Loading...
compliance

AML Customer Due Diligence and Risk Rating Worksheet

Assess a new customer’s source of funds, point of origin, and AML risk rating in one worksheet. Use it to decide monitoring level, escalation, and the next review date before onboarding.

Fill it now — Free Get Started
Customize with AI → Live preview →

Trusted by frontline teams 15 years of frontline software AI customization in seconds

Built for: Banking · Fintech · Payments · Wealth Management · Insurance

Overview

This worksheet is for documenting AML customer due diligence before onboarding or during a periodic refresh. It brings together the customer profile, beneficial ownership, source of funds, point of origin, expected transaction activity, and known risk factors so the reviewer can assign a risk rating and set the right monitoring level.

Use it when you need a consistent, auditable record of why a customer is low, medium, or high risk. It is especially useful for customers with cross-border activity, complex ownership, PEP exposure, adverse media, or an unclear source-of-funds story. The form is also helpful when a reviewer needs to escalate a case and explain the reason in one place.

Do not use this worksheet as a catch-all intake form. If the relationship is simple and your policy only needs basic identity verification, this may collect more than necessary. It is also not a substitute for sanctions screening, transaction monitoring, or legal advice. Keep the fields tied to the decision you actually need to make, use conditional logic for extra detail only when risk factors are present, and avoid collecting PII that will not be used. The best version of this template leaves the reviewer with a clear answer: what was reviewed, what evidence supported it, what risk rating was assigned, and when the next review should happen.

Standards & compliance context

  • Keep data collection aligned with GDPR data minimization by asking only for the fields needed to assess AML risk and monitor the relationship.
  • Use a clear PII disclosure and consent statement so the reviewer understands what information is being collected and why.
  • If the form is used for customer outreach, include a consent-to-contact field and document the purpose of contact in the audit trail.
  • For higher-risk cases, preserve the reviewer attestation and escalation reason so the record supports internal audit and regulatory review.
  • Avoid collecting unnecessary identifiers such as full dates of birth or tax numbers unless your policy requires them for the specific review.

General regulatory context for orientation only — verify current requirements with counsel or the relevant agency before relying on this template for compliance.

What's inside this template

Review Overview

This section anchors the case by identifying who is being reviewed, when the review happened, and who completed it.

  • Review type (required)
  • Review date (required)
  • Reviewer name (required)
  • Customer reference or account ID (required)

    Use an internal reference only. Do not enter unnecessary PII.

Customer Profile

This section defines the customer type and ownership context so the reviewer can apply the right AML checks.

  • Customer type (required)
  • Country of residence or registration (required)
  • Primary business activity or occupation (required)
  • Are there beneficial owners to review? (required)
  • Number of beneficial owners

Source of Funds and Origin

This section captures where the money comes from and where it originates, which is central to the risk decision.

  • Source of funds (required)
  • If other, describe source of funds
  • Point of origin country (required)
  • Explain how the funds were generated and transferred (required)
  • Supporting documentation

    Upload only documents necessary to support the AML assessment. Avoid collecting more PII than needed.

Expected Activity and Transaction Profile

This section sets the baseline for normal activity so unusual behavior can be recognized later.

  • Expected monthly transaction volume (required)
  • Expected monthly transaction value (required)
  • Expected countries or regions involved (required)
  • If other, describe expected geographies
  • Expected activity notes

AML Risk Factors

This section records the specific indicators that increase or reduce AML concern, such as PEP status or adverse media.

  • Is the customer or a beneficial owner a politically exposed person (PEP)? (required)
  • Any sanctions or watchlist match? (required)
  • Is there adverse media or negative news? (required)
  • Does the customer have a complex ownership or control structure? (required)
  • Risk factor notes

Risk Rating and Monitoring

This section turns the review into an action by assigning risk, monitoring level, escalation, and the next review date.

  • Overall AML risk rating (required)
  • Ongoing monitoring level (required)
  • Escalation required to compliance leadership? (required)
  • Escalation reason
  • Next review date (required)

Consent, Attestation, and Audit Trail

This section preserves disclosure acknowledgment, reviewer confirmation, and submission notes for traceability.

  • I acknowledge that the information collected will be used for AML due diligence, risk assessment, and regulatory recordkeeping. (required)
  • Consent to contact for additional due diligence if needed
  • Reviewer attestation (required)

    Confirm that the assessment was completed based on available information and internal AML procedures.

