What does the score actually measure?

The score reflects how thoroughly your program covers six foundational CDD pillars based on your self-reported inputs. Each pillar is rated as absent, partially in place, or fully in place, and the score is a weighted sum of those ratings expressed on a 0-100 scale. It measures documented, consistently applied controls, not the volume or complexity of your customer base.

How is the number calculated?

Each of the six pillars contributes points based on whether the control is absent, partial, or fully in place. The total points are divided by the maximum possible points and multiplied by 100. A partial response counts toward the score but scores less than a fully implemented control, so there is no incentive to round up.

What are the limitations of this tool?

This is a self-assessment, so the output is only as accurate as the inputs. It does not review your actual policies, procedures, or customer files. It also does not account for industry-specific regulatory requirements, the size or risk profile of your institution, or jurisdiction-specific rules that may impose higher standards than the pillars assessed here. Use it as a starting point for internal review, not as a substitute for one.

Can I use this result in a regulatory examination or audit report?

No. The assessment is an internal diagnostic tool. Regulators assess compliance through review of actual documentation, transaction records, and sampled customer files. A high score here does not constitute evidence of compliance, and you should not represent it as such in examination materials.

Our risk rating process exists but is applied inconsistently. How should I answer that pillar?

Select partial. A control that exists in policy but is not consistently applied in practice is not fully in place. Consistency of application is part of what examiners assess, and overstating this pillar will make the score less useful as a diagnostic.

How often should we run this assessment?

At minimum, run it annually or whenever your CDD program undergoes a material change, such as a policy update, a new product line, a change in your customer risk appetite, or a regulatory examination finding. Many compliance teams also use it as a pre-audit benchmark to identify gaps before an examiner does.

CDD Readiness Assessment

Score your customer due diligence program across the core CDD pillars.

Calculations run entirely in your browser. Nothing is submitted.

The CDD Readiness Assessment scores your customer due diligence program across six core pillars, from customer identification and risk rating through to sanctions screening. It produces a 0-100 readiness score so compliance teams can quickly identify gaps before an examination or internal audit surfaces them.

How to use the CDD Readiness Assessment

Work through the six statements in order. For each one, select the response that most honestly reflects your program today, not where you plan to be after the next remediation project. The assessment covers:

Customer identification (CIP): Whether your identification and verification procedures are written down and applied consistently across all onboarding channels.
Risk rating: Whether every customer receives a documented risk classification at onboarding, not just high-risk accounts flagged after the fact.
Beneficial ownership: Whether you collect and verify ownership and control information for legal entities, in line with the CDD Rule requirements.
Enhanced due diligence (EDD) triggers: Whether the conditions that require deeper review are defined in policy and applied in practice, not left to individual judgment.
Periodic KYC refresh: Whether existing customers are reviewed on a schedule that reflects their risk level, with lower-risk customers reviewed less frequently and higher-risk customers more often.
Screening: Whether customers are checked against sanctions lists, politically exposed person (PEP) databases, and adverse-media sources at onboarding and on an ongoing basis.

Be conservative. If a control exists on paper but is inconsistently applied, that is partial, not fully in place. Partial credit is available, so accuracy matters more than optimism.

What the result means

Your score falls into one of several readiness bands. A high score indicates that all six pillars are documented and consistently applied. A mid-range score typically means some controls are in place but gaps exist, often in EDD definition or periodic review cadence. A low score signals foundational work is needed before the program can be considered examination-ready.

Read the result as a diagnostic, not a certification. A score of 80 does not mean your program is compliant; it means your self-reported controls cover most of the assessed pillars. What the score is most useful for is identifying which specific pillar is weakest so you can direct remediation effort there first.

If your results show partial or absent credit on beneficial ownership or EDD, those are typically the areas regulators focus on most closely during BSA/AML examinations. Treat a low score on either as a priority.

Why this matters for compliance teams

CDD programs are examined against a consistent set of expectations: know who your customer is, assess their risk, obtain ownership information for entities, apply additional scrutiny where the risk warrants it, keep that information current, and screen against known bad actors. Weaknesses in any one area can result in examination findings, even if the other five are strong.

For MLROs and BSA officers, the value of a structured self-assessment is that it forces an honest comparison of written policy against actual practice. It is easy to believe a control is fully in place until you trace a sample of customer files and find exceptions. Use the results of this assessment to prepare that testing, or to brief senior management on where the program stands before an audit cycle begins.

FluxForce surfaces this assessment alongside its broader KYC tooling so teams can move directly from diagnosis to action, whether that means updating a policy, tightening an EDD trigger, or scheduling a backlog of overdue KYC reviews.

Close the gap with FluxForce

FluxForce AI agents cut false positives, clear alert backlogs, and produce evidence-backed decisions with full audit trails, so the numbers above move in the right direction.

Explore AI Modules icon

Request a Demo

← Back to all tools