What goes into a customer risk rating?

A typical model combines:

Customer-type risk — individual vs entity, public listed vs private, regulated vs unregulated, presence of complex ownership.
Geographic risk — country of residence, country of business activity, country of source of funds, FATF list status, sanctions footprint.
Product/channel risk — face-to-face vs digital onboarding, cash-intensive products, cross-border products, anonymity-enabling features.
Transactional risk — expected volume, velocity, and pattern vs observed.
Other risk indicators — PEP status, adverse media, prior SMR, referral channel.

The model produces a numerical score or categorical rating (Low / Medium / High / Prohibited) that drives onboarding controls and ongoing monitoring frequency.