To effectively formulate KYC (Know Your Customer) and AML (Anti-Money Laundering) questions that link directly to your risk assessment and mitigate identified risks, you need to design a question framework that:

1. Collects relevant information based on the customer’s risk profile.
2. Provides insights that allow you to apply appropriate controls.

Example:
 

1. Start With Your Risk Assessment Categories

Identify the key risk factors from your AML risk assessment, such as:

• Customer type (individual, corporate, PEP, etc.)
• Geography (high-risk countries, sanctioned jurisdictions)
• Products/services used (cash-intensive, crypto, wire transfers, etc.)
• Delivery channel (non-face-to-face, intermediaries)
• Transaction patterns (volume, frequency, complexity)
• Purpose and nature of the business relationship

2. Design Risk-Based Questions Aligned to Each Factor

Below are some examples of how you can formulate your questions based on different categories.

Customer Type

Purpose: Understand who the customer is and their potential risk.

• What is the customer’s occupation or business activity?
• Are they a Politically Exposed Person (PEP), or related to one?
• What is their legal structure and ownership (for corporate clients)?
• Who are the ultimate beneficial owners (UBOs)?

Mitigates: Unknown UBO risk, front/false businesses, PEP risk

Geography

Purpose: Identify exposure to high-risk jurisdictions.

• Where is the customer domiciled?
• Where do they conduct business?
• Do they send/receive funds to/from high-risk jurisdictions?

Mitigates: Sanctions exposure, corruption risk, lack of regulatory supervision

Products/Services Used

Purpose: Understand the AML exposure of specific offerings.

• Which of our products/services does the customer plan to use?
• Will they use services like international wires, cash deposits, or crypto?

Mitigates: Product misuse, layering through complex transactions

Delivery Channel

Purpose: Assess anonymity and impersonation risk.

• How did the customer onboard (online, in person, through an agent)?
• Will ongoing interactions be non-face-to-face?

Mitigates: Identity fraud, shell account creation

Transaction Behavior

Purpose: Set expected transaction benchmarks.

• What is the expected volume and value of transactions per month?
• Will they transact with third parties or related businesses?

Mitigates: Structuring, unusual behavior, third-party laundering

Purpose and Business Relationship

Purpose: Understand the legitimate reason for the relationship.

• What is the purpose of the account/relationship?
• What are the sources of funds and wealth?

Mitigates: Use of account as a pass-through, undeclared income, layering

To see how you can work with different risk levels click here.