AUSTRAC expects a risk based approach. Here is how to weight geography, customer type, service and channel into a defensible client risk rating that drives the right level of due diligence.
The risk based approach is the organising principle of the AML/CTF regime: focus your effort where the money laundering and terrorism financing risk is highest, and be able to explain why.
There are two layers of risk assessment. The firm wide (enterprise) risk assessment evaluates the ML/TF risk across your whole business, the services you offer, the customers you serve, your delivery channels and your geographic footprint. The customer risk assessment then rates each client against the same lens. The firm wide assessment sets your risk appetite and controls; the customer assessment applies them case by case.
AUSTRAC guidance points to a consistent set of risk factors. A defensible model considers:
Score each factor, apply a weighting that reflects your firm wide assessment, and resolve to a clear outcome, typically Low, Medium or High. The rating is only useful if it is consistent (the same inputs produce the same result) and documented (you can show how you reached it).
Sometimes the model and professional judgement differ. A robust framework allows a rating to be overridden, but requires the reason to be recorded and, for material changes, approved. Undocumented overrides are an audit risk; documented ones demonstrate active risk management.
Risk is not static. Ratings should be refreshed at a frequency driven by the rating itself (higher risk customers more often) and whenever a trigger event occurs, a change in ownership, a new sanctions or PEP match, adverse media, or a shift in transaction behaviour.
See how ClearTrace operationalises AML/CTF compliance for Australian reporting entities, from onboarding to audit ready records.
Practical guidance from AccSource's compliance team. No spam.