FATF R.10 · Risk-Based Approach
AML / KYC
8 Risk Dimensions
CRR · EDD Trigger
Customer Risk Rating Engine
Multi-factor AML/KYC risk scoring aligned with FATF Recommendation 10 (Customer Due Diligence) and the risk-based approach. Score customers across eight weighted risk dimensions — geography, PEP status, industry, onboarding channel, transaction volume, ownership complexity, adverse media, and product type — to assign a risk tier, identify EDD triggers, set a review cadence, and export an AP2-formatted CRR mandate.
Risk Dimensions
8
weighted factors
Risk Tiers
4
Low / Med / High / Prohibited
False-Positive Cost
$50–200
per over-escalated CRR review
Missed SAR Cost
$1M+
avg OFAC/FinCEN penalty
FATF Basis
R.10
CDD & risk-based approach
Value at Risk
$1M–$3B per enforcement action for CDD failures
Systemic CDD failures — undocumented risk ratings, absent EDD on high-risk customers — have produced the largest AML enforcement actions of the past decade. A calibrated, documented CRR model is a first-line defence in any FinCEN, OCC, or FATF mutual evaluation context.
Source: FinCEN enforcement actions 2024 · FATF R.10 guidance 2023 · OCC BSA/AML Manual
01 Customer Risk Rating
Score a customer profile across eight risk dimensions. Adjust dimension weights to match your institution's risk appetite. The composite weighted score maps to a risk tier and drives review cadence and EDD requirements.
Risk Factor Inputs
Jurisdiction of incorporation and principal operations
Dimension Weights
Adjust weights to reflect your institution's risk appetite. Weights are normalised; total need not sum to 100.
Risk Rating
⚖
Select customer risk factors above and run the rating engine.
Source Notes
[1]FATF Recommendation 10 — Customer Due Diligence. FATF 40 Recommendations (2023 revision). Requires institutions to identify and assess ML/TF risk using a risk-based approach. fatf-gafi.org
[2]FATF Guidance on Risk-Based Approach for the Banking Sector (2014, updated 2023). Identifies geography, customer type, product/service, delivery channel, and transaction profile as primary CRR dimensions.
[3]FinCEN SAR Filing Requirements — 31 CFR § 1020.320. Financial institutions must file SARs within 30 days of detecting a suspicious transaction. CRR directly informs SAR monitoring thresholds.
[4]OCC BSA/AML Examination Manual — "Customer Risk Assessment" section. Specifies eight risk dimensions examiners evaluate in CRR model adequacy reviews.
[5]FATF R.12 — Politically Exposed Persons. Requires enhanced due diligence for PEPs; domestic and foreign PEPs now treated equivalently under updated FATF guidance (2023).
[6]EU AMLA — Regulation 2024/1620. AMLA assumes direct supervision of high-risk obliged entities from 2027; CRR model documentation is a primary examination focus.
⚠
This tool provides AI-assisted CRR analysis for informational purposes only. It does not constitute legal or compliance advice. CRR models require institution-specific calibration, independent validation, and documented risk appetite approval. Consult qualified AML counsel before deployment.