Risk-Based Approach (RBA)
What the risk-based approach means in AML/KYB, how to apply proportionate due diligence, and regulatory expectations.
2 min read
The risk-based approach is a regulatory principle requiring institutions to allocate compliance resources proportionate to the level of risk each customer or relationship presents.
Core Principle
Not all customers present equal risk. RBA means:
- Higher-risk relationships → more scrutiny (EDD)
- Standard-risk relationships → standard procedures (CDD)
- Lower-risk relationships → streamlined procedures (SDD)
Risk Factors
Customer Risk
| Factor | Higher Risk Indicators |
|---|---|
| Entity type | Shell companies, complex structures |
| Ownership | Opaque ownership, nominees, bearer shares |
| Industry | Cash-intensive, high-value goods, gaming |
| PEP status | Beneficial owners or controllers are PEPs |
Geographic Risk
| Factor | Higher Risk Indicators |
|---|---|
| Jurisdiction | High-corruption countries, weak AML regimes |
| Sanctions | Countries under comprehensive sanctions |
| Tax | Secrecy jurisdictions, tax havens |
Product/Service Risk
| Factor | Higher Risk Indicators |
|---|---|
| Transaction type | International transfers, correspondent banking |
| Delivery channel | Non-face-to-face, third-party introducers |
| Value | High-value or unusual transaction patterns |
Regulatory Expectations
FATF and regulators expect institutions to:
- Identify and assess inherent risks
- Design controls appropriate to those risks
- Document risk assessment methodology
- Update assessments as risks evolve
RBA and KYB
For KYB, RBA means:
- Not every business gets the same verification depth
- Risk scoring drives the due diligence level
- Resources focus where risks are highest