When managing AML/CTF risks, we are all used to see several main factors in the traditional customer risk assessment methodologies which help to identify and assess the overall customer profile, including:
customer aspects (e.g., professional activity, industry sector, legal entity structure);
geographical factors (e.g., country of residency/incorporation, area of operations);
product/services, and delivery channel (e.g., present or non-present, or via an intermediary).
Have you been managing AML/CTF risks associated with digital engagement effectively?
In today’s lives, however, when everybody is talking about being more digital, approaches to digital customer lifecycle risk management joined the game.
The recent Guidance on Digital Customer Lifecycle Risk Management issued by the Wolfsberg Group provides great insights on how an Financial Institution can utilize Digital Customer Lifecycle Risk Management to manage the financial crime risks associated with non-face-to-face digital engagement effectively.
A quick check list if you on the correct path is to consider the following:
Have you built a more holistic customer profile via a wider concept of identity that complements elements required under AML/CTF regulation with additional identity attributes? Is it always in line with customer consent and applicable data protection regulation?
Do you map the variables behind the holistic customer profile to internal or external data sources capable of alerting you about changes? Is your systems architecture built in a way that facilitates the regular updating and tracking above mentioned changes under a risk-based approach?
Is the risk-based decision implemented and used in building the underlying customer profile (do distinct approaches to identification, verification, and authentication exist?)?
Have you developed a robust strategy focused on the KPI for digital customer lifecycle risk management approach?
Are you collaborating with competent authorities on digital initiatives aimed at increasing access to high quality identity data?
Are you using innovative technology for customer lifecycle risk management? Is the design and use of the technology developed in such a way that fit for purpose, secure, reliable, privacy preserving, consent based and accessible to consumers, and complies with relevant regulatory and policy requirements?
Comentários