Stay Ahead of the Curve: Preparing for the 2025 Customer Risk Model

As of June 2025, new Anti-Money Laundering regulations will require all Reporting Entities to adopt a Customer Risk-Rating process, marking a shift towards a more risk-based approach to financial crime prevention.

Under these regulations, Reporting Entities will be required to assess and assign a risk rating to each new customer as part of the CDD process (stated in section 12AC of the regulations). The intention of this is to help to mitigate the risks within Reporting Entities by providing a more structured and standardised approach to customer risk assessments. In addition, these entities will need to maintain a record of each customer’s risk rating and review it regularly as part of their ongoing CDD obligations.

Reporting Entities will need to continually assess and adjust their risk-rating methodologies to ensure they accurately reflect the risk profile of customers over time, avoiding both underestimation and overestimation of risk.

An adaptive risk-scoring system will be crucial to account for customer behaviours, transactional patterns and interactions, ensuring that the risk rating accurately reflects a customer’s risk level over time.

We strongly advise that Reporting Entities begin planning and implementing their CRR systems well in advance of the June 2025 deadline. Taking proactive steps now will help ensure compliance with the new regulations and enable organisations to better manage the risks associated with money laundering.