What’s the Best Dynamic Risk Scoring Algorithm? Comparing Moving Averages, Simple Averages, and Weighted Scoring for AML & Fraud

Financial crime risk is not static. A customer’s risk profile can shift rapidly with new transactions, behaviors, or data. Yet historically, many financial institutions relied on one-time or infrequently updated risk scores, leaving blind spots. In fact, in 2024 a major bank was fined $3.1 billion in part because its customer risk ratings were outdated and “calculated using broken logic,” allowing high-risk customers to slip through. Regulators today expect continuous, real-time risk scoring across the customer lifecycle. This means compliance teams must dynamically score customer risk using algorithms that blend initial onboarding (KYC) information with ongoing behavioral signals. In this post, we’ll compare three approaches to dynamic risk scoring algorithms; simple averages, moving averages, and weighted scoring, to understand which is “best” for Anti-Money Laundering (AML) and fraud detection contexts. Each method has strengths and trade-offs, and the goal is to choose and combine them based on context rather than one-size-fits-all.

Simple Average

The simple average approach calculates a mean value from all available data points, giving each point equal weight. In a risk scoring context, this could mean averaging a customer’s risk-relevant behavior or metrics over a long period (e.g. lifetime average transaction value, average monthly transaction count, etc.). Every data point from the past contributes equally to the score.

Pros:

• Easy to implement and interpret: A simple arithmetic mean is straightforward to calculate and explain.
• Smooths out short-term noise: Because it aggregates all data, a simple average isn’t swayed by one-off anomalies. A single unusual transaction has limited effect when diluted by a large history of data, reducing false alarms from brief spikes.

Cons:

• Lags on recent behavior: Simple averages are slow to reflect change. A surge in risky behavior might barely move a long-term average, meaning the score may underestimate current risk.
• Old risk lingers indefinitely: Past data stays in the calculation forever unless manually reset. This can overstate risk if an old incident is no longer relevant, or conversely understate current risk because the weight of old benign data masks emerging issues.

Best for:

Cases where the risk indicator changes slowly over time and long-term trends matter more than instant fluctuations. For example, measuring the average transaction size or average account balance over a year is well-suited to a simple average, it provides a stable view of the customer’s typical behavior. This is useful for detecting gradual changes in profile (e.g. a steadily growing transaction size) without overreacting to a single large transaction.

Moving Average

A moving average (often a rolling window average) looks at only the most recent subset of data, for example, the last N days or last N transactions, and averages those. As new data comes in, the oldest data falls out of the window. This yields a continuously updated average that “moves” with time, effectively forgetting older information outside the window.

Pros:

• Responds quickly to recent changes: By focusing on the last N observations, a moving average makes the score highly sensitive to new behavior. If a normally low-risk customer suddenly starts making unusual transactions, a moving average of the last 7 days will spike quickly to reflect that uptick in risk.
• Adaptable through window size: Teams can tune the window length (N days/transactions) to find a balance between responsiveness and stability. A shorter window (e.g. last 1 week) catches abrupt changes almost immediately, which is great for fast-moving fraud patterns or AML red flags that appear suddenly.

Cons:

• Forgets useful historical context: By design, anything outside the window is ignored. This means a moving average might “forget” past risky behavior once it ages out. Important context (like a pattern of risky activity a few months ago) is lost if it’s outside the window, potentially leading to false complacency.
• Can be volatile if window is too small: If the window is very short, the score may swing widely with each new data point. Day-to-day fluctuations can make the risk score jump around (“whiplash effect”) and trigger alerts that might be just normal variance. Choosing the right window size is critical to avoid excessive volatility.

Best for:

Risk factors that are highly time-sensitive and where recent activity should outweigh the distant past. Moving averages excel at detecting fast-changing behaviors or spikes in risk, for example, a sharp increase in transaction velocity or a sudden jump in average transaction value over the last 14 days. In fraud detection, a moving average can flag when today’s behavior deviates strongly from the recent norm. Just be mindful to set the window appropriately (not too short to cause noise, and not too long to become sluggish).

Weighted Scoring (Static + Behavioral)

Weighted scoring combines multiple inputs, often a mix of static customer attributes and dynamic behavioral signals, each multiplied by a chosen weight, to produce a composite risk score. Unlike a plain average (where every input is equal) or a fixed window, this approach lets you assign higher importance to certain factors. For example, a customer’s inherent risk factors from onboarding (like KYC data: high-risk country, PEP status, etc.) could be one part of the score, and their recent transaction behavior (velocity, volume, anomalies) could be another part. Each factor is given a weight according to its perceived risk contribution, and the total score is a weighted sum or average of all these factors.

Pros:

• Most flexible and expressive: Weighted scoring is essentially a customizable risk model. You can include any number of variables (both static profile data and dynamic behavior metrics) and tune their weights. This flexibility means the model can be as comprehensive as needed, covering country risk, business type, past alerts, transaction patterns, device changes, and more, with each factor’s weight reflecting its risk impact. It’s a way to codify expert risk judgment into the scoring algorithm.
• Balances inherent vs. current risk: By combining static and dynamic elements, weighted scoring gives a holistic view. Static KYC factors ensure the score starts from an appropriate baseline (e.g. a customer from a sanctioned country might start at higher risk), while behavioral factors adjust the score up or down as the customer’s activity unfolds over time. This real-time evolution of the score means it can closely track the customer’s true risk level at any moment, which is ideal for ongoing monitoring.

