How do I de-risk my delivery channels?

De-risking your delivery channels means reducing the money laundering, terrorist financing and proliferation financing risk created by the way your services reach clients.
Whether you work face to face or remotely, get your clients through an intermediary or are fully digital, each channel gives you a different level of visibility over who you’re dealing with. De-risking is the work of putting controls in place that compensate wherever that visibility drops.
It’s important to note that FATF (the Financial Action Task Force) often refers to “de-risking” when it’s talking about businesses exiting entire categories of clients or business to avoid risk altogether.
It’s warned against this as it pushes transactions into less regulated channels where they’re harder to see. This article uses the phrase to define the practical, everyday steps you could take to manage the risk your delivery channels carry.
Start with your risk assessments
FATF Recommendation 1 establishes the risk-based approach that influences the anti-money laundering (AML), counter-terrorist financing (CTF) and counter-proliferation financing (CPF) framework of most countries.
It expects countries to require firms to identify, assess and understand the risks they face. Delivery channels sit alongside clients, geography, products, services and transactions as one of the core risk factors.
De-risking starts here because you can only reduce a risk you’ve properly identified. Map out every route through which clients reach you, such as:
- direct approaches;
- referrals from other professionals;
- online enquiries;
- automated onboarding;
- work introduced by intermediaries.
Then work out how much visibility each one gives you. A client you meet in person is easier to verify and read than one who you interact with digitally.
It’s important you give realistic and detailed answers on these risks. Your risk assessments need to rate your inherent riskrealistically to give you a solid foundation for every mitigation that follows. It also gives your supervisor a clear picture of your reasoning.
Reduce the risk channel by channel
Face-to-face onboarding
Meeting a client in person gives you the fullest view of who they are and how they behave. De-risking here means making sure the personal contact gets used properly:
- Verify the documents in front of you
- Record what you observed
- Identify any anomalies and record these too
Remote onboarding
In February 2025 FATF amended the Interpretive Note to Recommendation 10 to clarify that non-face-to-face relationships count as potentially higher risk “only where appropriate risk mitigation measures have not been implemented”.
For remote onboarding, these controls should mean that you have a way of accurately verifying a client’s identity. For example, electronic verification against reliable, independent sources. There are also biometric and liveness checks available that can confirm a client is who they say they are.
Intermediary-introduced business
De-risking this channel means carrying out your own client due diligence (CDD) on any client that’s introduced through a third party, no matter what checks the introducer has done themselves.
Essentially, you should treat the relationship as if your referrer’s checks were never done. FATF Recommendation 17 reinforces this, stating that even where a jurisdiction permits reliance on third parties for parts of CDD, responsibility for the outcome stays with your business.
Digital and automated platforms
Clients that are onboarded and delivered a service only through portals or apps can interact with your business with very little human contact. Your controls in this situation should include elements that flag unusual activity and trigger the need for a human review.
Apply enhanced measures where a channel stays higher risk
It’s natural for some delivery channel risk to be left after you’ve put your controls in place (this is your residual risk). This is where enhanced due diligence comes in.
The risk-based approach expects your response to be proportionate to the residual risk. For high-risk delivery channelsthis could mean:
- going further to understand who your client is, what they do and where their money comes from;
- using more than one independent and reliable data source to verify a client’s identity, ideally from different providers;
- intensifying your ongoing monitoring of a client’s transactions to make sure they fit with their business or purpose.
Review whenever your channels change
If you onboarded everyone in person five years ago but now half your client base is brought on through a portal, your inherent risk has changed.
FATF Recommendation 15 requires the risks of “new products and new business practices, including new delivery mechanisms” to be identified and assessed. This assessment needs to happen before launch. And make sure you document your reasoning as you go.
A supervisor reviewing your AML framework will want to see that you’ve accurately identified every delivery channel riskbased on how it is today, as well as that you’ve put in place mitigations and applied them consistently.
What others have said
Making compliance easier








