What Is a Risk Matrix and How To Use It?

Every business you enter in relation to has its level of risk. To prevent fraud or money laundering, you need to be aware of the risk associated with each of your potential customers or business partners and be able to decide whether to do business with them or have a closer look at their activities, depending on their risk score. A risk scoring matrix is a tool that most compliance teams use for this purpose. But how do you set it up? Which criteria should be taken into account when assessing risk? Let’s dive into this!

Posted :

February 13, 2024

Featured in :


Share this article :

Why do compliance teams need a risk matrix?

Risk matrices are used in B2B financial services, with regulatory bodies mandating their creation and maintenance.

A risk matrix is most often a spreadsheet document used to calculate this risk score. Using a risk matrix allows compliance teams to automate risk scoring based on various criteria.

When starting a new business relationship with a customer or a partner, you need to be aware of the risk you’re taking with this counterpart. By ‘risk’ we mean the risk to your business. Is there a reputational risk associated with this new partnership? Is there a risk this client could be fraudulent? Being able to map the risk of their clients allows compliance teams to adopt different monitoring strategies depending on the risk score of each of them. The scores are typically divided into 3 levels: low, medium, and high. Sometimes, compliance teams also use a fourth level: prohibited.

How can we assess the risk of a new customer?

Whether you are a financial institution, a marketplace, an insurance broker, or the like, onboarding a new customer (individual or business) implies collecting data on this customer and verifying them - essentially performing a KYB or KYC. This process is generally divided into several phases:

  1. Collect data and documents from the company or individual you’re onboarding
  2. Perform necessary verifications, for instance identity verification of UBOs or individuals, or AML screening
  3. Assess the risk of this customer
  4. Decide whether to do business with this customer or not

During phases 1 and 2 of the KYB/KYC process, you will collect important information that will help you assess the risk of your potential customer. This information includes the country of registration (for a business) or birth (for an individual), industry of operations (for a business), AML flags, etc.

These data can then be used in the risk matrix to assess the risk of this counterpart (step 3 of the onboarding process) and then decide whether to do business or not, or adopt a special risk monitoring strategy depending on its risk score (step 4 of the onboarding process).

How to build a risk matrix?

A risk matrix is most often built on a spreadsheet document. It lists the criteria you want to take into consideration in the risk scoring of your customers (see the previous paragraph). You can customize the criteria you want to take into consideration depending on your business, e.g., average amount of operations or countries of operations, etc. Most of the time, those criteria have a score and are weighted. The output of this matrix is a risk score and risk level (low, medium, high) for the customer.

How Dotfile can help you assess and monitor the risk of a customer?

Dotfile provides end-to-end business verification, including risk scoring and monitoring of companies and individuals. By using Dotfile, your team saves time and maintains continuous vigilance, being alerted to potential new risks in individual or business profiles.

Dotfile provides you with an easy way to evaluate the risk of your customers using your own risk model. Our developers allow you to easily automate your risk scoring by replicating your risk matrix within our platform so that you get exactly the same risk score as if you were still using your risk matrix. The risk score is calculated in real time and can be manually overridden if needed.

In the meantime, we're offering you access to our simplified risk-scoring matrix!

To support compliance professionals who rely on spreadsheets to manage risk, we developed a simplified version of our own risk-scoring tool. With this template, you can assess your business clients’ risk profile based on multiple factors.


Assessing the risk of a future or current client or business partner is key to the security of your business. Building a risk matrix will help you have an overview of these risks and make the right decisions regarding your counterparts.

Dotfile helps businesses streamline their compliance operations, reduce risk, and build trust. Book a demo to see how we can help you.

Put your user onboarding on autopilot

Request access