Cons:

• Requires careful calibration: The power of weighted models comes with the responsibility of choosing good weights and thresholds. If weights are poorly chosen (e.g. over-weighting a trivial factor or under-weighting a critical one), the score might misrepresent risk. Getting these right typically involves analysis, expert input, and sometimes trial-and-error or historical testing. Regular reviews are needed to adjust weights as risk patterns or regulatory guidance changes.

Best for:

Real-time, context-rich risk assessment. Weighted scoring is ideal when you want your risk scoring to reflect a customer’s full risk story, combining who they are (inherent risk) and what they’re doing (behavioral risk) into one continuous score. This approach shines in modern risk-based transaction monitoring programs, where you might, for example, assign certain point values or weights to events: a geolocation mismatch might add 0.2 to the risk score, while repeated large cross-border transfers could add 0.7. The result is highly adaptive monitoring: as soon as a customer’s behavior changes or some new risk factor emerges, the weighted score adjusts proportionally. This makes it suitable for real-time risk scoring systems that feed alerts and decisions, you can set tiered risk thresholds (Low/Medium/High) and have confidence that the score encapsulates both the customer’s background and their latest actions.

How Flagright Handles It

Flagright has embraced all three scoring approaches to give compliance teams a configurable, dynamic risk engine. Flagright’s risk scoring engine allows users to set up risk factors using simple averages, moving/rolling windows, or custom weighted logic, or even combine these mechanisms, depending on what the situation calls for. Crucially, everything operates in real-time and is configurable without code.

• Rolling windows & decay logic: Flagright lets you define rolling time windows or apply decay factors for behavioral risk metrics, so you can decide how long data “stays relevant.” For example, you might score transaction velocity based on the last 30 days of activity (rolling window) or use a decay where each passing day diminishes an event’s weight. This ensures the score is sensitive to recent behavior and gradually forgets old data, aligning with the moving-average principle for fast-changing risks.
• Static + dynamic weights: You can seamlessly combine inherent KYC risk and behavioral risk in one model. Flagright enables multiple risk scores e.g. a static onboarding risk score and a transactional risk score that feeds into an overall customer risk scoring. Each factor in the model can be given a custom weight by the team, reflecting your institution’s risk appetite (maybe country of origin = 10% of the score, business type = 20%, recent large transactions = 30%, etc.). These weights and scoring logic are fully user-configurable, so the risk model is tailored to your needs and can be updated anytime as policies change. Compliance teams can adjust the formula without any engineering effort, thanks to a no-code interface.
• Real-time updates into monitoring: Flagright’s risk scoring engine recalculates risk immediately whenever new data comes in, a new transaction, a profile change, a sanction hit, etc. The updated score is instantly usable by the transaction monitoring rules and workflows. In practice, this means if a customer’s risk score crosses a defined threshold (say from Medium to High) due to recent activity, that change can automatically trigger enhanced monitoring or an alert at the exact moment it happens. Threshold conditions you configure are applied in real-time, so there’s no lag between risk changes and the system’s response.
• No-code flexibility and governance: All of this is managed through Flagright’s dashboard, so risk and compliance teams can iterate quickly. You can tweak a weight or shorten a window and deploy the change immediately, no new code or lengthy IT projects needed Every change is logged for audit purposes, and built-in simulation tools let you test how adjustments would have impacted historical data before you go live, ensuring strong governance over your risk model.

In summary, Flagright provides a unified, dynamic risk scoring solution: you get the simplicity of averages for stability, the agility of moving averages for recency, and the power of weighted scoring for comprehensive risk assessment, all working in unison. Scores are continuously updated and fed into a broader monitoring and case management ecosystem, enabling truly risk-based, real-time compliance operations.

Conclusion: Choose for Context, Not One-Size-Fits-All

So, what’s the “best” dynamic risk scoring algorithm? The truth is, each of these methods has a role, and the optimal approach depends on context. Simple averages, moving averages, and weighted scoring aren’t mutually exclusive, they can complement each other. For instance, you might use a moving average to detect short-term deviations (e.g. unusual weekly activity) while still considering a longer simple average for baseline stability, and then apply a weighted model that combines those signals with static risk factors. The real power comes from blending these techniques to capture both the big picture and the latest developments in a customer’s risk profile.

The key is to move past purely static scores. A one-and-done risk rating from onboarding will not reflect reality a year later, as the industry cases have shown, that gap creates compliance failures. Instead, fincrime teams should embrace dynamic scoring models that update with behavior and time. By tuning your risk algorithms to fit each scenario (and having the tools to do so easily), you ensure that high-risk changes don’t go unnoticed and low-risk customers aren’t overburdened by outdated risk labels.

In practice, there’s no single “best” algorithm universally, but there is a best approach: an adaptive one. Choose the right tool for each job: use simple averages for long-term steadiness, moving averages for quick shifts, and weighted scoring for a holistic, real-time risk view. With modern platforms enabling all three, AML compliance and fraud teams can confidently build hybrid models that maximize both precision and responsiveness.

Ready to elevate your risk scoring strategy with a dynamic, configurable system? Book a demo and discover how Flagright’s real-time risk scoring engine empowers you to combine these algorithms and stay ahead of AML and fraud risk.