Every entity in BNDRY — individual, company, or trust — can carry a risk score, and that score is what places the entity into a risk level that drives your compliance workflows. The number on its own isn't the point; the level it maps to is. This article explains how a score becomes a level, how many levels are worth having, what it means when an entity has no level at all, and why BNDRY pairs every colour with an icon.
How thresholds turn a score into a level
Each risk level is defined by a single threshold, which acts as a ceiling for that level. When an entity receives a risk score, BNDRY finds the lowest threshold the score falls at or below, and assigns that level. With thresholds of Low = 30, Medium = 60, and High = 100, scores map like this:
| Score | Level | Why |
|---|---|---|
| 25 | Low | At or below the Low threshold (≤ 30) |
| 45 | Medium | Above Low, at or below Medium (≤ 60) |
| 85 | High | Above Medium, at or below High (≤ 100) |
Because each threshold is a ceiling rather than a range, you only ever define one value per level. This has a quiet benefit: adding or removing a level never forces you to recalculate the boundaries on either side of it. The highest level must always sit at 100, so that every possible score — right up to the top of the scale — has somewhere to land.
How many levels to use
There's no fixed limit, but in practice two structures cover almost every risk framework, and the choice is really about how much granularity your programme can act on.
A 3-level matrix (Low / Medium / High) is the simplest and most widely used. It suits lower-complexity customer bases, or any situation where a binary pass/fail is too blunt but a five-point scale is more nuance than you'll use. A 5-level matrix (adding Critical and Extreme) is the standard for institutions with mature AML/CTF programmes or larger, more complex portfolios; it aligns with FATF guidance and with most frameworks that require differentiated treatment of very high-risk customers.
Sensible starting thresholds are 33 / 66 / 100 for three levels, and 20 / 40 / 60 / 80 / 100 for five. The recommendation is to start with three unless your compliance programme already mandates finer granularity — migrating to five later is straightforward, since you add levels and adjust thresholds without losing historical ratings. Beyond six or seven levels you rarely add analytical value, and risk decisions become harder to communicate internally. Whatever you choose, the bands should reflect the scoring documented in your risk appetite statement rather than arbitrary round numbers.
What an unspecified rating means
BNDRY reserves a system level, RISK_RATING_UNSPECIFIED, set at threshold 0, to identify entities that haven't been scored yet. It's tempting to read that as the bottom of the scale, but unspecified is not the same as Low. Low risk is the outcome of an assessment; unspecified means no assessment has run at all. An entity in this state hasn't been judged to pose minimal risk — it simply hasn't been judged. Entities sitting at unspecified should be triaged and assessed before you onboard them or transact with them, not treated as quietly safe.
Why colour alone isn't enough
Colour vision deficiency affects a statistically significant proportion of the population. The most common form is red-green colour blindness, which makes the standard red / amber / green traffic-light palette difficult or impossible to distinguish — exactly the palette risk tiers tend to reach for first. That's why BNDRY gives every risk level both a colour and an icon: the icon carries the meaning through shape, so the level survives even when the colour doesn't read.
When you configure levels, the practical guidance is to always set both, and to draw colours from a set that stays distinguishable for colour-deficient vision — the Okabe-Ito palette is the most widely used choice, and the recommended values are listed in the configuration guide. Keep colours semantically consistent so users build intuition (blue or green for low, amber for medium, red or fuchsia for high), avoid the pure red / green combination entirely, and for the higher levels consider varying the icon's shape — a filled versus outlined variant, say — to add a second non-colour dimension. Where text sits on a coloured background, aim for a WCAG AA contrast ratio of at least 4.5:1.
See also
- Configuring risk levels — the steps to add, edit, reorder, and colour your levels in the admin portal.
- Risk Rating — the risk rating concept in BNDRY.
Comments
0 comments
Article is closed for comments.