Customer risk scoring for banks and other financial institutions is a raging topic.
Between recent crypto-related governance failures, the threat of a looming global recession, and record high credit card debt in the US, credit scoring is top of mind. Throw in heightened regulatory scrutiny and increased competition and now effective customer risk scoring has never been more important.
Recently, central banks and other regulatory bodies around the world have strengthened rules to ensure financial institutions can identify and manage potential risks effectively. With regulatory sanction risks imposed on institutions that fail to comply effectively, the threat is real.
Thankfully there are several guidelines. Basel III is an international regulatory framework for banks developed by the Basel Committee on Banking Supervision. It incorporates several measures designed to improve risk management, including the introduction of enhanced customer risk-scoring methods.
The Basel Institute on Governance also created the Basel AML Index – an independent country ranking and risk-assessment tool for money laundering and terrorist financing. It provides a holistic customer risk score based on data from 18 publicly available sources.
Still risk rating customers remains challenging. For banks and financial institutions to do so accurately, they require policy and procedure that follows the latest guidelines of the Financial Action Task Force (FATF), while also applying the AML rules and regulations for the operating countries.
FATF recommendations cover seven distinct areas:
– Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) policies
– Money laundering and confiscation
– Terrorism financing and financing of proliferation
– Preventative measures
– Transparency and beneficial ownership of legal persons
– Powers and responsibilities of competent authorities
– International cooperation
The European Central Bank (ECB) has also stepped in on customer risk scoring. They’ve created guidance for financial institutions operating within the European Union (EU). It’s intended to help financial institutions ensure their customer risk-scoring systems are fair, transparent, and consistent with EU regulations. These regulations include:
Transparency: Providing customers with information about how their risk scores are calculated and the factors taken into account.
– Fairness: Ensuring risk-scoring systems do not discriminate against customers based on factors such as race, gender, or age.
– Data quality: Ensuring the data used in customer risk scoring is accurate and kept securely.
– Model validation: Certifying the accuracy and performance of customer risk-scoring models and ensuring they remain accurate over time.
– Compliance: Adhering to EU regulations such as the General Data Protection Regulation (GDPR) and the EU Regulation on Credit Reporting (ECR).
– Performance monitoring: Tracking customer risk-scoring systems and their performance to make adjustments to ensure compliance with ECB’s guidance. Financial institutions are expected to have a simple model algorithm in place, with fewer variables, that can continuously monitor a customer’s activity and note any ‘red flags’ for financial crime.
Growing competition in the financial services sector is also driving risk scoring importance. With the rise of new technologies and market entrants, traditional financial institutions are facing growing pressures to improve their customer risk-management practices to stay competitive. Effective risk management, including customer risk scoring, is essential for financial institutions to stay ahead of the curve and ensure they continue to provide valuable services to their customers.
Factors Influencing Customer Risk Score
Several factors should be considered when calculating the customer risk score. While all financial institutions have their own methodology, they typically cover these seven factors:
– Customer or entity: Examining the customer’s identity and background.
– Geography: Identifying the customer’s location. (It is easier to launder money in some locations than others, depending on the corresponding AML regulations.)
– Demographics: Factors such as age, gender, and location can also be considered when assessing risk. Whilst the use of such data must be treated with sensitivity and fairness, not all countries apply the same standards.
– Product/services: Examining the customer’s spending habits.
– Credit history: Third-party credit-scoring agencies can weigh in on the mix of parameters to create an overall risk profile.
– Income and employment: Both variables provide insight into the ability to repay debts.
– Other factors: Evaluating outstanding debts, payment history, late payments, and bankruptcies could all potentially be evaluated as part of customer due diligence and may contribute to an overall risk profile.
Once on-boarded, customers should ideally be monitored on an ongoing basis. Traditionally, regulators have mandated regular reviews. In the US, reviews are conducted every one or three years, with high-risk customers reviewed every 12-months. In Europe, customer reviews are conducted at a cycle of one, three, and five years.
With the advent of improved technology and the increased need for more caution, customers are now being screened automatically – in some cases on a daily basis to detect changes in risk profile.
5 Major Challenges to Implement Customer Risk Scoring
Despite the importance of customer risk scoring, there are still many challenges faced in implementing effective customer risk scoring systems. The top five challenges include:
– Data availability: Financial institutions require access to accurate and current customer data to calculate scores. Obtaining this data can be challenging.
– Data privacy and security: Keeping customer data confidential and secure in compliance with data privacy regulations such as GDPR can be challenging.
– Model selection and validation: Financial institutions need to select an appropriate customer risk scoring model and validate its accuracy.
– Model maintenance: Financial institutions need to establish continuous monitoring and set up systems for optimisation to ensure it remains accurate over time.
– Lack of standardisation: Different financial institutions rely on different methods for assessing customer risk, which can make it difficult to compare and contrast results.
Conclusion
Customer risk scoring is a critical compliance requirement for banks and other financial institutions, particularly in the current market. With increased regulatory scrutiny and competition, effective customer risk management is a top priority globally. There are a variety of frameworks, factors, and challenges to successfully implementing a robust customer risk assessment solution. However the journey is well worth the effort as financial institutions can use the intelligence to gain a deeper understanding of their customers and their risk profiles by following these practices.
Public Resources:
Basel iii Reforms:Impact,Study and Key Recommendations.
https://www.ecb.europa.eu/home/html/index.en.html
https://www.bis.org/bcbs/basel3/b3_trans_arr_1728.pdf
