AML Risk Scoring: Understanding the Essence

Mažvydas Miliauskas
Mažvydas Miliauskas
March 27, 2024
Risk scoring

AML risk scoring is a model used by financial and other institutions to assess the level of money laundering risk associated with a particular customer.

By assessing the different factors, companies can identify high-risk customers and take appropriate measures to prevent fraudulent activities. There is no single anti money laundering (AML) risk scoring model or methodology that fits for all organizations. Why? Simply because the business context across all organizations is different.

Different business context

AML risk scoring model depends heavily on the industry in which the company operates, the customer base it serves and the company’s appetite for risk:

  • Industry

Banks need to tailor the AML risk scoring model. They need to do this to reflect the risks relevant to account-based relationships. This is because other industries, such as insurance, cannot use the identical model.

  • Customer portfolio

The AML risk scoring methodology used for scoring retail customers cannot apply to corporate customers/legal entities.

  • Risk appetite

Imagine that the bank has been present in the country for many decades. It is likely to have a large proportion of low-risk customers. Therefore it makes sense for it to have a lower risk appetite. However, smaller institutions tend to have a higher risk appetite, so they can expand and survive in such an environment.

Factors to consider in AML risk scoring

When assessing the risk of money laundering, terrorist financing and other crimes, the organization’s AML risk scoring methodology must also take into account the following four factors:

  1. Customer risk factors

    These are those factors related to the customer’s profile that could increase the risk to the organization. For example, is the customer a politically exposed person, or a PEP (read our blog post about PEP screening), or a family member of a PEP? Is the customer resident or non-resident? What is the age and employment status of the customer? Is the customer a vulnerable customer (e.g. the elderly are more susceptible to all types of fraud)?

  2. Product and service risk factors

    These are the factors that relate to the customer’s use of the organization’s products and services. For example, what products do they use? Do they expect to use higher risk products, such as cash deposits and withdrawals? If so, what is the estimated amount for the full year? 

  3. Risk factors related to delivery methods

    These are risk scoring factors related to the channels through which the organization’s products are offered to the customer. Does the organization have a face-to-face interaction with the customer, or is the relationship only through digital channels? Perhaps the organization offers both channels?

  4. Geographical risk factors

    These are risk scoring factors that relate to the geography of the customer. For example, does the customer plan to send or receive cross-border transactions to/from high-risk jurisdictions? Is the country on the FATF and/or European Union list of high-risk jurisdictions? In which country was the customer’s identity document issued, and could these jurisdictions expose the organization to certain types of sanctions (e.g. if the customer’s identity document was issued by North Korea or Iran, this factor should increase the organization’s sanctions risk)? What about other countries such as Colombia or Mexico? What ML/TF typologies come to mind?

Risk spectrum development

Once identifying the risk factors in all four categories, it’s time to create the risk spectrum for available scenarios and determine their risk level. For example, if the customer is a domestic PEP who lives and works in the same country, does this customer pose a higher ML/TF (or more specifically, bribery and corruption) risk than an international PEP who travels to different countries and regions? 

What about cash withdrawals? Imagine an elderly client who has survived multiple currencies being used in the country during his lifetime, and many local banks going bankrupt. Do these events play a role in the way such a population currently manages their finances? Does an elderly person have the right not to fully trust the current banking system and withdraw 100 or 200 euros each month simply because he prefers to buy food at the farmers’ market and leave tips in cash rather than with a card? Does this customer pose the same ML/TF risk as someone who runs a small construction business and wants to withdraw €10,000 a month? Should they be placed in the same customer risk bucket?

Introducing AML rating system

The final step is to assign appropriate weights/scores to these risk factors. And combine them into a single overall AML risk score. 

But why is this important? Some risk factors are more important than others, so they should receive a larger share of the score. Improperly balanced weights could attract unwanted attention from regulators. And expose the organization to fines for artificially lowering the risk level of the customer and forcing higher risk customers to undergo the EDD process. Let’s look at how these weights can affect the same scores and the overall risk rating.

Rating system


Scenario 1

Scenario 1 has evenly distributed weights across the 4 risk factors and results in a score of 6.5. These weights are not bad, but it is possible that this scoring engine did not produce the desired result. For example, the creator may have intended the final score for this particular consumer scenario to be higher, resulting in a score of at least 7. Does this mean that the scoring methodology itself is bad? Well, no.

Scenario 2

If we adjust the weights to those given in Scenario 2, we would get the desired result without rebuilding everything. By doing this, the organization is drawing attention to the fact that more weight is being given to the categories that are most relevant to their business. 

Scenario 3

Scenario 3 may seem odd at first glance and requires further explanation to the reader. Let’s say the organization uses weights from scenario 1 or 2 on a daily basis. However, the customer is an international PEP and represents a high risk of bribery and corruption to the organization. So the customer risk factor has been given the maximum available risk score of 10/10. If the methodology requires the EDD process to be triggered only when the score is 8 or above, then the standard scenarios 1 & 2 will not deliver the intended result. Therefore, Scenario 3 could act as an extension of Scenarios 1.1 or 2.1. If a single category or factor needs to increase the risk, it can override other remaining scores. And the customer would automatically be assigned the maximum score, forcing them to go through the EDD process. 

Scenario 4 provides an example of how the risk score for the same customer could be artificially reduced by focusing only on the area where the risk score contains the lowest score. 

Appearance of the risk scoring system in the AMLYZE platform
Appearance of the risk scoring system in the AMLYZE platform

Summing up AML risk scoring

There is no one-size-fits-all solution for customer AML risk scoring. Each organization develops its own AML risk scoring model tailored to its size, business model complexity, and risk appetite. Moreover, the dynamic and volatile nature of the financial crime environment necessitates continual advancement in AML/CFT processes to better detect indications of possible wrongdoing without disrupting day-to-day business operations.

Static risk scoring falls short in meeting the demands of institutions to stay ahead of evolving risks and the expectations of regulatory bodies. Recognizing this gap, dynamic risk scoring, which accounts for the ever-changing nature of customer behavior, emerges as the latest trend that AMLYZE is exploring. We commit to keeping you informed about the latest trends. Stay updated by following our articles.

Read more a related blog post about AML risk assessment and its importance to AML/CFT compliance programmes. Or check out the capabilities of AMLYZE’s Customer Risk Assessment module.

About the author

Mažvydas Miliauskas
Mažvydas Miliauskas
Mažvydas is AMLYZE contributing author. CAMS certified high achiever who is passionate about financial crime compliance, ML/TF typologies and enterprise risk management.


AML fines

AML Fines: Recent Most Famous Cases

Review of the world's largest recent AML/CFT fines and penalties. Valuable lessons learned from recent AML violations.
by Mažvydas Miliauskas
10 min read

Empower your compliance

Let us know how we can help

    Fill in the form bellow to contact us

    Why request a demo?

    It doesn’t matter whether you are interested in a complete end-to-end AML/CFT solution or just a single module from our range. We can help.

    Experience up to a 62% reduction in false positives

    Benefit from a library of over 100 risk rules

    Complete investigations in 3x less time than manually

    Save up to 3 hours per STRs/SARs filing

    Access a library of over 200 pre-defined scenarios