Once you have done a risk assessment of the customer base and product offerings, and considered the required factors - types of accounts, methods of opening them, types of identifying information available, and the bank's size, location, and customer base, how on earth do you pull all this information together into a final document that includes all of it? (While, at the same time, tying it all to the specific procedures derived from the risk assessment!)

I followed a format found in Bankers Tools on BOL. It is a simple document that lists the required factors that you noted and then a paragraph stating where you consider your bank to fall, i.e. high, moderate or low.
With the accounts risk coding I have another document that lists the required procedures for each category of risk.
Hope this helps you.

link?

Found it

http://www.bankersonline.com/tools/compliance/cip_riskasses.html

A factor that I find difficult to risk-rate is the product type. For example, how does a savings account pose a greater risk of misidentifying a customer than an IRA does?

Can anyone help with the above question about product type as it relates to identification? In our bank we are still confused about this.

I would think that a transactional account (DDA) would pose a somewhat higher risk than a CD or savings account, given the transaction limitations in these products. This is most likely what they are trying to get at.

Why does a transactional account pose more misidentification risk?

Because a transactional account has constant activity - i.e. a checking account.
Savings, MMAs and CD's are generally accounts with limited activity.
Therefore your risk would be greater with those accounts where your customer can conduct more transactions.

O.K., thanks. Now, the bank's size is another factor that the regulation says we must consider. But how do we go about relating the bank's size to the risk of a particular customer? In the CIP Risk Analysis Tool provided in the link above, I don't see a connection being made. (This is one of the things our bank is struggling with.)

If anyone can help with the above question about how you use the bank's size as a factor in the risk assessment, we would be very grateful. We are trying to learn and understand the rationale.

The following is what I remember on the subject:

Presumably, the larger the bank, the larger the risk. If you are very small, you would know your customers (and be able to identify them) like the back of your hand.

The larger you get, the less likely your bank, as a whole, would be able to be fully aware of your customers.

However, really large banks would, presumably, have sophisticated systems in place that would mitigate such risks.

The Reverse Goldilocks size would be those banks that are large enough to have customers that may "fly under the radar", but not have fully developed systems to manage the risk.

I tried to start a collaboration thread without much success. The bulleted list includes the factors, including size. If you gather the facts on your institution, then follow the link to the OCC publication, you can determine how each factor might translate to low, medium and high risk.

We are using the form on bankers online. My question is does this need to be done for each customer when opening the account? For each signer on the account? Even for business accounts?

I lost one of my posts, so I am trying again here. How are you using the Bankers Online CIP Risk Assessment form? Is it being completed for each account or each signer on the account? I know on businesses the business is the customer, but do you risk assess the each signer too? Help.

Risk assessment is typically done at the customer level, not at the authorized signer level.

Is the CIP Risk Analysis form (in BOL Tools) previously mentioned used to identify those new loan or deposit accounts that would require monitoring for suspicious activity? In other words, those accounts that score a 10 or more are monitored for suspicious activity and those that score under 10 are not? Just trying to determine how the score could be used and is it basically a pass or fail grade for monitoring purposes. Thanks for any responses!!