4.1.1.2. Assessment of the Inherent Risk of the Customer Base
Effective from 11/11/2021In addition to assessing individual customers, LEH should assess the inherent ML/FT risk of the customer base overall.
| 1. | IDENTIFY: LEH should identify categories or types of customers that pose elevated risks. Under Chapter 16 of the Standards, the categories identified will depend on the specific customer base of the LEH and may include but are not limited to: customer types like dealers in precious metals and stones (DPMS), customers that qualify as Designated Non-Financial Businesses and Professions (DNFBPs), cash-intensive businesses which are rated as high-risk4, PEPs, and customers with ties to high risk jurisdictions. LEH should also include as a customer segment those customers who have been off-boarded or refused service due to ML/FT suspicions. | |
| 2. | ASSESS: LEH should assign a risk rating (for example, low risk, medium risk, etc.) to each customer category or type identified above. In assessing the risk of each category or type, LEH should consider: | |
| • | Guidance published by the FATF; | |
| • | The potential exposure of customers in each category to illicit funds; and | |
| • | The features of each customer type that make them useful to illicit actors. | |
| 3. | CALCULATE EXPOSURE: The LEH should then determine its exposure to the customer categories or types identified and rated above. LEH should consider the proportion of their entire customer base that is made up of each category of customer, the proportion of all transactions carried out by each category of customer, and the total value of all transactions carried out by each customer as a proportion of the LEH’s total transaction volume. The institutional risk assessment should also take into account the individual customer risk-ratings and the proportion of higher or lower risk customers within that group. Where a LEH has large exposure to higher-risk customer types and to higher-risk customers as assessed by individual risk ratings, its overall inherent risk will generally be higher. | |
| 4. | DOCUMENT: A LEH’s approach to categorizing risk should be clearly documented. The LEH should keep detailed records of its assumptions, statistics used to complete this process, and the resulting analysis and outcomes. | |
4 For more details and information, please refer to the CBUAE’s Guidance for Licensed Financial Institutions providing services to Cash-Intensive Businesses available at https://www.centralbank.ae/en/cbuae-amlcft