Client risk assessment

‍Why client risk assessments matter

Risk assessments help you focus AML checks where they’re needed most. They protect your firm from being misused and reduce the chance of missing suspicious activity or facing penalties. A simple, structured approach is essential for compliance and your team’s efficiency.

How to assess client risk

Client risk is shaped by multiple factors, which are listed in the Money Laundering Regulations 2017 (MLR 2017). These include:

• The client themselves
  
  
• The transactions involved
  
  
• The services being provided and how they are delivered
  
  
• The geographical location of the client or their activities
  
  

Your firm is required to assess these factors and if the overall risk is high then apply enhanced due diligence (EDD).

1. Client risk factors

According to MLR 2017, you must consider whether the client:

• Operates in unusual circumstances
  
  
• Is resident in a high-risk country
  
  
• Is structured to hold personal assets or uses nominee shareholders
  
  
• Runs a cash-intensive business
  
  
• Has a complex or opaque ownership structure
  
  
• Is applying for residence or citizenship in exchange for investment
  
  

These types of clients don’t always pose high risk — but they do require closer attention and justification if assessed as low risk.

2. Transaction risk factors

You should assess whether:

• Transactions favour anonymity or involve third parties
  
  
• Payments are routed in unusual ways
  
  
• Transactions are not face-to-face
  
  
• The goods or services relate to high-risk items (e.g. precious metals, cultural artefacts, or armaments)
  
  

Understanding how funds move in and out of the business helps you stay alert to activity that doesn’t make commercial sense.

3. Service and delivery risk factors

Ask yourself whether the services you're providing:

• Involve limited face-to-face contact
  
  
• Are unusual or new for your firm
  
  
• Involve the formation of companies or provision of nominee directors or shareholders
  
  
• Could enable anonymity or disguise ownership
  
  

A remote relationship doesn’t always mean higher risk — but it can limit your ability to understand the client properly, and that matters.

4. Geographical risk factors

You must consider whether a client or their business:

• Operates in or is linked to countries with high levels of crime, corruption, or terrorism
  
  
• Is from a country on the FATF’s high-risk country lists
  
  
• Is subject to sanctions or embargoes

‍

Additional risk considerations

Ownership transparency and business complexity

Difficulties in identifying beneficial owners — especially through layered or complex structures — should raise concern. If ownership is hard to explain or justify, or if you can't see a clear commercial rationale, this should impact your assessment of the client’s risk.

International structures and unclear supply chains also heighten risk, particularly when sanctions or high-risk goods may be involved.

Client cooperation

If a client delays or avoids providing information — particularly after you’ve explained your obligations — that should raise a red flag. Lack of cooperation may suggest an attempt to obscure identity or activity.

Use of client accounts

If your firm operates a client bank account, this should only be used where clearly linked to services you're providing. Regular use of a client bank account for payments or payroll increases your exposure and should be carefully justified and documented.

Higher-risk services in accountancy

Your firm should be aware of the accountancy services most often exploited for money laundering, including:

• Company formation and termination
  
  
• Bookkeeping that could create misleading records
  
  
• Payroll services
  
  
• Acting as a trust or company service provider (TCSP)
  
  
• Providing addresses, nominee directors or shareholders
  
  

Criminals are attracted to the credibility that accountants bring — so your firm may be targeted to help ‘legitimise’ illegal funds.

Service delivery and remote interaction

Lack of in-person contact may limit your ability to verify documents, assess business premises, or build familiarity. If this weakens your visibility, it should increase the assessed risk.

Summary

Client risk assessments are a fundamental part of your firm’s AML framework — and help you decide how much due diligence to apply. The goal is to protect both your firm and the public.

To manage client risk effectively:

• Assess each client individually
  
  
• Understand risk factors across clients, transactions, services, and geography
  
  
• Be alert to changes over time
  
  
• Document your rationale clearly — especially when choosing not to apply enhanced checks
  
  
• Use available templates and guidance, and ensure your team understands how to apply them
  
  

This article was summarised by the Firmcheck content team. The original content was written by an independent AML expert and is available on our blog.

‍

‍