The curse of Zipf distribution

Let’s assume that a financial intermediary arranges all customer relationships into 100 risk categories. The first category with the lowest risk level contains the highest number of customer relationships, while the last category with the highest risk level contains the lowest number of customer relationships. Experience shows that the number of customer relationships is distributed according to Zipf’s law. What does that mean for compliance?

Compliance has to deal with the fact that risks are not equally distributed. Zipf is an extremely unequal distribution, which raises the question of where the line should be drawn. Customer relationships to the right of the line require particular due diligence. Art. 6 para. 2 of the Anti-Money Laundering Act (AMLA) gives an indication of where this line is, but leaves room for interpretation. If you draw the line too high, you risk running into trouble with non-analyzed risk cases below it. If you draw it too low, you may have too many risk cases to analyze with the available resources – the Zipf distribution means that even slightly lowering the line can lead to an enormously increased demand on resources.


To ensure that you don’t waste too many resources below the line or ignore cases with a higher risk above the line, it must be carefully defined and aligned with the available resources. The percentage next to the line shows what percent of all business relationships lie to the right of the line. Defining the line is a challenge, because it also entails determining which risk cases will be ignored. This may pain the Compliance Officer, but it’s difficult to avoid when considering the question of resources. We don’t think a patchwork approach is optimal; this occurs when the risk demarcation is defined using individual cases from the past. Ignoring higher risks in favor of lower risks is not ideal.

Complete Revision of the Federal Data Protection Act

Complete Revision of the Federal Data Protection Act: „As of 15th September 2017, draft and report for a completely revised Federal Data Protection Act is public. In a first step parliament and the people agreed to adaptations in order to be compliant with EU law. The second part of the revision is debated by the parliament since September 2019. Data Protection is to be increased by giving people more control over their private data as well as reinforcing transparency regarding the handling of confidential data.”


Eurospider Information Technology AG
Winterthurerstrasse 92
8006 Zürich


Cookies make it easier for us to provide you with our services. With the usage of our services you permit us to use cookies.
More information Ok Decline