Customer Risk Categorization (CRC)
The potential loss an asset or a portfolio is likely to suffer due to a variety of reasons is known as risk.
‘Customer risk’ in the present context refers to the money laundering risk associated with a particular customer from a bank’s perspective. This risk is based on the risk perceptions associated with the parameters comprising a customer’s profile, and the level of risk associated with the product and channels being used by him.
RBI guidelines ensure that Banks should follow a ‘risk based approach’ on KYC/ AML standards to avoid disproportionate costs and a burdensome regime for the customers. Categorizing customers into different risk buckets can serve as a platform to adopt such approach.
Approach for Customer Risk Categorization
The following broad approach may be adopted for risk categorization,
- Selection of Parameters for risk categorization: The first step in process of risk categorization is selection of parameters, which would determine customer risk. Some indicative parameters, which can be used to determine the profile & risk category of a customer, are as follows,
- Customer constitution: Individual, proprietorship, partnership, private limited, etc.
- Business segment: Retail, Corporate, etc.
- Country of residence/ Nationality: Whether India or any overseas location/ Indian or foreign national.
- Product subscription: Salary account, NRI products, etc.
- Economic profile: HNI, public limited company, etc.
- Account status: Active, inoperative, dormant.
- Account vintage: less than six months old, etc.
- Presence in regulatory negative/PEP/defaulter/fraudster lists.
- Suspicious Transaction Report (STR) filed for the customer.
- AML Alerts
Other parameters like source of funds, occupation, purpose of account opening, nature of business, mode of operation, credit rating, etc., can also be used in addition to the above parameters. Banks may adopt all or some of these parameters based on availability of data.
- Deciding on type of classification: Banks may choose to carry out either Manual Classification or Automated Classification using technology systems or a combination of both,
- In case of manual classification each customer would be classified based on the risk parameters and assigned risk on a case to case basis. In case of banks wanting to do a manual CRC, they may adopt suitable parameters from indicative list above and accordingly devise a model/ policy for assigning risk category to each customer/ customer segment.
- In case of automated classification, the banks computer systems would assign risk based on parameters adopted using standard rules and scale for same.
- Determining the Risk rating methodology– Once the parameters are finalized, depending upon the data availability banks may choose an appropriate risk rating model.
- One of the easy to use models is the weighted average method. In the weighted average method each parameter is assigned a ‘risk score’ and a ‘weight’ is attached to the parameter depending upon its accuracy and criticality to the overall risk. The output score is compared to a final scale.
- Banks need to ensure that while assigning risk score and weight to various parameters, Critical and more accurate parameters like customer constitution and product subscription are given their due weightage.
- Risk Categories: Depending on the risk score obtained as per the above method, the customers will be assigned low, medium and high risk ratings. Banks may also choose additional categories or sub divide these main categories such as ‘very low’ or ‘very high’.