/
AML/CTF Risk Rating

AML/CTF Risk Rating

What is Customer Risk Rating?

Customer Risk Rating is the score and label (Low / Medium / High) assigned to each customer to indicate their potential money‑laundering or terrorism‑financing (ML/TF) risk as part of Customer Due Diligence (CDD). Ratings are assigned during onboarding, using evidence from identity verification (IDV) and risk signals such as PEP/sanctions/adverse media checks, and optional customer data fields.

In greenID, ratings are calculated by applying configurable scores to individual attributes (e.g., “PEP = Match = +50”), then summing these scores into an overall rating band (Low, Medium, High). The process uses your existing greenID verification workflow—no separate pre‑checks or bespoke flow changes are required.

Why it matters

  • Regulatory alignment: Australia’s AML/CTF Amendment Act 2024 (effective 31 March 2026, mandatory by 31 March 2029) clarifies expectations that reporting entities assign an evidence‑based customer risk rating during initial CDD. Your methodology should be documented, repeatable and proportionate to your business‑wide ML/TF risk assessment.

  • Operational consistency: Attribute‑based scoring provides a consistent, auditable approach at scale, reducing subjectivity and manual effort at onboarding.

How the rating is calculated in greenID

1) Inputs (attributes)

The model can use any of the following inputs available from your greenID verification plus optional customer‑provided fields:

  • IDV Outcome (e.g., Verified, In Progress, Pending Review, Lockout)

  • Watchlist Screening results, including PEP, Sanctions and Adverse Media statuses (e.g., Match/Positive Match, Match Review Required, False Positive)

  • Trust Alert signals (e.g., Flagged / Not flagged)

  • Custom attributes (e.g., high‑risk occupation, channel/product, high‑risk countries) that you define.

2) Scoring

Each attribute value is assigned a numeric score—positive values increase risk; zero leaves it unchanged; negative values can be used to neutralise interim statuses (e.g., “Match Review Required”) according to your policy.

Illustrative examples (you can customise these in your configuration):

Attribute

Value

Example Score

Attribute

Value

Example Score

IDV Outcome

Verified

0

IDV Outcome

In Progress

+30 [

PEP Screening

Match / Positive Match

+50

Sanctions Screening

Positive Match

+50

Adverse Media

Positive Match

+50

Trust Alert

Flagged

+50

Custom: Occupation

High‑risk occupation list

+50

Custom: Country

High‑risk countries

+100 (example)

Tip: The Risk Rating Configuration Template (Excel) contains editable bands and example rule rows—use it to define your production scoring rules and document governance.

3) Rating bands

Total score is mapped to a rating band. Example defaults (customisable):

  • Low: 0–50 (Green)

  • Medium: 51–100 (Amber)

  • High: 101+ (Red)

4) When the rating updates

Ratings update dynamically during the onboarding verification journey as new information (e.g., screening outcomes, IDV state) becomes available.

Worked examples

Example A – Low risk

  • IDV Outcome: Verified (0)

  • PEP: No Match (0)

  • Sanctions: No Match (0)

  • Adverse Media: No Match (0)

  • Custom attributes: none (0)
    Total = 0 → Low (Green)

Example B – Medium risk (screening signal)

  • IDV Outcome: Verified (0)

  • PEP: Match/Positive Match (+50)

  • Sanctions: No Match (0)

  • Adverse Media: No Match (0)
    Total = 50 → Medium (Amber) (within 51–100 band if you increase any score slightly; adjust thresholds to your policy).

Example C – High risk (multiple indicators)

  • IDV Outcome: In Progress (+30)

  • Sanctions: Positive Match (+50)

  • Adverse Media: Positive Match (+50)

  • Custom: High‑risk occupation (+50)
    Total = 180 → High (Red)

Best‑practice tips

  • Align to your business‑wide risk assessment: The attributes and weights you select should trace back to ML/TF risks your organisation faces.

  • Keep documentation current: Store the configuration template and change history under your AML/CTF programme documentation.

  • Tune and test regularly: Validate that typical customer cohorts fall where expected; watch for score inflation or excessive “High” rates that create manual workload.

  • Plan for case management: Decide how interim Match Review Required states affect the score until investigators confirm Accurate Match vs False Positive.

FAQs

Q: Does the rating update after onboarding if new data arrives later?
A: Ratings update during the onboarding verification journey as new checks complete.

Q: Can we add our own attributes?
A: Yes. Use Custom Attributes for items such as high‑risk occupations, channels/products, or country lists. You can assign your own scores and rule names.

Q: What are the default rating thresholds?
A: Example defaults are Low (0–50), Medium (51–100), High (101+). You can change both thresholds and colours.

Q: How are watchlist results handled?
A: You can score initial matches, incorporate Match Review Required as an interim state, and then use Accurate Match or False Positive post‑case‑management to drive the final score.