different risk classifications to certain sectors 2) Enter a list of high-risk sectors yourself.

Purpose and nature of the relationship

The purpose and nature of the relationship is determined by the client's objective. In the case of an asset manager, you can think of increasing assets, accruing pension or saving for children.


Assesses whether the client has a position with a higher risk of money laundering or terrorist financing. You can supply the input for this risk component yourself.

Distribution channel

The distribution channel risk includes the risks associated with the channel through which the client came into contact with you. Some channels have a higher risk than others. A distinction can be made here between direct and indirect channels through which the services and products are brought to the client. Direct distribution means that the products are delivered directly to the client and not through, for example, an intermediary. A webshop or sale through an intermediary is therefore indirect distribution. You can enter input for this risk component yourself.

Source of wealth

The source of your client's assets. This can vary from salary to home equity. In the risk assessment set you can determine which types of origin of assets you want to include in the risk assessment and which risks are associated with the different origins.  

The opinion of one of our customers!

More information

SCOPE CDD On Demand Risk Assessment Solution