The Treasury Department directs that an AML program must be based on risk assessment of which elements?

The key idea is that an AML program should assess risk across multiple dimensions to tailor controls effectively. The Treasury requires the risk-based approach to be built from a risk assessment that covers product or service types, the customers involved, the distribution channels used, and the geographic locations affected. Each dimension brings its own risk drivers: certain products or services can enable easier concealment or rapid movement of funds; some customers (like non-residents or politically exposed persons) carry higher ML risk; specific delivery channels (such as third-party agents, correspondent banking, or online platforms) introduce unique abuse avenues; and certain locations or regions may have stronger ML ecosystems, weaker AML controls, or sanctions risk. By evaluating all four areas together, an organization can identify where the greatest risk lies and apply proportional controls accordingly. If you consider only one or two elements, you might miss important risk factors present in the others, leaving gaps in the program.