Enigma Knowledge

Glossary

Risk-Based Approach (RBA)

February 5, 2026

What the risk-based approach means in AML/KYB, how to apply proportionate due diligence, and regulatory expectations.

The risk-based approach is a regulatory principle requiring institutions to allocate compliance resources proportionate to the level of risk each customer or relationship presents.

Core Principle

Not all customers present equal risk. RBA means:

  • Higher-risk relationships → more scrutiny (EDD)
  • Standard-risk relationships → standard procedures (CDD)
  • Lower-risk relationships → streamlined procedures (SDD)

Risk Factors

Customer Risk

Entity type: Shell companies, complex structures

Ownership: Opaque ownership, nominees, bearer shares

Industry: Cash-intensive, high-value goods, gaming

PEP status: Beneficial owners or controllers are PEPs

Geographic Risk

Jurisdiction: High-corruption countries, weak AML regimes

Sanctions: Countries under comprehensive sanctions

Tax: Secrecy jurisdictions, tax havens

Product/Service Risk

Transaction type: International transfers, correspondent banking

Delivery channel: Non-face-to-face, third-party introducers

Value: High-value or unusual transaction patterns

Regulatory Expectations

FATF and regulators expect institutions to:

  1. Identify and assess inherent risks
  2. Design controls appropriate to those risks
  3. Document risk assessment methodology
  4. Update assessments as risks evolve

RBA and KYB

For KYB, RBA means:

  • Not every business gets the same verification depth
  • Risk scoring drives the due diligence level
  • Resources focus where risks are highest

Related: CDD | EDD | SDD | FATF