.png)
Risk Classification
The purpose of this article is to gain an understanding of how you can work with the different classification levels in your risk matrix.
To see how you can create different types of KYC questions for your risk matrix, click here.
Tailor Questions by Risk Tier
Use your risk assessment matrix (e.g. Low / Medium / High) to adjust the depth of questioning:
| Risk Tier | Depth of KYC/AML Questions |
| Low | Standard ID, address, basic occupation info |
| Medium | Additional documentation on source of funds, business activities |
| High | Enhanced Due Diligence (EDD), interviews, verification of documents, adverse media screening, deeper UBO checks |
Link Questions to Controls & Red Flags
Each question should help you decide:
- If Enhanced Due Diligence is required
- If account restrictions or approval gates are needed
- If ongoing monitoring thresholds need to be tighter
- If escalation is needed before onboarding or continuation
Example Mapping: Risk → Question → Mitigation
| Identified Risk | KYC/AML Question | Control/Mitigation |
| High PEP risk | “Are you or any UBO a politically exposed person?” | EDD, senior approval, periodic review |
| Offshore shell entity | “What is the country of incorporation and UBO location?” | Verify UBOs, conduct media screening |
| High transaction volume |
“What is your expected monthly transaction volume/value?” | Set alert thresholds for monitoring |
| Source of funds unclear | “What is the origin of your funds? Can you provide proof?” | Request income docs, bank statements |
| Crypto transactions | “Do you plan to transact using virtual assets?” | Assess crypto exposure risk, apply VASP screening |
Summary: Checklist for Your KYC/AML Questions
Align each question to a specific risk category
Ensure the question helps identify risk indicators
Tailor depth based on risk rating
Link questions to mitigation actions or controls
Keep questions clear, verifiable, and purposeful