I was having a philosophical discussion with a colleague today.
When conducting your BSA/AML risk assessment, what would be your thresholds for "few", "moderate", and "high" when considering the number of customers with high risk business types, or who may be inherently high risk (MSBs, PEPs, third party payment processors, etc.).
Would you consider a percentage? Say, for example, if more than 10% of the customer base can be categorized as being in a higher risk industry, would that meet the "high" threshold? Would 5%?
Obviously there would be no one-size fits all answer, and much would depend on the size of the FI, resources available for monitoring, etc., but just curious about what some general responses might be.
Also, I should point out this would be a separate analysis from the # of customers ACTUALLY considered to be high risk based on activity.
Thanks!
Last edited by kw004h; 03/18/15 09:35 PM. Reason: additional info