Higher-risk customers: What are the expectations?
In recent years, examiners have increased their focus on how financial institutions handle higher-risk customers, expecting financial institutions to have effective processes and procedures in place to identify and manage them. Failure to do so can result in regulatory scrutiny and penalties.
What’s the difference between higher risk and high risk?
If your institution has had a recent examination, it’s likely that examiners asked for a list of higher-risk customers. This list differs from your institution’s high-risk customer watchlist, with an important distinction between the two.
Higher-risk customers are new or existing customers that inherently pose a higher risk to the institution for money laundering, terrorist financing or other illicit activity due to the nature or type of industry in which the business operates and the types of products and services it offers.
High-risk customers are new or existing customers identified as high-risk by the institution after collecting and analyzing customer due diligence (CDD) and enhanced due diligence (EDD) and have been added to the institution’s high-risk watchlist. These customers are subject to recurring monitoring reviews.
Both types of customers pose elevated risks, but the difference lies in the level of scrutiny and monitoring applied by the financial institution.
Examples of higher-risk customers
While no specific customer type is automatically high-risk, some may be characteristically higher risk:
- Foreign financial institutions
- Nonbank financial institutions and money service businesses
- Politically exposed persons, both foreign and domestic
- Nonresident aliens and foreign persons
- Entities located in higher-risk geographic areas
- Nonprofit organizations and charities
- Cash-intensive businesses (convenience stores, restaurants, bars, retail stores, liquor stores, car dealerships, vending machine operators, privately owned ATMs, etc.)
- Marijuana-related business entities
Due diligence and monitoring
Financial institutions can identify and manage higher-risk customers by implementing robust CDD and EDD processes. Obtaining relevant CDD enables institutions to understand the nature and purpose of customer relationships, develop risk profiles and make informed decisions about the appropriate level of monitoring. Additionally, based on the customer’s risk profile, the institution may choose to conduct EDD to obtain additional information on the account holder.
Remember that due diligence is not a one-and-done process. CDD, EDD and risk profiles should be reevaluated as the institution identifies changes in the customer’s behavior throughout the duration of the relationship. This includes even long-term, well-known legacy customers.
Common pitfalls to avoid
When managing higher-risk customers, institutions should be aware of common missteps to steer clear of:
- Not conducting the appropriate level of due diligence
- Treating all higher-risk customers the same without consideration of individual risk profiles
- Failing to conduct adequate ongoing monitoring
- Not updating due diligence or revisiting the risk rating of existing customers
- Not providing training to staff on higher-risk indicators and due diligence requirements
Maintaining effective processes and procedures to identify and manage higher-risk customers is an essential part of the institution’s Anti-Money Laundering and Countering the Financing of Terrorism program.
How Wipfli can help
If your financial institution does business with higher-risk customers, Wipfli can help keep you secure and compliant. Let us assist you in reviewing your policies and procedures related to higher-risk customers. We are here to provide guidance in helping your institution to comply with examiner expectations. Contact us today to get started.
