The curse of Zipf distribution

Let’s assume that a financial intermediary arranges all customer relationships into 100 risk categories. The first category with the lowest risk level contains the highest number of customer relationships, while the last category with the highest risk level contains the lowest number of customer relationships. Experience shows that the number of customer relationships is distributed according to Zipf’s law. What does that mean for compliance?

Compliance has to deal with the fact that risks are not equally distributed. Zipf is an extremely unequal distribution, which raises the question of where the line should be drawn. Customer relationships to the right of the line require particular due diligence. Art. 6 para. 2 of the Anti-Money Laundering Act (AMLA) gives an indication of where this line is, but leaves room for interpretation. If you draw the line too high, you risk running into trouble with non-analyzed risk cases below it. If you draw it too low, you may have too many risk cases to analyze with the available resources – the Zipf distribution means that even slightly lowering the line can lead to an enormously increased demand on resources.

To ensure that you don’t waste too many resources below the line or ignore cases with a higher risk above the line, it must be carefully defined and aligned with the available resources. The percentage next to the line shows what percent of all business relationships lie to the right of the line. Defining the line is a challenge, because it also entails determining which risk cases will be ignored. This may pain the Compliance Officer, but it’s difficult to avoid when considering the question of resources. We don’t think a patchwork approach is optimal; this occurs when the risk demarcation is defined using individual cases from the past. Ignoring higher risks in favor of lower risks is not ideal.