Skip to main content
To effectively manage anti-money laundering (AML) risk, a financial institution’s monitoring system must be adaptable to its unique business model, customer base, and product offerings. A generic, one-size-fits-all approach is insufficient for the complexities of modern finance. Within the AMLYZE platform, the primary mechanism for achieving this tailored configuration is the Risk Management Category. This customizable attribute is a fundamental component present in both client and transaction data payloads sent to the system. Its purpose is to enable granular segmentation, allowing a financial institution to apply specific configurations across all major AML processes. This includes client and transaction screening protocols, customer risk scoring models, real-time and retrospective transaction monitoring rule sets, and investigation workflows. It is important to distinguish the granular Risk Management Category from the higher-level Business Unit concept. While both facilitate data and configuration separation, they operate at different architectural levels. A Business Unit creates a separation of entire datasets for distinct legal entities or operational environments, whereas a Risk Management Category enables nuanced segmentation within a single dataset. Different Business Units may share the same Risk Management Categories.
FeatureBusiness UnitRisk Management Category
Primary PurposeComplete data segregation for distinct entities (e.g., different companies, tenants, jurisdictions).Granular segmentation of customers and operations.
Data SeparationSeparates all client, account, and transaction data, including alerts and cases.Applies different rules and workflows to segments within the same dataset.
Configuration ScopeCan have a different primary currency, timezone for monitoring, and user access controls. Can also be used to differentiate screening lists and sensitivity, applicable rules, individual rule settings, risk scoring logic, and investigation SLAs.Differentiates screening lists and sensitivity, applicable rules, individual rule settings, risk scoring logic, and investigation SLAs.
Typical Use CaseA multi-tenancy environment where different legal entities must have their data isolated.

A complex financial institution that segregates their clients and client transactions by business area. May or may not differentiate monitoring.		A single financial institution segmenting its B2C clients from its corporate clients for monitoring.

Customer Segmentation via Risk Management Category

Effective AML compliance requires segmenting the customer base to apply controls that are proportionate to the risks each segment presents. The mechanism is straightforward: each client profile submitted to AMLYZE is assigned a riskManagementCategory. This attribute acts as a key that links the customer to a specific, pre-configured set of rules and process configurations. By assigning different categories to different customer groups, such as individuals versus organizations, or standard retail users versus high-risk financial institutions, an AML team can ensure that the system’s response is always aligned with the customer’s risk profile. The specific AML controls that can be differentiated using the Customer Risk Management Category include:
  • Targeted Rule Sets: The customer category dictates which set of rules is applicable for key processes like Customer Risk Scoring and Retrospective Monitoring. This ensures that customers are evaluated against criteria relevant to their segment, preventing the misapplication of rules designed for a different type of client.
  • Different parameters and thresholds within the same real-time or retrospective monitoring rules.
  • Differentiated Screening Protocols: The platform can apply different screening configurations based on the customer’s category. This allows an institution to control which watchlists (e.g., Sanctions, Politically Exposed Persons (PEP), Adverse Media) are used for a particular segment and at what sensitivity level. For instance, a high-risk segment might be screened against more lists with a more sensitive matching algorithm than a standard-risk segment.
  • Customized Investigation Workflows: The category enables the tailoring of investigation processes for any alerts generated. This can include setting different Service Level Agreements (SLAs) for resolution, defining unique escalation paths, or assigning alerts from specific segments to specialized investigation teams.
To illustrate, consider a financial institution that serves both individual consumers and other financial businesses. It could define two distinct categories:
  • ‘Standard B2C User’: Customers in this category might be subject to standard sanctions and PEP screening. The Customer Risk Scoring rules applied would be tailored to typical retail behavior, and retrospective monitoring would focus on common consumer-level typologies.
  • ‘High-Risk Financial Institution’: This category would trigger a more rigorous set of controls. Screening would be configured with higher sensitivity and include adverse media checks. The risk scoring and monitoring rules would be stricter, designed to detect complex corporate money laundering schemes, and any resulting alerts would have a shorter SLA for investigation. This same principle of granular control extends from the customer level down to each financial operation.

