Here’s the article reformatted in markdown format:

Central Bank of Bahrain Rulebook Volume 6: Capital Markets

AML: Anti-Money Laundering & Combating of Financial Crime

Section AML-C1 MODULE AML: Anti-Money Laundering & Combating of Financial Crime

CHAPTER AML-C: Risk Based Approach

AML-C.2 Risk Assessment

Customer risk profile is a crucial aspect in identifying and mitigating money laundering, terrorist financing, and proliferation financing (ML/TF/PF) risks.

AML-C.2.5 Customer Risk Profile

A Capital Market Service Provider must implement and maintain appropriate policies and procedures to conduct risk assessment of its customers during the establishment of the business relationship as well as throughout the course of that relationship.

Approved by senior management: Policies, controls, and procedures must be approved by senior management to ensure that they are adequate and effective in managing and mitigating ML/TF/PF risks.
Risk assessment methodology: There is no agreed-upon set of risk factors and no single methodology to apply these risk factors in determining the ML/TF/PF risk of customers. A Capital Market Service Provider must establish an appropriate set of risk factors.

AML-C.2.6 Risk Factors

A Capital Market Service Provider must establish an appropriate set of risk factors which, among others, include:

Country risk: Customers with residence in or connection with high-risk jurisdictions.
Customer risk: Type of customers (e.g., resident or non-resident, occasional or one-off, legal person structure, status as PEP, occupation).
Products, services, and transactions risk: Services that inherently provide more anonymity, ability to pool underlying customers/funds or cash-based or face-to-face or non-face-to-face or domestic or cross-border.
Delivery/distribution channel risk: The distribution channel for products may alter the risk profile of a customer. This may include sales through online, postal, or telephone channels where a non-face-to-face account opening approach is used.

AML-C.2.7 Measures to Identify and Mitigate ML/TF/PF Risks

Capital market service providers must ensure that they take measures to identify, assess, monitor, manage, and mitigate ML/TF/PF risks to which they are exposed.

Measures taken: The measures taken must be commensurate with the nature, scale, and complexities of their activities.
Risk assessment: The risk assessment must enable the licensee to understand how their business can be used for or facilitate ML/TF/PF.

AML-C.2.8 Customer Information

A Capital Market Service Provider must have in place a system to ensure that all relevant information about customers is collected, verified, and updated throughout the course of the relationship.

Identification data: Name, date of birth, nationality, address.
Business or occupation: Type of business, profession, employment status.
Financial information: Income, net worth, source of wealth.
Beneficial ownership and control: Ultimate beneficial owner, percentage of ownership.

AML-C.2.9 Verification of Customer Identity

A Capital Market Service Provider must have in place a system to verify the identity of its customers and to obtain information about the beneficial owners and controllers of legal persons.

Obtain identification documents: Passport, national ID card, driving license.
Verify identity through official sources: Government agencies, embassies, or other authorized sources.

AML-C.2.10 Monitoring for Suspicious Transactions

A Capital Market Service Provider must have in place a system to monitor its customers for suspicious transactions and behaviors and report any ML/TF/PF suspicions to the CBB.

AML-C.2.11 Collection, Verification, and Update of Customer Information

A Capital Market Service Provider must have in place a system to ensure that all relevant information about its customers is collected, verified, and updated throughout the course of the relationship.