Workflow Templates for Financial Services: Client Risk Profile Checklist

Client Identification and CIP

Collect government-issued ID and capture copies

Capture passport or driver's license for each individual; for entity accounts, also collect formation documents, EIN, and ID for any 25%+ beneficial owner per the CDD rule. Store in NetDocuments or the firm document vault — not email attachments.

Run identity verification through LexisNexis or IDology

Non-documentary verification satisfies the CIP rule when ID copies alone aren't enough. Save the verification report ID with the client file — examiners ask for it.

Screen all parties against OFAC SDN list

Screen the client, joint owners, beneficial owners, trustees, and named beneficiaries through Refinitiv World-Check, LexisNexis Bridger, or the firm's AML platform. A common gap: beneficiaries added later who never get screened.

Determine PEP status and adverse media

Politically Exposed Persons and clients with adverse media hits require enhanced due diligence under the CDD rule. Document the determination even when clear — the audit trail is what protects the firm.

File CIP documentation per books-and-records rule

Rule 204-2 requires retention for at least five years, the first two in an easily accessible place. Save ID copies, verification report, OFAC screen, and PEP determination to a single client folder.

Financial Profile and Source of Wealth

Capture assets, liabilities, and household income

Pull figures into eMoney or RightCapital so the data feeds the financial plan and the suitability file. Note any concentrated positions, employer stock, or restricted securities — these matter for both planning and Reg BI.

Document source of funds and source of wealth

Source of funds explains the specific money funding the account; source of wealth explains the broader economic origin (inheritance, business sale, career earnings). Examiners flag accounts where these are conflated or left vague.

Confirm employment and outside business activities

Capture employer, role, and any public-company affiliation that may trigger Rule 144 restrictions or 10b5-1 considerations. Note insider status for board members and executive officers.

Review tax bracket and outstanding obligations

Run last year's 1040 through Holistiplan to surface marginal bracket, AMT exposure, IRMAA tier, and any liens or installment agreements. Tax location decisions depend on this.

Risk Tolerance and Investment Objectives

Administer the Riskalyze or Tolerisk questionnaire

For joint accounts, capture each spouse separately — divergent risk numbers are common and need an explicit reconciliation conversation before allocation.

Capture the risk tolerance bucket

This drives model selection and is the anchor for any future drift conversations. Reconfirm verbally with the client — questionnaire scores often overstate appetite versus how the client actually behaves in a drawdown.

Define goals, time horizon, and withdrawal plans

Separate accumulation versus decumulation phases; document target retirement date, expected withdrawal rate, and any goal-funded buckets (education, second home, philanthropy).

Document liquidity needs and cash flow requirements

Identify any near-term cash needs (within 12-24 months) that should not be exposed to market risk. Clients with private investments or non-traded REITs need explicit illiquidity discussion.

Record investment restrictions and ESG preferences

Capture sector exclusions, single-issuer concentration limits, religious or values-based screens, and any legacy positions the client refuses to sell. These flow into the IPS and the rebalance engine.

Reg BI Disclosures and Suitability File

Deliver Form CRS at recommendation

Reg BI requires Form CRS delivery to retail clients at the time of recommendation, account opening, or new service. Track delivery date and method — examiners want to see the timestamp, not just that the form exists.

Deliver Form ADV Part 2A and 2B brochures

Send the firm brochure (2A) and the supervised-person brochure (2B) for the assigned advisor. Skipped initial delivery and missed annual delivery are the two most common ADV citations.

Document the Reg BI best-interest rationale

Write the why: why this allocation, why this product, why not the lower-cost or simpler alternative. Reg BI exams pull this rationale; checkbox-only suitability forms fail. Particularly critical for IRA rollover recommendations under DOL PTE 2020-02.

Collect signed disclosure acknowledgments

Counter-signed advisory agreement, Form CRS acknowledgment, ADV receipt, and Reg S-P privacy notice. DocuSign envelopes route to the client folder; CCO reviews the package before activation.

Enhanced Due Diligence

Gather supplemental EDD documentation

For PEPs and high-risk relationships, collect detailed source-of-wealth narrative, recent tax returns or audited financials, and corroborating third-party documentation. Adverse media hits require a written disposition memo.

Escalate the file to the CCO for sign-off

The CCO documents the risk-acceptance decision and any conditions (transaction caps, additional review cadence). Sanctions matches stop here pending OFAC license guidance — do not open the account.

Configure heightened transaction monitoring rules

Tag the account in Verafin or the firm AML platform with EDD-tier rules: lower thresholds for wire alerts, faster review SLAs, and quarterly (not annual) profile refresh.

Ongoing Monitoring and Annual Review

Schedule the annual profile review

Set the recurring CRM task in Wealthbox or Salesforce. Annual ADV Part 2 delivery and risk reconfirmation should anchor the same meeting so disclosures and suitability stay synced.

Monitor transactions against the expected activity profile

Compare actual deposits, wires, and trading activity to the profile captured at onboarding. Material deviation triggers a CDD refresh; suspicious activity triggers a SAR review within the 30-day filing window.

Refresh KYC fields after material life events

Marriage, divorce, inheritance, retirement, business sale, and beneficiary changes all warrant updating the profile. A common gap: beneficiaries added mid-year who never get OFAC-screened.

Reconfirm risk tolerance at the annual review

Re-administer the questionnaire and compare to current allocation. Document any drift between stated tolerance and actual portfolio risk; update the IPS if the client's circumstances have moved the bucket.