The risk assessment is the reviewer's decision point in every AML session: you weigh the automated findings, add anything you know that the data can't, and record a risk level. Risk assessments require AML access — members without it see an AML access required notice.
Open the AML profile and go to the Risk Assessment tab, or click Start Assessment (or Re-Assess) on the Overview.
The first card is filled in for you and can't be edited — each factor shows Clear or its severity (High, Medium, Low) with supporting detail.
For individuals, Risk Factors from Screening (Auto-populated from Didit screening results) covers:
Politically Exposed Person Match
Sanctions Match
Adverse Media Match
Non-Resident / Foreign Dealings
Politically Exposed Person Declaration Mismatch
For businesses, Risk Factors from KYB (Auto-populated from CreditorWatch business verification findings) covers:
External Administration
ATO Tax Default
Entity Strike-off / Cancellation
Court Actions on Record
Payment Defaults on Record
Insolvency Notices
Mercantile Enquiries
Low Credit Score
Short Trading History
AUSTRAC-Designated Industry
Recent Director Churn
If a business profile hasn't run KYB yet, the card shows Run KYB first with a button to open the KYB tab — the auto factors come from the CreditorWatch report.
Toggle on anything you know from your own dealings with the customer. Each factor carries a fixed severity badge. For individuals: High-Risk Jurisdiction (with an info tooltip summarising the FATF high-risk and increased-monitoring country lists that AUSTRAC aligns with), Complex Ownership Structure, Unusual Transaction Patterns, Physical Cash / Cash-Intensive, Virtual Assets / Cryptocurrency, High-Value Transaction, Charity / Non-Profit (NPO) and Other (with a free-text description).
For businesses the list swaps in entity-specific factors: High-Risk Industry (manual), Beneficial Owner Refused Disclosure and Shell Company Indicators, alongside the shared jurisdiction, structure, cash, crypto, transaction-value, non-profit and Other factors.
The Decision card shows a Suggested Level calculated from the factors: any active high-severity factor suggests High, otherwise any active medium factor suggests Medium, otherwise Low. You stay in control — pick the final Risk Level (low, medium or high) yourself; once you choose, Nagaris won't overwrite your choice as factors change.
Add Notes — rationale, sources consulted, follow-ups.
Toggle Enhanced Customer Due Diligence Required if ECDD applies (it's suggested automatically for high risk). A notes field appears for the ECDD rationale and your compliance officer's approval to proceed — decision, who approved, and date.
Click Save Assessment. You'll see Risk assessment completed and be returned to the Overview.
The Overview's Risk Assessment card then shows the Risk Level, whether ECDD Required, the Next Review date, Assessed by and Last Assessed. The next review date drives the Overdue review and Due in 30 days tiles on the AML dashboard, and an overdue completed profile shows a Review overdue badge on the contact.
Assessments are never overwritten. Re-opening the tab pre-fills the form from the most recent assessment so you're updating rather than starting from scratch, and every save adds a row to Assessment History showing who assessed, the level, an ECDD marker where it applied, when, and the notes. Each assessment is also logged on the profile Timeline as Risk Assessed.
Run and resolve screening before assessing an individual — the empty state reminds you: No risk assessment completed yet. Run screening first, then start the assessment.
Assessment is blocked while the latest identity verification is declined (Resolve identity verification first.).
Saving the assessment is what moves a profile from Pending Assessment to Completed.
The FATF country lists in the High-Risk Jurisdiction tooltip are revised three times a year — the tooltip includes the as-at date and points to fatf-gafi.org for the current lists.