Client Risk Review Triggers for AML Files
Certivus AML team8 minUpdated 2026-06-27
In brief: Client risk review triggers tell staff when a CDD file should be reopened because the original risk decision may no longer be reliable.
Key points
- Review triggers should be written into the firm's AML process.
- Not every trigger means decline; many mean refresh evidence and document a new decision.
- Higher-risk clients should have clearer ownership of review tasks.
Client risk review triggers
Use review triggers to stop CDD files going stale. The firm should know when a file needs another look.
| Trigger | Why it matters |
|---|---|
| Ownership or control change | Beneficial ownership and sanctions exposure can change. |
| New high-risk service | The original CDD may not cover the new matter. |
| Unusual funds | Source-of-funds evidence may be needed. |
| Geography changes | Country risk may affect CDD depth. |
| New screening match | PEP, sanctions, or adverse media status may change. |
| Dormant file becomes active | Old evidence may no longer be enough. |
| Staff concern | Front-line observations can reveal AML risk earlier than scheduled reviews. |
How to use the trigger
Open the file, record the trigger, refresh the relevant evidence, update the risk rating, and explain the decision.
This guide is general information, not legal advice. Check MLR 2017 Regulation 28, GOV.UK's money laundering supervision responsibilities, HMRC's CDD testing guidance, and your supervisor's current sector guidance before making a compliance decision.