While almost any type of account is potentially vulnerable to money laundering or terrorist financing, certain customers, products or services may pose specific risks. Regulators are working together to provide uniform guidance to address high risk activities. FFIEC examination guidelines identify certain activities as high risk, including:

• Private banking
• Payable through accounts
• International correspondent bank relationships
• Electronic banking
• Significant and International funds transfer activity
• Non-bank financial institution relationships
• Deposit broker activity
• Special use/concentration accounts

In addition, certain types of accounts are considered high risk, including:

• Cash intensive businesses
• Dealers in precious metals, stones or jewels
• Pawnbrokers
• Loan or finance companies
• Car and boat dealers

• Foreign financial institutions, including banks and foreign money services providers (e.g., casas de cambio, currency exchanges, and money transmitters).
• Non-bank financial institutions (e.g., money services businesses; casinos and card clubs; brokers/dealers in securities; and dealers in precious metals, stones, or jewels).
• Senior foreign political figures and their immediate family members and close associates (collectively known as politically exposed persons (PEPs)).
• Nonresident alien (NRA)and accounts of foreign individuals.
• Foreign corporations and domestic business entities, particularly offshore corporations (such as domestic shell companies and Private Investment Companies (PICs) and international business corporations (IBCs))located in high-risk geographic locations.
• Deposit brokers, particularly foreign deposit brokers.
• Cash-intensive businesses (e.g., convenience stores, restaurants, retail stores, liquor stores, cigarette distributors, privately owned ATMs, vending machine operators, and parking garages).
• Non-governmental organizations and charities (foreign and domestic).
• Professional service providers (e.g., attorneys, accountants, doctors, or real estate brokers).
  
  

The second step of the risk assessment process entails a more detailed analysis of the data obtained during the identification stage in order to more accurately assess BSA/AML risk.  This step involves evaluating data pertaining to the bank’s activities (e.g., number of: domestic and international funds transfers; private banking customers; foreign correspondent accounts; PTAs; and domestic and international geographic locations of the bank’s business area and customer transactions) in relation to Customer Identification Program (CIP) and customer due diligence (CDD) information.  The level and sophistication of analysis may vary by bank.  The detailed analysis is important because within any type of product or category of customer there will be accountholders that pose varying levels of risk. 

This step in the risk assessment process gives management a better understanding of the bank’s risk profile in order to develop the appropriate policies, procedures, and processes to mitigate the overall risk.  Specifically, the analysis of the data pertaining to the bank’s activities should consider, as appropriate, the following factors:

• Purpose of the account.
• Actual or anticipated activity in the account.
• Nature of the customer’s business.
• Customer’s location.
• Types of products and services used by the customer.