Operation Segmentation via Risk Management Category

Just as customers are segmented, it is strategically vital to segment financial transactions (operations) for monitoring. The Operation Risk Management Category provides the mechanism to apply this granular, transaction-level control. It supplements other already existing transaction type filters: operationType (semi-configurable: allows adding additional external bank payment types) and cardOperationSubType (fully configurable). Every transaction payload sent to AMLYZE for assessment includes an riskManagementCategory. This ensures that for every single payment, the system can apply a specific set of controls, rules, and outcomes on a per-transaction basis, rather than relying on a single, universal monitoring strategy. The key monitoring processes controlled by the Operation Risk Management Category are:
  • Real-Time Monitoring Outcomes: It allows the system to determine the automated outcome when a real-time monitoring rule is triggered. For example, the same rule logic (e.g., a high-value payment to a high-risk country) can be configured to produce different results based on the transaction’s category. For one category, the outcome might be to ‘stop’ the payment for manual review. For another, the same trigger could result in an automatic ‘reject’ decision, preventing the payment from proceeding entirely.
  • Monitoring Logic: The system can use the operation’s category to apply different sets of real-time monitoring rules.
  • Payment and Transaction Type Differentiation: The category is the most flexible method for creating custom classifications to differentiate monitoring for various payment types. It can be used as a filter in individual rules and supplements the operationType attribute which is less flexible and less customizable as it defines data validation rules within the Amlyze API.

Strategic Implementation and Best Practices

Defining Risk Management Categories is a critical strategic exercise that forms the foundation of a successful AMLYZE integration. Thoughtful category design is not merely a technical task but a core business decision that ensures the AML program is both effective and efficient. A well-designed segmentation strategy transforms the AMLYZE platform from a generic tool into a customized AML solution that reflects the financial institution’s specific risk appetite and operational logic. The responsibility for this design lies primarily with the client’s AML team, who should analyze their business processes and anticipate future needs. To guide this strategic process, AML teams should evaluate several key factors when defining their categories.

Key Considerations for Defining Your Risk Management Categories

  • Customer Base: Differentiate between core customer segments that have distinct risk profiles, such as Individuals vs. Organizations or B2B vs. B2C models.
    • Strategic Implication: Failure to segment the customer base correctly can lead to applying inappropriate monitoring models, such as using retail-focused rules for corporate clients, resulting in both missed risks and excessive false positives.
  • Products and Services: Align categories with different product offerings that carry unique risk profiles.
    • Strategic Implication: Failing to create distinct categories for high-risk products (e.g., crypto exchange services vs. standard payment acquiring) can lead to either overly restrictive controls on low-risk products or inadequate monitoring of high-risk activities, exposing the institution to significant regulatory and financial crime risk.
  • Payment Channels: Create distinct categories for different payment methods (e.g., Regular SEPA vs. SEPA Instant) if they require different monitoring logic or real-time outcomes. No need to overdo: note that this may already be covered by operationType, use this only when operation type distinction is not sufficient or there are distinct real-time process needs. Otherwise, both Operation Category and Operation Type can be used as filters in individual rules.
  • Workflow Requirements: Define categories that map directly to required operational outcomes (e.g., Stop vs. Reject) or specialized investigation team responsibilities.
    • Strategic Implication: Without categories tied to specific workflows, the system cannot reliably execute automated decisions like ‘rejecting’ a payment from a high-risk category versus ‘stopping’ one for review. This introduces operational risk and undermines the institution’s ability to enforce its risk policy in real-time.
In summary, the Risk Management Category is the fundamental building block for tailoring the AMLYZE platform. By strategically defining categories for both customers and operations, a financial institution can precisely configure every aspect of its AML program: from screening sensitivity and rule application to investigation workflows and automated outcomes. This capability is what transforms the system into a solution that is perfectly aligned with the firm’s specific risk appetite, business logic, and regulatory obligations.
Categories are aligned during the initial onboarding process. Once established, any modifications or changes to these categories must be requested manually via Support.