I would read pages 298-299 in the FFIEC's BSA/AML Handbook from 2007, the most recent one. It gives very clearly what the risk mitigation process should be...here's a sample:
At the time of account opening, the bank should have an understanding of the customer’s business operations; the intended use of the account; including anticipated transaction volume, products, and services used; and the geographic locations involved in the relationship.
For those customers deemed to be particularly high risk, bank management may consider implementing sound practices, such as periodic on-site visits, interviews with the business’s management, or closer reviews of transactional activity.