Customer Risk Rating Policy¶
| Code | AML-012 |
| Domain | AML / Financial Crime |
| Owner | Chief Compliance Officer |
| Status | Draft |
| Applicability | Platform |
| Jurisdiction | NZ + AU |
| Business domain | BD01 |
| Review date | 2027-03-31 |
Regulations: AML/CFT Act 2009 · AML/CTF Act 2006¶
Purpose¶
Define the calculation, governance, and lifecycle management of customer risk ratings. Risk ratings must be consistent, explainable, versioned, and dynamic — updated when materially relevant events occur.
Scope¶
All customers at onboarding and throughout the customer lifecycle.
Policy statements¶
Every customer SHALL be assigned a risk score and a risk tier (LOW, MEDIUM, HIGH) at onboarding before the account is activated.
The risk model SHALL incorporate at minimum: geographic risk, identity verification quality, product type and usage profile, behavioural signals, and external screening outcomes.
Risk scores SHALL be recalculated when material triggering events occur, including: significant transaction events, device changes, sanctions list updates, and periodic scheduled reviews.
Risk tier SHALL determine the ongoing monitoring intensity, CDD refresh frequency, and transaction monitoring parameters applied to the customer.
The following override rules SHALL be applied before the model output is returned: sanctions match → REJECT; high-confidence fraud signal → BLOCK; PEP + high-risk geography combination → force HIGH tier regardless of model score.
Every risk score produced SHALL be explainable — the top contributing factors and their direction of impact SHALL be stored alongside the score.
Score history SHALL be maintained with version, model identifier, and triggering event so that the score applied at any point in time can be reconstructed.
Satisfying modules¶
| Module | Name | Mode | Description |
|---|---|---|---|
| MOD-153 | Customer acceptance engine | CALC |
The acceptance decision record IS the formal customer risk rating — it carries the input snapshot, methodology version, decision outcome, and tier assignment required for AML examination. |
Part of AML / Financial Crime · Governance overview
Compiled 2026-05-22 from source/entities/policies/AML-012.yaml