According to the United Nations Office on Drugs and Crime, ~2-5 percent of global GDP is laundered each year, amounting to roughly USD 800 Billion-2 Trillion.¹ Much of this flows through the formal financial system, making Banking and Financial Services (BFS) firms both the primary target and the first line of defense against illicit activity.

BFS enterprises also face credit risks (originating from borrower defaults), operational risk (such as internal process failures or system breakdowns) and market risk (through exposure to price fluctuations across assets, rates and currencies).

However, unlike these categories, financial crime risk does not register on a balance sheet or trigger an immediate capital charge. It is a silent vulnerability that often originates in non-financial, procedural blind spots and manifests with massive regulatory penalties and reputational damage.

Given this inherent nature, financial crime risk can only be minimized through effective control design and execution. Within Financial Crime Risk Management (FCRM), this is driving a shift toward a risk-based approach within Anti-Money Laundering (AML) compliance strategies, with controls being aligned to the level and nature of risk across jurisdictions, customer types and products.

The Crisis of Traditional FCRM

Conventional FCRM frameworks were designed for stability – standardized controls and rule-based monitoring for predictable transaction patterns, defined customer segments and relatively contained geographic exposure. These foundational assumptions are no longer held today.

Yet, many institutions continue to apply uniform due diligence and monitoring thresholds across vastly different customer and product profiles. During customer risk profiling, both high- and low-risk entities often move through the same onboarding and review processes. Meanwhile, transaction-monitoring systems generate large alert volumes without sufficient risk prioritization. The result is a fraud-detection system that is operationally heavy but not necessarily risk sensitive.

Such operating models create two critical challenges:

Productivity Drain

AML compliance teams spend disproportionate time investigating low-value alerts while genuinely suspicious patterns risk being overlooked.

Outdated Detection Models

As financial crime evolves with increasingly complex digital assets and tools, ownership structures and cross-border flows, static rules struggle to capture emerging risk signals.

This disconnect between effort and outcome is forcing a shift away from uniform control models toward approaches that can differentiate, prioritize and respond to risk in real-time. Guidance from global standard-setters such as the Financial Action Task Force (FATF) has already established the risk-based approach as the foundation of effective FCRM, with organizations like the Egmont Group reinforcing its application through intelligence sharing and collaboration.

The Risk-based Approach as a Dynamic Operating Model

An effective FCRM program moves beyond uniform control application to target risk prioritization based on exposure and potential impact. Global AML and Counter-Terrorism Financing (CTF) frameworks have reinforced this shift, requiring banks and financial institutions to establish FCRM policies and documented procedures to identify and report financial crimes.

This approach forms the core of the risk-based model, where effort, controls and resources are calibrated to the level of risk, rather than applying similar treatment across all customers and activities. This ensures that higher-risk areas receive enhanced security, while lower-risk scenarios are managed with proportionate controls.

At its core, the risk-based approach operates on three interlinked principles, aligned with FATF Recommendation #1:²

Inherent Risk Assessment

Focus: Establishing the baseline exposure profile

Action: Identifying and quantifying factors, including geography, customer type and delivery channel, before any mitigating controls are applied

Tailored Control Implementation

Focus: Calibrated mitigation

Action: Utilizing Simplified Due Diligence (SDD) for low-risk scenarios and Enhanced Due Diligence (EDD) for high-risk profiles

Residual Risk Monitoring

Focus: Continuous oversight*

Action: Tracking exposure after controls are implemented to ensure it stays within the institution's risk appetite and triggers re-assessment when thresholds are breached

*A transformational aspect of this approach is the implementation of Perpetual Know Your Customer (pKYC) models to monitor activities in real-time, enabling organizations to identify and manage inherent and residual risks effectively.

The Execution Blueprint: Embedding Risk Intelligence into Enterprise

While the risk-based approach defines how BFS firms prioritize and manage risk, its effectiveness depends on how it is operationalized across the enterprise. This requires translating risk-based principles into structural frameworks that assess the risk at the product and customer levels, supported by continuous monitoring and decision-making mechanism.

Product Risk Management: The Foundation of Risk-based Control

BFS firms offer a range of products and services that define how customers interact with the organization. Each product introduced carries an inherent risk and requires assessment, which is the first step to mitigating misuse, regulatory exposure and financial crime vulnerabilities. Product risk management must therefore be robust, with continuous evaluation and calibrated controls.

The Core Elements of Product Risk Management

Regulatory Focus

Manage existing, modified and new products, including emerging financial activities, as emphasized by regulators.

Product Lifecycle

Move beyond new-product approvals – the traditional focus for product owners and risk partners – to identifying and managing risk-profile changes across the product lifecycle.

Operational Challenges

Strengthen product management practices with defined roles, increased product knowledge, continuous risk monitoring, technology support, streamlined governance processes and enterprise-wide taxonomy.

