The risk-based approach to assessing the risk of money laundering means that different standards are applied to different clients of a financial institution. Typically, this means that low and medium risk clients require only standard customer due diligence or CDD, while high risk clients require enhanced due diligence or EDD. However, once a client is onboarded at a financial institution, its obligations don't end in terms of assessing the client's money laundering risk. Financial institutions have to carry out periodic reviews. It is for each financial institution to determine what this means. But for example, reviews might need to be carried out at least annually for high risk clients every three years for medium risk and every five years for low risk clients. The frequencies vary by institution and sometimes also by jurisdiction. For example, in China, the regulator demands more frequent reviews. So a local China uplift to the bank's policy demands periodic due diligence reviews every six months, every two years, or every four years for high, medium, and low risk clients respectively. In addition to periodic reviews, financial institutions are also required to carry out trigger reviews when necessary. These are additional off-cycle reviews that can be triggered by material adverse news about the client.
Unusual transactions across the client's account changes in the client's business ownership or its usage of the firm's products and services.
A trigger review enables the client's rating to reflect changes in underlying risk factors promptly without waiting for the next scheduled periodic review. If a firm has just completed a five yearly refresh of its due diligence on a low risk client, the due diligence will not ordinarily be revisited for another five years. If a trigger event occurs, though, the due diligence must be refreshed immediately.
