loader image

How do I de-risk my delivery channels?

Lisa Simms
Lisa Simms

Director and Founder of AMLCC and AMLCC Consult

How do I de-risk my delivery channels?

De-risking your delivery channels means reducing the money laundering, terrorist financing and proliferation financing risk created by the way your services reach clients. 

Whether you work face to face or remotely, get your clients through an intermediary or are fully digital, each channel gives you a different level of visibility over who you’re dealing with. De-risking is the work of putting controls in place that compensate wherever that visibility drops.

It’s important to note that FATF (the Financial Action Task Force) often refers to “de-risking” when it’s talking about businesses exiting entire categories of clients or business to avoid risk altogether. 

It’s warned against this as it pushes transactions into less regulated channels where they’re harder to see. This article uses the phrase to define the practical, everyday steps you could take to manage the risk your delivery channels carry.

Start with your risk assessments

FATF Recommendation 1 establishes the risk-based approach that influences the anti-money laundering (AML), counter-terrorist financing (CTF) and counter-proliferation financing (CPF) framework of most countries. 

It expects countries to require firms to identify, assess and understand the risks they face. Delivery channels sit alongside clients, geography, products, services and transactions as one of the core risk factors.

De-risking starts here because you can only reduce a risk you’ve properly identified. Map out every route through which clients reach you, such as:

  • direct approaches;
  • referrals from other professionals;
  • online enquiries;
  • automated onboarding;
  • work introduced by intermediaries. 

Then work out how much visibility each one gives you. A client you meet in person is easier to verify and read than one who you interact with digitally.

It’s important you give realistic and detailed answers on these risks. Your risk assessments need to rate your inherent riskrealistically to give you a solid foundation for every mitigation that follows. It also gives your supervisor a clear picture of your reasoning.

Reduce the risk channel by channel

Face-to-face onboarding

Meeting a client in person gives you the fullest view of who they are and how they behave. De-risking here means making sure the personal contact gets used properly:

  • Verify the documents in front of you
  • Record what you observed
  • Identify any anomalies and record these too

Remote onboarding

In February 2025 FATF amended the Interpretive Note to Recommendation 10 to clarify that non-face-to-face relationships count as potentially higher risk “only where appropriate risk mitigation measures have not been implemented”.

For remote onboarding, these controls should mean that you have a way of accurately verifying a client’s identity. For example, electronic verification against reliable, independent sources. There are also biometric and liveness checks available that can confirm a client is who they say they are.

Intermediary-introduced business

De-risking this channel means carrying out your own client due diligence (CDD) on any client that’s introduced through a third party, no matter what checks the introducer has done themselves. 

Essentially, you should treat the relationship as if your referrer’s checks were never done. FATF Recommendation 17 reinforces this, stating that even where a jurisdiction permits reliance on third parties for parts of CDD, responsibility for the outcome stays with your business.

Digital and automated platforms

Clients that are onboarded and delivered a service only through portals or apps can interact with your business with very little human contact. Your controls in this situation should include elements that flag unusual activity and trigger the need for a human review.

Apply enhanced measures where a channel stays higher risk

It’s natural for some delivery channel risk to be left after you’ve put your controls in place (this is your residual risk). This is where enhanced due diligence comes in. 

The risk-based approach expects your response to be proportionate to the residual risk. For high-risk delivery channelsthis could mean:

  • going further to understand who your client is, what they do and where their money comes from;
  • using more than one independent and reliable data source to verify a client’s identity, ideally from different providers;
  • intensifying your ongoing monitoring of a client’s transactions to make sure they fit with their business or purpose. 

Review whenever your channels change

If you onboarded everyone in person five years ago but now half your client base is brought on through a portal, your inherent risk has changed. 

FATF Recommendation 15 requires the risks of “new products and new business practices, including new delivery mechanisms” to be identified and assessed. This assessment needs to happen before launch. And make sure you document your reasoning as you go. 

A supervisor reviewing your AML framework will want to see that you’ve accurately identified every delivery channel riskbased on how it is today, as well as that you’ve put in place mitigations and applied them consistently.

Explore how AMLCC’s features can manage your inherent and residual risk, keeping your business completely AML compliant

The one-stop AML solution

We know AML

We’re internationally recognised AML experts
We work with most accountancy supervisors and the Law Society
Bespoke AML consultancy available for all sectors

The one-stop AML solution

We know AML

We’re internationally recognised AML experts
We work with most accountancy supervisors and the Law Society
Bespoke AML consultancy available for all sectors

What others have said

“We had the man from the ICAEW here yesterday to carry out a QAD practice review. We got a clean bill of health – not a single action point…That is in no small measure due to AMLCC so I just wanted to say ‘thank you’”

“Thank you for such a perfect and informative [solution]. You have given me a clear direction for my AML training and CPD.”

“I just wanted to say ‘thank you’ to you, Richard, and all the team at AMLCC for providing a service that really does minimise the burden of AML compliance.”

“What a refreshing pleasure working with a company who actually listens to the feedback from their customers and communicates with them!”

“Your team they have been excellent from the moment Fiona did a demo for me with only 15 minutes notice, and thoroughly going through the AMLCC product, answering the many questions I had! It was at this point at which I made up my mind this is the sort of business I want to work with for my AML.”

Making compliance easier

AMLCC newsroom

Scroll to Top