Risk Categories

Ensure supervision across key risk categories by performing risk evaluation, analysis and introducing controls.

Qualitative Models

Compare the financial risk of an investment product through Product Risk Classification (PRC), which leverages quantitative models across market, credit and liquidity risks.

The Product Risk Assessment Framework: Enabling Continuous Risk Evaluation

Product risk management requires a defined mechanism to identify, assess and mitigate risks across the product lifecycle. This is typically enabled through a Product Risk Assessment (PRA) framework, which ensures that risks are continuously evaluated as products evolve:

Customer Risk Rating (CRR): Building Dynamic Risk Profiles

While products define the structure of risk, customers influence how that exposure materializes. CRR provides the framework to assess the levels of risk associated with individuals or entities, enabling financial institutions to identify and manage potentially fraudulent activities more effectively.

Post the 2008 financial crisis, CRR emerged as a critical mechanism for risk-based resource allocation, typically segmenting profiles into four categories: low, medium, high and significantly high. Financial firms prioritize the last two groups for EDD, while the first two undergo SDD and Customer Due Diligence (CDD). Beyond compliance, CRR also supports business decisions by aligning products and services with qualified customers.

An effective CRR framework evaluates multiple risk dimensions, combining static attributes with behavioral indicators to build a comprehensive profile.

← Swipe →

Executing Risk-based FCRM at Scale

Scaling a risk-based FCRM model requires coordinating multiple product and customer risk framework components within a unified operating architecture, including identity verification, KYC compliance, sanctions screening, monitoring – for fraud, terrorist financing, bribery and corruption – transaction monitoring and regulatory reporting. This demands a deep understanding of financial crime typologies and the ability to embed these insights into workflows, tools, governance, controls and decision-making processes.

As this complexity increases, institutions often face constraints in aligning data, systems and expertise at scale. Strategic partnerships play a critical role in addressing this gap, combining domain knowledge, scalable operating models and advanced capabilities in Artificial Intelligence (AI) and analytics.

Case Study 1:
Scaling Crypto Financial Crime Investigations

Amid rapidly scaling crypto ecosystems, a global payment infrastructure provider faced growing financial crime complexity, driven by fragmented processes and inconsistent operational controls. This exposed the need for a more integrated, intelligence-led operating model.

In response, WNS, through it’s Crypto Center of Excellence (CoE), built a customized solution combining advanced on-chain analysis, structured investigation frameworks, risk-based investigation and targeted capability building. The result was a scalable, governed model that enhanced investigation consistency, strengthened operational control and embedded in-house expertise to address evolving crypto-related financial crime risks.

Case Study 2:
Accelerating KYC Reviews Through Digitalization

Despite best-in-class systems and applications,
a multinational bank faced increasing FCRM strain, with fragmented KYC workflows and manual processes limiting its ability to prioritize high-risk customers, effectively. This created a need to shift from volume-driven reviews to a more risk-aligned, intelligence-led operating model.

WNS implemented a digital transformation solution anchored in a centralized financial crime CoE. This combined workflow automation, standardization and enhanced customer screening through AI-led negative news articles. This resulted in a 25 percent improvement in straight-through processing, 50 percent reduction in operating costs and human effort, and a 100 percent improvement in KYC timelines with full compliance – creating scalable FCRM with stronger risk prioritization.

The Shift to Intelligence-led FCRM

The traditional manual operating models that have long supported compliance are now fundamentally mismatched against a high-velocity, real-time financial ecosystem, creating significant gaps in risk visibility and control effectiveness. At the same time, global regulatory expectations over fraud risk management are becoming more stringent and time-bound, leaving no scope for incremental or experimental approaches.

For BFS firms, transitioning rapidly to a risk-based intelligent operating model is essential. As financial crime grows more sophisticated, institutions must move beyond checklist-driven compliance toward integrated risk management frameworks that translate risk insights into timely action.

This shift requires a strategic execution model, supported by partners capable of delivering outcome-driven solutions combining domain-aligned platforms, AI integrations, a Financial Crime Compliance (FCC) talent strategy and robust governance frameworks that ensure defensibility, auditability and explainability while mitigating regulatory challenges, hallucinations and false confidence. Success will belong to those who act with the speed and precision that only a unified, risk-based framework can provide.

About the Author

Sandeep Chakravadhanula

Practice and Capability Lead
Financial Crimes, Banking & Financial Services

Sandeep is a Senior Leader & Practice Manager with 20+ years of expertise in Financial Crime Compliance, Risk Management and Regulatory Operations. He leads capability development, global operations and advanced compliance transformation at WNS.

References

1. https://www.unodc.org/roca/en/NEWS/news_2024/november/improving-regional-investigations-on-money-laundering-and-asset-recovery.html

2. https://www.hfsresearch.com/research/1-5-trillion-services-as-software/

FAQs