From the Anti-Money Laundering and Counter-Terrorism Financing Department (AML/CTF) team at Summons Abogados, we wish to provide our clients with an important development aimed at enhancing the operational efficiency of their AML/CTF Model. This improvement facilitates the practical application of the Risk-Based Approach (RBA) for appropriately assigning a risk rating and profile to their clients in compliance with the applicable regulations.

In this regard, we outline below the general parameters with which we propose to work together to develop the so-called Client Risk Matrix (CRM), which represents a significant improvement in your model. The main goal of this enhancement is to facilitate the daily practical work of your teams involved in this area.

We hope this is of interest, and our team is available to schedule a meeting to move forward as deemed appropriate.

Regulatory framework requiring the application of a risk-based AML and CTF approach at the client level.

The application of a Risk-Based Approach for Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) for clients is a practice that primarily arises from international standards, which mandate consideration of client risk as a fundamental element for building an AML/CTF system, as expressed, among others, in the following:

• Recommendations No. 1 and 10 of the FATF and their interpretative notes
• At the European Union level, AML/CTF regulations contained in Regulation EU 2024/1624 and the VI Directive EU 2024/1640
• Law 10/2010 and Royal Decree 304/2014

Benefits of applying the RBA to clients

• Reduce and mitigate the risk of AML and CTF.

Client Risk Profile and Client Risk Matrix (CRM) – Concepts and Structure

The Client Risk Matrix (CRM) is a tool designed to assess the potential level of AML/CTF risk that clients may pose, based on specific risk factors defined by the entity. This allows for determining a “Client Risk Profile.”

Building an adequate Client Risk Matrix tailored to an Entity always requires considering its business model, including, among other aspects, the type and activity of the clients, the geographical areas where it operates, the channels for linking and/or marketing services or products, among others. Each Entity must construct its own CRM according to its business reality.

To determine the Client Risk Profile, we propose the design of a CRM customized for the Entity, which will consist of the following components:

• Risk Factors such as Economic Activity, Type of Client, Nationality, among others.
• Risk Elements: aspects to be evaluated within each risk factor.
• Weightings: assign relevance within the risk profile for each of the evaluated factors.
• Rating Scale: allows assigning a risk value to the numerical range of the obtained results. Based on this rating, the Client Risk Profile is defined.

The CRM may be incorporated or programmed into a technological tool or a spreadsheet, depending on the Entity's size and complexity.