Client/vendor risk scoring is generally a dynamic process that gets initiated at customer on-boarding and continues over the lifecycle of customer relationship. However, I assumed that for the sake of simplification the example given in this article focus on the on-boarding risk scoring, which after initiation of the business relationship that often fluctuates while the business relationship continues. Current financial sector applications supporting e.g. AML/CFT risk management engage for the purpose dynamic scoring algorithms that not only apply AI for risk assessment but also often regularly recalculate the scoring based on both the external update of risk related data sets, eg. evolving Sanction Lists, but also internal changes amongst the clients of the bank. AI often uses the function of the statistical normal distribution to determine the risk model at any given time, taking into consideration variables such as the vector of a change of scoring for each of the customers in the client portfolio.
In order to visualise what I am describing above please see below a very simplified risk rating model for a number of variables describing a given client/vendor to be considered at the on-boarding:
Once we have decided on risk rating of each of the variables we can think of the consequences of the final rating that indicates the risk scoring of our client. For the sake of simplicity I have decided to add the risk variables applicable for a given client/vendor, but all it really depends on our risk appetite – i.e. the risk levels we do not accept – and the normal distribution of oir client risk rating, i.e. we need to decide which clients are gonna be our high risk category. In order to visualise this consideration let’s start with another picture:
Let’s imagine, our client/vendor is a Limited Liability Company registered in Germany, operating in Germany, with no adverse press coverage, no PEPs in ownership and control structure, no Sanctions presence amongst UBOs and managers, the client/vendor is doing business across the EU and EEA and e.g. also in China and India, with limited government exposure. Based on this information our risk scoring, due to China footprint and the interactions with government would oscillate somewhere in Medium Risk zone, which is a mainstream of risk exposure, i.e. that is perfectly fine. Later on the risk rating would evolve depending on the relationship history with the client/vendor, and based on our risk appetite, having little to do with government, we could even decide to go for low risk, due to the relationship history profile. Again, all depends on the risk taking appetite of ours. For the same client/vendor present on Sanctions lists, we would not take the risk, as we would go above 70 risk points. If there are PEPs amongst the UBOs, we would get to the High Risk category. But all the outcomes depend on our risk taking appetite, risk rating assignment to the variables and the regulatory environment in which which we operate.
More on risk based approach to come soon …