AI task spotlight | Edition no. 03: Customer risk rating analysis

Every two weeks, we spotlight an AI task from Unit21's task library, something many compliance and fraud teams are configuring and running inside their workflows today.

‍

This edition covers customer risk rating analysis. The gap it addresses differs from that of the first two editions. Not a missing calculation, not a missing lookup. A transparency problem. Most programs calculate a CRR for every customer. Very few surface the reasoning behind it at the moment investigators actually need it.

‍

What a CRR score is (and why the number alone isn't enough)

A Customer Risk Rating is a model-calculated score (typically 0 to 100) that summarizes the overall financial crime risk an entity represents. It's built from a set of weighted attributes: SAR filing history, transaction velocity, account tenure, geographic exposure, and others, depending on how the institution has configured its model. The score rolls those factors up into a single number and a risk tier: Low, Medium, or High, based on configured thresholds.

‍

Risk-based AML programs depend on scores like this to allocate investigative resources appropriately. FinCEN guidance and BSA examination frameworks both expect institutions to apply proportionally greater scrutiny to higher-risk customers. The CRR is built to support exactly that.

‍

The problem is what investigators actually see when they open an alert. In most programs, they see the score, if they see it at all, without the breakdown that explains it. "High (82/100)" tells an investigator the conclusion. It doesn't tell them that SAR_VOLUME carries 20% of the model weight and scores 100/100 because the entity filed two SARs in the last 12 months. It doesn't tell them that AGE_OF_RECORD is scoring 0/100 because a 66-month-old account is considered low-risk by the model's configuration. It doesn't show them how to document the score or what it means for the case before them.

‍

A score without its breakdown is a conclusion without reasoning. For investigators who need to document their decisions and for programs that need to defend them under examination, that's the gap.

‍

Introducing Unit21's AI task: Customer risk rating analysis

‍

Customer risk rating analysis: What it does

Customer risk rating analysis retrieves the CRR score for every flagged entity in an alert or case and surfaces a full attribute-level breakdown of how that score was calculated. Investigators see the model name, the risk level, the configured thresholds, and a structured table that shows exactly which attributes contributed to the score, how much weight each carries, and what the underlying data looked like, all within the alert or case, without any manual lookup.

‍

The agent automatically reviews:

• The current CRR score (0-100), risk level, the active risk model name, and the Low/High thresholds that define each tier
• The full attribute breakdown: each parameter's weight in the model, its individual score, the metric being evaluated, the raw value from the entity's data, and the mapped score derived from that value
• Scoring history: when the score was first created and when it was last updated
• All flagged entities in the alert or case, with a clear "no data available" message for any entity without an active CRR

‍

‍

‍

Customer risk rating analysis: What the agent outputs

• Current risk rating: model name, score (0-100), risk level classification, source, and the configured Low/High thresholds
• Rating history: first scored date and last updated date
• CRR attribute breakdown table: one row per attribute, showing its weight in the model, individual score, the metric being measured, the raw entity value, and the mapped score, formatted to make the model's logic visible and documentable

‍

Customer risk rating analysis: Why this matters

Investigators shouldn't have to take a score on faith. When a customer is rated High, the investigator reviewing their alert needs to know why: which attributes drove it, how heavily each one weighted, and what the underlying data showed. That's not just useful context. It's the reasoning that makes a risk-based decision documentable and defensible.

‍

Without it, investigators are working with a conclusion that has no visible logic chain. They can note the score. They can't explain it. And when an examiner asks why a case was escalated, or why it wasn't, "the CRR was high" isn't a sufficient answer.

‍

Customer risk rating analysis automatically makes the model's reasoning visible when needed. The attribute breakdown is surfaced inside the alert or case before the investigator has made any decisions, so it can actually inform those decisions rather than being retrieved after the fact. It works across both alert and case contexts. It gracefully handles entities with no CRR data. And it always reflects the institution's currently active risk model, so the output stays up to date as model configurations evolve.

‍

Because it's built on Unit21's Build Your Own Task framework, it can be configured to surface the fields your program prioritizes. It runs in your existing workflow. Nothing new to learn.

‍

About the AI task spotlight series

The AI Task Spotlight runs every two weeks. Each edition covers one task from Unit21's library, covering what it does, how it works, and who it's for. If a task is solving a real problem for one team, it can probably solve the same problem for yours.

‍

Want to learn more? Sign up for a demo of our AI. Alternatively, stay informed of our AI by signing up for our next AI Task Spotlight.