Napier’s Head of Product Development, Nick Portalski, tells us more about the Risk-based Scorecard and how it fits into an AML system.
What is the Risk-based Scorecard?
The Risk-based Scorecard is an approach to calculate and record a customer’s risk level, in line with an organisation’s risk-based approach, policies and procedures. It captures more information than a traditional KYC system and forms part of the continuous review cycle for customers.
Why are Risk-based Scorecards useful?
Regulators around the world expect to see a risk-based approach to anti money laundering. To be effective, screening and transaction monitoring should be based on the risk the customer presents, with more resources allocated to high risk customers. The understanding of risk must also be based on actual behaviour, not just that ‘expected’ at on-boarding.
While this approach makes sense, hurdles can be in the way. Obtaining an accurate customer risk profile, for example, depends on gaining as much intelligence from available data as possible. Legacy KYC systems often only capture simple identification information and can be difficult to change.
Quite a lot of that information you will most likely have already (albeit maybe buried deep inside your data systems). A Risk-based Scorecard allows you to gather and structure the relevant information, find data gaps and generate a risk score. A customer can be “re-scored” over time to refresh the risk calculation.
What does a Risk-based Scorecard look like?
A Risk-based Scorecard is essentially two things: a form that contains all the data an organisation has identified as important to their risk assessment; and a “model” that takes all of this information and turns it into a risk score.
Different organisations will have different scorecards. Their customers are different, their risk appetite may be different, and the demands of their regulators will be different. Scorecards must adapt to each of these things in order to work effectively.
As well as holding typical KYC data, scorecards should capture additional risk factors like source of funds, products that will be used, employment, nature of the relationship and PEP status. They can also record anticipated transactional behaviour, such as number of monthly transactions, total value and approved currencies. This is invaluable when conducting future reviews to see if the customer did behave as expected.
Scorecards can be tailored to the type of entity they are scoring, whether that be, for example, a financial institution, corporate entity, government entity, individual, etc.
How is data fed into a Risk-based Scorecard?
If scorecards are being used for an existing customer base, then information is typically taken from the existing KYC/CRM systems and then augmented by relationship managers to build up the initial picture. In addition, if historical transaction information is available then an analysis of this can help to create an accurate picture of behaviour.
When scorecards are being used for new customers then the onboarding process can be tailored to capture the information required by the scorecard and risk model.
High flexibility means you can use data in a wide range of formats and from various sources.
For subsequent scorecards, the system will use data collected from screening, transaction monitoring and other databases to assess the risk presented by the customer.
What does a Risk-based Scorecard tell you?
The scorecard gives you a fine-grained, model-based risk score for a customer. Practically, that means it can be sensitive to any data point known about the customer and is easily tailored to your organisation. Regular re-scoring of a customer gives you a dynamic risk understanding – which tells you how risky a particular customer is at that moment in time. This is done in the form of a risk score, which in turn is classified according to a company-defined customer risk level: usually high, medium or low risk.
Subsequent scorecards then determine if the customer’s most recent risk score is in line with expectations. Any increase in risk should warrant further investigation.
Can a customer use false answers to create a fake risk score?
If historical data is not used to create the Risk-based Scorecard then yes, a customer could cheat their way to obtaining a low risk score. However, an effective transaction monitoring system would soon flag when the customer’s behaviour deviates from what would be expected following the data given during the risk scoring process. This situation highlights why regular monitoring, that takes the customer’s risk profile into consideration, is important.
What’s the benefit of using Risk-based Scorecards?
Risk-based Scorecards achieve a finer-grained and more accurate understanding of the risk posed by each customer, compared to traditional KYC systems. This in turn allows more effective screening and transaction monitoring with focused efforts on high risk customers. Risk-based Scorecards can also help build a case for a suspicious activity report.
What’s unique about Napier’s Risk-based Scorecards?
The Risk-based Scorecard can be used as a simple bolt-on to enhance any existing onboarding/AML system, or be run in conjunction with Napier’s AML products for a fully integrated approach with effortlessly automatic data flow.
Learn more about how Napier’s technology can help you transform your compliance processes