Print Article

Wolfsberg Group Guidance on Digital Customer Lifecycle Risk Management


Customers today expect to engage their financial institution (FI) and manage their finances via their digital devices, and prospective customers also increasingly expect to become customers via their digital devices.

The challenge then to the FI is clear:

  • How to manage the financial crime risks associated with non-face-to-face digital engagement effectively?

Establishing a reasonable and risk-based set of controls is one of the three Wolfsberg Effectiveness Factors, and within that context, the need to prioritise resources and enhance controls

Technology can enable an FI to meet both customer expectations on digital engagement and prioritise resources in an effective, risk-based manner.

Digital approaches to customer lifecycle risk management, if defined and calibrated responsibly, provide the FI with an opportunity to

  1. Build a dynamic understanding of customer risk,
  2. Refresh relevant customer information on a targeted basis, and
  3. Pursue new customers – including the financially excluded - without face-to-face interaction while focusing resources to address genuine financial crime threats.

This Wolfsberg Group Guidance on Digital Customer Lifecycle Risk Management provides the below considerations for an FI seeking to achieve this ambition:

  1. Build a more holistic customer profile via a more comprehensive concept of identity attributes that complements the elements required under AML/CTF regulation, in line with customer consent and applicable data protection regulation.
  2. Map the variables behind the holistic customer profile to internal or external data sources capable of alerting the FI to a possible change or deviation from the expected value of any particular data point or attribute.
  3. Leverage the ability to better detect changes and deviations in the customer profile to evolve from traditional periodic refresh cycles to a more effective trigger-based approach.
  4. Recognise that reaching the requisite level of robustness in building the underlying customer profile and ensuring adequate assurance levels on underlying systems are both risk-based decisions, where, for example,
    • Certain local conditions, including support for financial inclusion initiatives from competent authorities, may warrant distinct identification, verification, and authentication approaches for certain types of relationships.
  5. Collaborate with governments on digital initiatives to increase access to high-quality identity data, promote interoperability, and facilitate access to financial services.