What’s a high-risk client?

A high-risk client is one where the risk of money laundering (ML), terrorist financing (TF) or proliferation financing (PF) is assessed as higher than normal under a firm’s risk-based approach.

This doesn’t mean the client has done anything wrong. It means that, based on the information available, there are features of the client, their activity or their circumstances that increase exposure to financial crime risk and therefore require closer scrutiny.

Under the UK Money Laundering Regulations 2017 (as amended) (MLRs), regulated businesses are expected to identify these risks, assess them proportionately and apply enhanced due diligence where required. The focus is always on understanding risk, not labelling people.

Where the concept comes from

The idea of a “high-risk client” comes directly from the risk-based approach set by FATF (the Financial Action Task Force), the global standard-setter for anti-money laundering (AML), counter-terrorist financing (CTF) and counter-proliferation financing (CPF).

That approach is embedded into UK law through Regulation 18 of the MLRs, which requires firms to assess risk at a business, client and transaction level, and to adjust their controls accordingly.

What can make a client high risk?

A client is assessed as high risk where one or more risk factors, taken together, increase exposure beyond what standard due diligence is designed to manage. These factors usually fall into a few broad areas:

Client type and profile

Some clients naturally present higher inherent risk because of who they are or how they operate. Common examples include politically exposed persons (PEPs), high-net worth individuals, clients with complex ownership or control arrangements, clients acting through trusts, offshore entities or layered ownership structures, and clients that accept cash payments.

The risk comes from the increased opportunity for misuse, influence or concealment if things aren’t properly understood.

Geographic connections

Clients with links to high-risk jurisdictions often require closer attention. This includes being based in, receiving funds from or operating through countries identified by the UK government or FATF as having strategic AML, CTF or CPF deficiencies.

Nature of the work or transactions

Certain activities are more attractive for laundering funds because they allow money to be moved, structured or legitimised. Examples include handling client money, complex corporate work, property transactions, cross-border activity or arrangements with no obvious economic rationale. 

Where the work allows funds to pass through professional services, risk increases if the rationale isn’t clear.

Behavioural indicators

Risk can also arise from how a client behaves. Reluctance to provide information, vague explanations, frequent changes in instructions or inconsistencies between what a client says and what documents show can all affect risk assessments.

These signals don’t prove wrongdoing but they do indicate that more questioning is needed to understand what’s really going on.

How high-risk clients are treated under the regulations

When a client is assessed as high risk, the MLRs require enhanced due diligence to be applied.

Enhanced due diligence is not a single checklist. It’s a set of measures that should be applied proportionately, to give you a deeper understanding of the client and their money. This often includes obtaining additional information, verifying it more robustly and applying closer ongoing monitoring.

Regulation 33 of the MLRs sets out specific situations where enhanced due diligence is mandatory, such as PEP exposure or links to high-risk third countries. The level of enhancement should match the level of risk identified.

High risk doesn’t mean automatic refusal

Many high-risk clients are legitimate and appropriate to act for. The requirement is to understand the risk, mitigate it and document how that was done.

When supervisors review AML compliance, they’re not just looking for completed checks. They’re looking for evidence of reasoning.

For high-risk clients, this means being able to show how risk factors were identified, how enhanced due diligence was applied and how decisions were reached. This applies equally where a decision is made to proceed or to decline the relationship.

Clear documentation protects the firm. It shows that judgements were informed, proportionate and aligned with the regulatory framework.

Final thoughts

A high-risk client isn’t a problem to avoid. It’s a signal to slow down and understand the relationship more deeply.

The UK AML framework is built on the idea that risk varies and that professionals can use a risk-based approach to address it. When high-risk clients are identified early, assessed properly and managed thoughtfully, they fit naturally within a compliant, risk-based approach.

If your AML process helps you tell the real story behind a client, rather than just collect documents, you’re applying the Regulations in the way they were intended.