Daily Compliance Brief — Supervisors Reinforce Expectations on Ongoing Customer Risk Reassessment

February 6, 2026

Signal

Supervisory communications over the last 24 hours emphasised renewed focus on the effectiveness of ongoing customer risk assessments, not just initial onboarding classifications. Authorities highlighted concerns that customer risk ratings are often insufficiently refreshed in response to behavioural changes, new products, or evolving geographic exposure.

Regulators signalled that reliance on static review cycles or infrequent periodic refreshes may no longer meet expectations in higher-risk contexts. Greater attention is being placed on whether firms can demonstrate timely reassessment triggered by meaningful risk events, including transaction patterns, ownership changes, or adverse information.

Why it matters

For compliance teams, this reinforces that customer risk assessment is a living control that underpins transaction monitoring, enhanced due diligence, and reporting decisions. Weaknesses in reassessment processes can undermine the effectiveness of downstream AML controls and escalation frameworks.

Institutions should review event-driven review triggers, integration between monitoring outputs and risk scoring, and governance over risk rating changes. Supervisors are increasingly focused on whether firms can evidence that customer risk profiles accurately reflect current exposure, rather than historical assumptions.