Customer Risk & AML Integration

Audience: Compliance Officers, BSA/AML Analysts, Risk Managers Last updated: March 2026 Version: 4.2

FraudShield AI integrates with the Customer Due Diligence (CDD) module and Anti-Money Laundering (AML) platform to provide a unified view of customer risk across fraud prevention and regulatory compliance. Transaction-level fraud risk scores are enriched with entity-level CDD risk, sanctions screening status, and AML typology indicators to give fraud analysts and compliance teams a complete picture before any investigation decision is made.

Module dependencies This page covers features that require the FraudShield CDD and AML Integration modules. The base AI Engine includes the customer risk score as an input feature only. Configuring CDD risk models and AML workflows requires separate licensing and implementation.

Customer Due Diligence (CDD) overview

The CDD module maintains a Customer Risk Score for every entity in the institution's customer base. Unlike the transaction-level risk score produced by FraudShield AI at scoring time, the CDD risk score is a standing customer-level assessment — updated periodically and in response to trigger events, not per transaction.

Two CDD detection models drive the customer risk score:

Model	Purpose	When it runs
`CDD-HRC` — High Risk Customer	Calculates the initial customer risk score at onboarding and on the periodic review schedule. Evaluates all configured risk factors and produces an overall risk rating: Low, Medium, High, or Unacceptable.	Customer onboarding, periodic review cycle (30/90/180/365 days depending on risk rating), manual trigger
`CDD-INR` — Change in Customer Risk	Recalculates the risk score when a trigger event occurs between scheduled reviews: a fraud alert, a watchlist hit, a change in beneficial ownership, or a significant behavior change.	Event-triggered: fraud alert generated, SAR filed, watchlist match, ownership change, address change

Customer risk factors

The CDD risk score is the weighted sum of individual risk factor scores. Each risk factor evaluates a specific dimension of customer risk. Institutions configure the weight and scoring scale for each factor to reflect their risk appetite and regulatory requirements.

Risk factor	Description	Configurable
PEP status	Politically Exposed Person score. Evaluates the customer's PEP position (e.g., Head of State vs. local official), PEP status (current, former <1 year, former >1 year), and the PEP status of Relatives and Close Associates (RCAs). RCA relationships are weighted by relationship type.	Yes — PEP position scores, RCA relationship weights, maximum score cap
High-risk geography	Country risk based on FATF grey/black lists, OFAC country sanctions, and institutional risk country list. Applies to customer domicile, beneficiary countries, and countries of business operation.	Yes — country risk scores, list source (FATF, OFAC, custom)
High-risk business type	Industry/business category risk for entity accounts. Cash-intensive businesses (MSB, casinos, car dealers), cryptocurrency exchanges, and shell companies carry elevated scores.	Yes — business type risk scores per NAICS code or custom category
Beneficial ownership	Ownership structure complexity and presence of high-risk owners. Evaluates ultimate beneficial owners (UBOs), ownership percentage thresholds (default ≥25%), and any PEP-flagged owners.	Yes — UBO ownership threshold, maximum ownership chain depth
Expected behavior deviation	Compares actual transaction behavior (volume, type, geography) against the customer's stated expected behavior profile at onboarding. Significant deviation triggers a CDD-INR recalculation.	Yes — deviation thresholds, time window
Adverse news / negative media	Flags from external adverse media screening: involvement in fraud investigations, money laundering cases, regulatory sanctions, or legal proceedings. Sourced via the DataIQ Clarify enrichment integration.	Partially — severity weights for news categories
Fraud history	Confirmed fraud alerts on this customer's accounts, SAR filings, and charged-off fraud losses in the past 24 months. Sourced directly from FraudShield AI alert dispositions.	Yes — lookback window, loss amount thresholds
Products and services	Higher-risk product types held by the customer: cash accounts, international wire capability, mobile wallets, cryptocurrency on-ramp, foreign currency accounts.	Yes — risk score per product type

Risk segmentation

Institutions can define risk segments so that the same risk factor uses different scoring scales for different customer populations. This prevents a retail customer being scored against the same thresholds as a corporate client with legitimately complex ownership structures.

