Risk Scoring
Zenoo implements a FATF-aligned, 4-dimension risk assessment model. Every case receives a risk score across four dimensions, producing an overall risk tier that drives due diligence requirements and review frequency.
The 4 dimensions
Risk is assessed independently across four dimensions. Each dimension scores 0-100 and maps to a tier:
| Dimension | What it measures | Example factors |
|---|
| Customer | Inherent risk of the customer entity | PEP status, sanctions exposure, adverse media, industry |
| Geographic | Country and jurisdiction risk | FATF grey/black list, EU High-Risk, Basel AML Index |
| Product/Service | Risk associated with the products or services | Financial services, crypto, high-value transactions |
| Channel | Risk from the delivery channel | Online-only, face-to-face, third-party introduction |
Scoring algorithm
Each dimension score is calculated from the alerts and entity attributes associated with the case. The system maps alert categories and entity properties to dimensions using configurable rules.
Score to tier mapping
| Score Range | Tier |
|---|
| 70-100 | High |
| 40-69 | Medium |
| 0-39 | Low |
These thresholds are configurable per risk model. The values above are defaults. You can adjust high_threshold and medium_threshold when creating or modifying a risk model.
Overall tier calculation
The overall risk tier is determined by the highest-tier-wins rule: if any single dimension is rated High, the overall tier is High. This conservative approach ensures that concentrated risk in any dimension triggers appropriate due diligence.
Risk assessment lifecycle
| Status | Description |
|---|
Draft | Assessment created but dimension scores not yet calculated |
Active | Scores calculated, awaiting review |
Superseded | Replaced by a newer assessment |
Overridden | Analyst has manually overridden the calculated tier |
Approved | Reviewed and approved — becomes the effective assessment |
Analyst overrides
Analysts can override the calculated tier when additional context justifies a different risk rating. Overrides require:
- A new tier selection (High, Medium, or Low)
- A documented justification
- Approval by a second reviewer (four-eyes principle)
curl -X POST https://api.zenoo.com/v1/risk-assessments/rsk_abc123/override \
-H "Authorization: Bearer your-api-key" \
-H "Content-Type: application/json" \
-d '{
"override_tier": "Low",
"reason": "PEP match is for a former local councillor with no current exposure. Customer has 10-year clean banking history."
}'
Risk factors
Each dimension can include specific risk factors that explain the score:
{
"dimension": "Customer",
"score": 65,
"tier": "Medium",
"factors": [
"UBO identified as former PEP (councillor, 2010-2014)",
"Financial Services industry classification",
"No adverse media findings"
]
}
- Alert-based factors: Each resolved alert category contributes a factor with its severity
- Entity attribute factors: Jurisdiction, industry, corporate structure complexity
- Country risk factors: FATF status, EU High-Risk listing, Basel AML Index score
EDD triggers
When the overall risk tier is High, Enhanced Due Diligence (EDD) requirements are automatically added:
| Trigger | EDD Requirement |
|---|
| Overall tier = High | Source of Wealth check for UBOs and Directors |
| Sanctions exposure | Enhanced screening with ongoing monitoring |
| Senior PEP | Mandatory senior reviewer approval |
| Complex structure | Full corporate structure verification |
Configurable risk models
Zenoo supports multiple configurable risk models with:
- Per-model thresholds: Customize High/Medium score thresholds
- Custom rules: Define scoring rules by alert category, entity attribute, or country data
- Champion/Challenger: A/B test new models in shadow mode before promoting
- What-If Analysis: Backtest parameter changes against historical assessments
- AI Tuning: Generate data-driven optimization recommendations
Next steps
