Guidance on the customer risk assessment

1. The risk assessment of a customer, which is illustrated in figure 3 above, requires a Relevant Person to allocate an appropriate risk rating to every customer. The DFSA would expect risk ratings to be either descriptive, such as "low", "medium" or "high", or a sliding numeric scale such as 1 for the lowest risk to 10 for the highest. Depending on the outcome of a Relevant Person's assessment of its customer's money laundering risk, a Relevant Person should decide to what degree CDD will need to be performed. For a high risk customer, the Relevant Person will need to undertake Enhanced CDD under AML section 7.4 as well as the normal CDD set out in AML section 7.3. For a low risk customer, the Relevant Person may be able to undertake Simplified CDD in accordance with AML section 7.5. For any other customer, the Relevant Person will be required to undertake the normal CDD set out in AML section 7.3.
2. Using the RBA, a Relevant Person could, when assessing two customers with near identical risk profiles, consider that one is high risk and the other low risk. This may occur, for example, where both customers may be from the same high risk country, but one customer may be a customer in relation to a low risk product or may be a long-standing customer of a Group company who has been introduced to the Relevant Person.
3. In AML Rule 6.1.4, ownership arrangements which may prevent the Relevant Person from identifying one or more Beneficial Owners include bearer shares and other negotiable instruments in which ownership is determined by possession.
Derived from DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]
[Amended] DFSA RM231/2018 (Made 6th June 2018) [VER15/07-18]