In the course of the year 2025, ACAS will conduct training on risk rating models to assist AML/CFT CFP reporting persons with rating the risks particularly Customer Risk-Rating (CRR) process, as part of a wider move to a truly risk based approach.

 

Reporting Entities are required to risk-rate each new customer during the Customer Due Diligence process. This framework aims to strengthen the management and mitigation of risks within financial institutions by providing a more structured approach to customer risk assessments. These entities must also maintain a record of the customer’s risk ratings and periodically review them as part of wider ongoing CDD obligations.

 

The approach as to how Reporting Entities will risk rate clients is likely to remain flexible while a flexible approach is desirable, it can also lead to uncertainty for AML/CFT/CFP Compliance Officers and teams. One of the key challenges for Reporting persons will be developing a consistent methodology for risk-rating their customers. This involves creating a meaningful risk methodology, ensuring the accuracy of data used in the assessments, and providing adequate training for staff involved in the process.

 

Additionally, reporting persons will need to validate and calibrate their risk-rating methodologies to avoid under or over-estimating risk long term.

 

A dynamic risk-scoring system will be essential; one that encompasses evolving transactional patterns, behaviors, and interactions to provide an accurate reflection of a customer’s risk over time.

 

Given the scale of the risk based approach, we recommend that Reporting persons begin planning and implementing their customer risk rating as a matter of urgency. Preparing ahead will help ensure compliance and enable organizations to effectively manage the risks associated with ML/TF/PF.