Customer Risk Assessment

A which is a part of the . It answers questions templated by to obtain a risk classification for the customer relationship.

"A documented customer risk assessment is required for every customer, regardless of when the business relationship was established. Similarly, the regular reviews of CRA required by the Code also need to be recorded.

The purpose of conducting a risk assessment for each of a relevant person’s customers is to assist relevant persons to understand how a particular customer exposes them to ML/FT risk and enable them to apply their procedures appropriately to that customer in order to effectively mitigate the ML/FT risk that customer poses. Relevant persons should seek to obtain a holistic view of the business relationship/occasional transaction. This will require gathering enough information, including enhanced CDD where appropriate, to be satisfied that they have identified all relevant risk factors (including those listed in the Code) for assessment and mitigation. It is prudent for relevant persons to start from a position of higher risk and mitigate risk factors accordingly as the CRA is undertaken. "

Section 2.2.9

When a customer risk assessment is started, the most appropriate in the context of the can be chosen. This informs what questions the risk assessment will ask. Some organisations may only have one policy, or may have many for use in different contexts.

Once the appropriate customer risk assessment policy is chosen, it is used as a template for the risk assessment questions, which team members can then fill out.

Relevant Legislation/Guidance

- 6 Customer risk assessment

(1) A relevant person must carry out an assessment that estimates the risk of ML/FT posed by the relevant person’s customer.

(2) A customer risk assessment must be —

(a) undertaken prior to the establishment of a business relationship or the carrying out of an occasional transaction with or for that customer;

(b) recorded in order to be able to demonstrate its basis; and

(c) regularly reviewed (details of any review must be recorded) and, if appropriate, amended so as to keep the assessment up-to-date.

(3) The customer risk assessment must have regard to all relevant risk factors, including —

(a) the business risk assessment carried out under paragraph 5;

(b) the nature, scale, complexity and location of the customer’s activities;

(d) the risk factors included in paragraph 15(5) and (7);

(e) the involvement of any third parties for elements of the customer due diligence process, including where reliance is placed on a third party;

(f) any risk assessment carried out under paragraph 9(4); and

(g) whether the relevant person and the customer have met during the business relationship, or its formation, or in the course of an occasional transaction.

Also refer to section 2.2.9

PreviousIntroducers NextRelationship Approval

Last updated 8 days ago