Risk Rating

A risk rating is the label BNDRY attaches to an entity to summarise how much risk that customer carries — typically low, medium, high, or critical. The rating lives on the entity record itself, beside other risk details, and is the value reporting, dashboards, and reviewer workflows lean on when the team needs a quick read of where a customer sits in the risk taxonomy.

The exact set of labels is tenant-configurable, and the rating you see on any given record is the outcome of a tenant-defined scoring process applied to that entity's data.

Why risk rating exists

AML and KYC obligations require reporting entities to apply a risk-based approach: customers who present more risk receive more scrutiny, more often. A risk rating is the operational shorthand that makes that approach workable at scale. Instead of every reviewer reading every record from scratch, the rating signals what level of attention a customer warrants — for ongoing due diligence, for escalation, for transaction monitoring thresholds, and for periodic reporting.

Because the rating is consistent across the customer base, it also gives compliance leaders a portfolio-level view: how the book is distributed across risk bands, how that distribution is shifting over time, and where remediation effort should be focused.

Key properties and sub-types

A risk rating in BNDRY has two configurable pieces, plus the value that ends up on the entity:

• Rating levels — the taxonomy itself. Each level has a label (for example LOW, MEDIUM, HIGH), an upper-bound threshold, an optional description, an optional display colour, and an optional icon. Levels are ordered by severity, ascending, and a score is assigned to the first level whose threshold it falls at or below. Changing thresholds can shift a large number of entities between categories overnight, so the levels are treated as policy configuration, not day-to-day settings.
• Rating rules — the logic that turns entity data into a numeric score. Each rule has a title, an optional description, a CEL expression that returns a number, and an enabled flag. When an entity is evaluated, every enabled rule runs against that entity's data and the results combine into a total. The total is then mapped to a level by the configured thresholds.
• The rating on the entity — once evaluation finishes, the resulting level label is written to the entity's risk details alongside its risk status. That label is what surfaces on the customer record, in lists, and in reports.

Risk scoring — the act of running the rules and producing the numeric result — is a distinct concept that complements the rating itself; the rating is the user-facing summary, the scoring is how that summary is computed.

How risk rating relates

A risk rating sits on an Entity (an individual, company, or trust held in BNDRY). It is produced by Risk scoring — the evaluation of the configured rating rules — and it is governed by tenant-level Risk rating levels and Risk rating rules configured in platform settings. Reviewers update the rating in the course of Customer due diligence and through Activity logs that record each evaluation. Screening outcomes (PEP, sanctions, adverse media) commonly feed into scoring as rule inputs, which means a sanctions hit, for example, typically pushes an entity's rating upward.