Skip to content
RegTech & Reporting

Risk-Based Approach (RBA)

The foundational AML/CFT principle: institutions allocate compliance effort proportionate to the assessed risk of each customer, product, channel and geography.

Also known asRBARisk-based methodology

Definition

The Risk-Based Approach (RBA) is the foundational AML/CFT principle codified by FATF Recommendation 1: rather than apply uniform controls to every customer and transaction, obligated entities identify and assess money-laundering and terrorist-financing risks and allocate compliance effort proportionate to that assessment.

The three risk levels

  • Country-level / supranational - FATF mutual evaluations, EU SNRA.
  • Sectoral - national risk assessment per industry.
  • Firm-level (Enterprise-Wide Risk Assessment, EWRA) - the operational artefact every obligated entity must maintain.

Risk factors

Standard EWRA dimensions include customer risk (PEPs, complex structures, jurisdiction), product/service risk (cash, correspondent banking, private banking, crypto), delivery-channel risk (non-face-to-face, intermediaries), and geographic risk (high-risk third countries, tax havens). The output of the EWRA drives CDD / EDD tiering and TM thresholds.

Regulatory anchor

FATF Recommendation 1; AMLD4 Article 8; the upcoming AMLR Article 8 (EWRA) and the EBA's ML/TF Risk Factors Guidelines.

Related concepts

Customer Due Diligence (CDD)
AML & KYC
Enhanced Due Diligence (EDD)
AML & KYC
Anti-Money Laundering (AML)
AML & KYC
Transaction Monitoring
RegTech & Reporting
FATF - Financial Action Task Force
RegTech & Reporting