Example — PEP risk factor score scales by segment

# Retail Individual customers
segment: RETAIL_INDIVIDUAL
  pep_current_head_of_state:     100
  pep_current_senior_official:   85
  pep_former_less_1yr:           60
  pep_rca_spouse:                50
  pep_rca_child:                 40

# Corporate / Institutional customers
segment: CORPORATE
  pep_current_head_of_state:     100
  pep_current_senior_official:   70   # Corporate directors in public life — lower weight
  pep_former_less_1yr:           40
  pep_rca_spouse:                30
  pep_rca_child:                 20
  

Periodic review workflow

Customers rated High or Unacceptable require more frequent review. The periodic review workflow generates a CDD work item in the Case Manager queue and assigns it to a compliance analyst.

Risk rating	Default review frequency	Review type
Low	Every 365 days	Automated — model re-run only, no analyst action unless score changes
Medium	Every 180 days	Automated re-run + analyst notification if score increases by >20 points
High	Every 90 days	Full analyst review — customer record, transaction lookback, documentation update
Unacceptable	Every 30 days	Senior analyst review — may include relationship exit assessment or SAR filing

Watchlist and sanctions screening

FraudShield AI performs watchlist screening at two points: at transaction scoring time (for the beneficiary) and at the customer CDD level (for the customer entity and its beneficial owners). Screening covers OFAC SDN, EU/UN sanctions lists, and any custom institutional watch lists.

Screening events

Screening event	Lists screened	On match
Transaction beneficiary (at scoring time)	OFAC SDN, EU Consolidated, UN Consolidated, custom	Hard BLOCK decision returned regardless of risk score. Alert generated with `SANCTIONS_HIT` reason code. Mandatory SAR review triggered.
Customer onboarding (CDD-HRC)	OFAC SDN, PEP global lists, adverse media, beneficial owner lists	Customer flagged with watchlist match. CDD score set to Unacceptable. Compliance officer notified. Account opening held pending review.
Ongoing customer monitoring (daily batch)	All configured lists — updated daily	Newly matched customers trigger CDD-INR recalculation. Alert created in compliance queue.
Beneficial owner screening (CDD-HRC / CDD-INR)	OFAC SDN, PEP lists, adverse media	Match on any UBO above the ownership percentage threshold flags the entity account.

OFAC matches must never be auto-approved A confirmed OFAC SDN match — on a customer, beneficial owner, or transaction beneficiary — requires manual review by a BSA Officer before any action is taken on the account. Auto-release of a sanctions hold is not permitted and constitutes a potential OFAC violation.

CDD and fraud risk integration

The CDD customer risk score feeds directly into FraudShield AI real-time scoring as a Risk Indicator input. A customer with a High CDD rating will receive a baseline uplift in their transaction risk scores, so that borderline transactions from known high-risk customers route to review rather than approve.

CDD risk rating	RI input: `RI_CDD_CUSTOMER_RISK`	Effect on transaction score
Low	Sub-score: 0	No effect
Medium	Sub-score: 20	Small uplift — may tip borderline MEDIUM transactions to REVIEW
High	Sub-score: 55	Significant uplift — HIGH threshold effectively lowered for this customer
Unacceptable	Sub-score: 90	Near-critical uplift — most transactions from this customer will hit REVIEW or BLOCK

SAR and CTR filing integration

FraudShield AI integrates with the STAR (Suspicious Transaction Activity Reporting) module for SAR filing and with the CTR module for Currency Transaction Report filing. Both are required under BSA/FinCEN regulations.

Suspicious Activity Report (SAR): Required when a financial institution knows, suspects, or has reason to suspect that a transaction involves funds from illegal activity, is designed to evade reporting requirements, lacks a lawful purpose, or involves a use of the institution to facilitate criminal activity. FraudShield AI creates a SAR candidate automatically when a fraud alert is dispositioned as Confirmed Fraud. BSA Officer review and approval is required before FinCEN e-filing.
Currency Transaction Report (CTR): Required for cash transactions exceeding $10,000 in a single business day, or structured transactions that appear designed to avoid the $10,000 threshold (structuring). FraudShield AI flags structuring patterns via the RI_STRUCTURING_PATTERN Risk Indicator and routes these alerts to the CTR queue.

AML typology detection in the fraud model The RIs used to detect structuring (RI_STRUCTURING_PATTERN), mule activity (RI_MULE_NETWORK_SCORE), and layering (RI_RAPID_MOVEMENT_THROUGH_ACCOUNT) are deliberately shared between the fraud model and the AML module. This means a transaction that appears fraudulent from a payment fraud perspective will also generate signals visible to the AML team, enabling joined-up financial crime investigation.