De-Risking and Financial Inclusion

What De-Risking Is - and Why It Is a Problem

De-risking is the practice of terminating or refusing business relationships with entire categories of customers, rather than assessing and managing the risk of individual clients. A bank that exits every money services business (MSB), or closes accounts for all charities operating in a high-risk region, is de-risking. FATF defines it precisely as institutions choosing to avoid, rather than manage, risk - which directly conflicts with the risk-based approach (RBA) that underpins the entire CAMS framework.

The exam treats blanket de-risking as the wrong answer in almost every scenario. The reasoning: the RBA (FATF Recommendation 1) requires proportionate, case-by-case judgment. Wholesale exit substitutes a crude category rule for genuine risk assessment, and FATF has issued formal guidance discouraging it.

Three harms make de-risking a policy concern:

Ironically, de-risking can increase ML/TF risk system-wide: when remittances move through informal value-transfer systems (such as hawala) instead of monitored banks, intelligence visibility falls.

The Segments Affected and the Correct Response

Certain customer types are repeatedly hit by de-risking, and CAMS expects you to recognize them: correspondent banking relationships (especially nested or respondent banks in higher-risk countries), money services businesses (MSBs) and remittance providers, non-governmental organizations (NGOs) and charities working in conflict zones, and embassy or foreign-official accounts. The withdrawal of correspondent banking from entire regions has been flagged by the Financial Stability Board and FATF as a systemic financial-inclusion threat.

Financial inclusion - bringing unbanked and underbanked populations into the regulated system - is treated by FATF as complementary to, not in tension with, AML objectives. The more activity sits inside monitored institutions, the more visible it is. FATF explicitly permits simplified due diligence (SDD) for genuinely lower-risk, financial-inclusion products (such as basic, balance-capped accounts) provided national risk assessment supports it.

The CAMS-correct response to a high-risk segment is risk-based account management, not automatic exit:

• Apply enhanced due diligence (EDD) and understand the customer's business and expected activity.
• Set appropriate monitoring thresholds and review frequency for the risk level.
• Document the risk decision and the rationale for retaining or exiting the relationship.
• Exit only specific relationships where risk cannot be effectively managed - an individualized, evidenced decision.

Worked scenario: A compliance committee proposes closing all accounts for a category of remittance companies to "reduce AML risk." CAMS-correct analysis: this is blanket de-risking that contradicts the RBA, harms financial inclusion, and may push funds into unmonitored channels. The right course is to assess each MSB individually, apply EDD, strengthen monitoring, and exit only the specific relationships whose risk genuinely cannot be mitigated - all documented. Choosing wholesale exit is the trap answer.

This topic lives in the 20%-weighted Global AFC Frameworks, Governance, and Regulations domain and ties governance directly to the proportionality principle tested throughout CAMS.

Account Exit Done Right and the Regulator's View

De-risking does not mean an institution can never exit a customer - it means exit must be the outcome of risk-based judgment, not a category reflex. When a relationship's risk genuinely cannot be mitigated within the bank's appetite, exit is appropriate. The exam tests whether you can sequence a defensible exit:

1. Document why the residual risk exceeds appetite despite EDD and enhanced monitoring.
2. Obtain senior approval consistent with the risk-acceptance framework.
3. Exit in an orderly way that does not tip off the customer to any SAR or investigation - file a SAR if suspicion exists, and continue to monitor and report during wind-down.
4. Avoid signaling by, for example, abruptly freezing funds in a way that warns the subject, unless law enforcement directs that step.

Regulators have grown openly critical of indiscriminate de-risking. US agencies and FATF have published statements clarifying that institutions are not expected to exit whole categories of lawful customers, and that doing so can itself reflect a weak, non-risk-based program. The reputational and financial-stability cost of cutting correspondent links from entire regions is treated as a supervisory concern.

Worked scenario: A charity sending funds to a conflict zone trips monitoring alerts. Rather than closing the account on principle, the CAMS-correct path is EDD on the charity's governance, vetting of downstream partners, transaction-level monitoring against stated purpose, and documentation - reporting suspicious activity if it appears, and retaining the customer if risk is manageable. This protects financial inclusion (humanitarian flows stay in the regulated, monitored system) while satisfying the risk-based approach examiners expect.