  • Submission notes

How to use this template

  1. 1. Configure the review fields, risk-rating options, and conditional logic so the form only shows extra source-of-funds or ownership questions when they are relevant.
  2. 2. Assign the worksheet to the onboarding analyst or AML reviewer and require the customer reference, review date, and reviewer name before submission.
  3. 3. Collect the customer profile, source-of-funds explanation, expected activity, and supporting documentation, using the correct field type for each item.
  4. 4. Review the risk factors, document any PEP, sanctions, adverse media, or complex ownership concerns, and assign the monitoring level with a written rationale.
  5. 5. Escalate high-risk or unclear cases to compliance, record the reason, and set the next review date so the case does not rely on memory or a separate note.
  6. 6. Save the completed worksheet to the audit trail and use the result to trigger onboarding approval, enhanced due diligence, or ongoing monitoring tasks.

Best practices

  • Use conditional logic so individuals, companies, and complex entities see only the fields that apply to them.
  • Keep source-of-funds and point-of-origin fields specific enough to be useful, but do not ask for documents or PII you will not review.
  • Mark required fields clearly and leave optional fields optional, especially for supporting documentation and narrative notes.
  • Use multi-select fields for expected geographies and risk factors so reviewers do not have to compress multiple answers into one text box.
  • Record the reason for every escalation in plain language so a second reviewer can understand the decision without re-interviewing the customer.
  • Set the next review date in the form itself, not only in a downstream system, so the monitoring cadence is visible at a glance.
  • Ask for consent to contact only if the workflow actually requires outreach, and include a clear disclosure about how submitted PII will be used.
  • Photograph or attach supporting evidence at the time of review rather than reconstructing the file later from memory.

What this template typically catches

Issues teams running this template most often surface in practice:

Source-of-funds is described too vaguely to support the risk rating.
Beneficial ownership is left blank even when the customer is an entity.
Expected monthly volume and value are entered as free text instead of numeric fields.
High-risk indicators such as PEP status or adverse media are noted but not tied to escalation.
The reviewer assigns a risk rating without explaining the factors behind it.
Next review date is omitted, which breaks the monitoring cadence.
Supporting documentation is attached without stating what it proves or why it was needed.

Common use cases

Bank onboarding analyst
A retail or commercial bank uses the worksheet to document source-of-funds, beneficial ownership, and expected activity before approving a new account. The completed record supports a clear low-, medium-, or high-risk classification and the follow-up monitoring plan.
Fintech compliance reviewer
A fintech team uses the template for customers with cross-border payment activity or unusual ownership structures. Conditional logic keeps the form short for low-risk applicants while expanding only when risk factors require more detail.
Wealth management KYC refresh
An advisor operations team uses the worksheet during periodic reviews to confirm that the client’s source of wealth and transaction profile still match the relationship. The audit trail helps show why the monitoring level stayed the same or changed.
Payments risk operations
A payments provider uses the form when a merchant’s geography, ownership, or transaction pattern changes. The escalation section creates a clean handoff to compliance when enhanced due diligence is needed.

Frequently asked questions

What does this AML Customer Due Diligence and Risk Rating Worksheet cover?

This worksheet captures the core inputs used to classify a new customer’s AML risk: customer profile, beneficial ownership, source of funds, point of origin, expected activity, and known risk factors. It also records the resulting risk rating, monitoring level, escalation decision, and next review date. Use it as the working record behind an onboarding decision or periodic refresh.

When should this worksheet be used?

Use it during new customer onboarding, when a customer’s ownership or activity changes, or when a periodic review is due. It is also useful after a trigger event such as a new jurisdiction, unusual transaction pattern, or adverse media hit. If the relationship is low risk and fully standardized, a lighter intake may be enough, but this worksheet is appropriate when a documented risk rating is needed.

Who should complete and review it?

Typically an onboarding analyst, compliance analyst, or AML reviewer completes the worksheet, and a supervisor or compliance officer reviews escalations. The reviewer should be the person who can validate the source-of-funds narrative, check supporting documentation, and assign the monitoring level. If your process separates intake from approval, this template supports both roles with an audit trail.

How often should the next review date be updated?

Set the next review date based on the assigned risk rating and any internal policy for periodic reviews. Update it whenever the customer’s risk profile changes, such as a new beneficial owner, a sanctions concern, or a shift in expected activity. The worksheet works best when the review date is explicit rather than left to a separate system note.

Does this worksheet replace a full AML program or case management system?

No. It is a reusable form for documenting due diligence and risk rating decisions, not a substitute for transaction monitoring, screening, or case management. Many teams use it as the standardized intake and decision record, then pass the result into their monitoring workflow or compliance system. It helps keep the decision consistent even if the downstream tools differ.

What are the most common mistakes when filling it out?

Common mistakes include marking every field required, using vague source-of-funds descriptions, and skipping the beneficial ownership details when they are relevant. Another frequent issue is assigning a risk rating without explaining the factors that drove it. The worksheet should also avoid collecting unnecessary PII; only ask for what you will actually use.

Can this template be customized for different customer types or jurisdictions?

Yes. You can add conditional logic for individuals, companies, trusts, or nonprofits, and tailor the geography fields to your operating regions. If your policy treats certain jurisdictions, industries, or PEP relationships differently, add those as risk-factor options. Keep the form aligned with your internal policy and local regulatory expectations.

What supporting documentation should be attached?

Attach only the documents needed to substantiate the source-of-funds explanation and ownership structure, such as bank statements, corporate registry extracts, or ownership charts. Use progressive disclosure so the form asks for extra evidence only when a risk factor or complex structure is present. Avoid collecting documents that are not used in the review decision.

How does this worksheet support audit trail and consent requirements?

The consent and attestation section records that the reviewer acknowledged any PII disclosure and confirmed the accuracy of the assessment. That creates a clear audit trail showing who reviewed the customer, what was considered, and why the risk rating was assigned. If your process includes customer contact, the consent-to-contact field helps document that step as well.

Related templates

Forms

Mortgage Best Interests Duty Rationale Documentation

Use this Mortgage Best Interests Duty Rationale Documentation template to record the consumer’s n...
Forms

Suspicious Activity Report (SAR) Decision and Filing Worksheet

A Suspicious Activity Report (SAR) Decision and Filing Worksheet for documenting account review, ...
Forms

Client Fact Find and Needs Analysis Form

A mortgage client fact find form for capturing borrower details, income, expenses, deposit source...
Forms

Overdraft Reg E Opt-In Confirmation Form

This Overdraft Reg E Opt-In Confirmation Form records a consumer’s affirmative election for ATM a...
Forms

BSA Officer Quarterly Board Report Form

A quarterly board report form for the BSA Officer to summarize SARs, CTRs, OFAC activity, exams, ...
Inspections

Agent Script and Compliance Language Adherence Audit

Audit call, chat, or email interactions for required disclosures, approved script language, and e...
Sop

Beta Program Operations SOP

Beta Program Operations SOP template for defining a cohort, onboarding participants, collecting f...
Hr Policy

Open Source Software Use Policy

Open Source Software Use Policy template for reviewing, approving, using, and attributing open so...

Go deeper on the topic

Related concepts
  • Lockout/Tagout
    Lockout/tagout (LOTO) is the procedure for controlling hazardous energy — electrical, hydraulic, pneumatic, mechanical, thermal, chemical — before...
  • Job Hazard Analysis
    Job hazard analysis (JHA) — also called job safety analysis (JSA) — is the structured exercise of breaking a work task into sequential steps, identifying the...
  • Near-Miss Reporting
    A near-miss is an event that could have caused injury or damage but didn't — a slip that didn't fall, a load that shifted but didn't drop, a machine that...
  • AI Governance
    AI governance is the framework a company uses to decide what AI tools are allowed to do, who's accountable for their outputs, what data they're allowed to...
Related guides

Ready to use this template?

Get started with MangoApps and use AML Customer Due Diligence and Risk Rating Worksheet with your team — pricing built for small business.

Get Started Customize with AI
Ask AI Product Advisor

Hi! I'm the MangoApps Product Advisor. I can help you with:

  • Understanding our 40+ workplace apps
  • Finding the right solution for your needs
  • Answering questions about pricing and features
  • Pointing you to free tools you can try right now

What would you like to know?

AI-generated responses may not be 100% accurate