The risk-based approach (RBA) is an essential foundation of the FATF Recommendations, as it allows countries, competent authorities and financial institutions to adopt a more flexible set of measures to target their resources more effectively and apply preventive measures that are commensurate to the nature of risks, in order to focus their efforts in the most effective way. The RBA is not optional, but a prerequisite for the effective implementation of the FATF Standards. The RBA requires the identification, assessment and understanding of the ML/TF risks to which the countries and FIs are exposed, and the implementation of AML/CFT measures that are proportionate and tailored to those risks. The RBA is not a "zero failure" approach, but a way to mitigate the risks in the most efficient and effective manner.
References:
FATF Recommendations, Introduction, page 11
FATF Guidance on the Risk-Based Approach to Combating Money Laundering and Terrorist Financing
- High Level Principles and Procedures, page 3
Risk-based Approach (RBA), What is the Risk-based Approach (RBA)?

Explanation
Financial institutions are required by law to maintain records and documentation of customer transactions and to provide this information to law enforcement agencies upon request. However, financial institutions should also have policies and procedures in place to ensure that they comply with legal and regulatory requirements and protect customer privacy. Providing protected documents that are privileged under attorney-client privilege or freezing an account immediately may not be the appropriate response and may expose the financial institution to legal or reputational risks.
Reference: CAMS (6th ed.), Chapter 6, p. 261-262.

According to the ACAMS Study Guide, 6th Edition, page 184, "The decision to close an account should be made in consultation with the institution's legal counsel and AML compliance officer, and in accordance with the institution's policies and procedures." Closing an account may not always be the best option, as it may trigger the customer's suspicion, interfere with law enforcement investigations, or expose the institution to legal risks. Therefore, the institution should carefully weigh the pros and cons of closing an account, and follow its own internal guidelines.
References:
ACAMS Study Guide, 6th Edition, page 184
What steps should the institution take? - Exam4Training
Suspicious Transaction Report (STR) / Suspicious Activity Report (SAR) | AML-CFT

Customer due diligence (CDD) is a key component of anti-money laundering (AML) and counter-terrorism financing (CTF) compliance. CDD helps financial institutions identify and verify their customers, assess their risk levels, and monitor their transactions for suspicious activity.
One of the main objectives of CDD is to understand the nature and purpose of customer relationships, which involves collecting and analyzing relevant information about the customer's business activities, expected transaction patterns, source and destination of funds, and beneficial ownership. This information helps financial institutions develop a customer risk profile, which is a tool to measure and manage the risk exposure of each customer.
A customer risk profile reflects the financial institution's risk appetite, which is the level and type of risk that the institution is willing and able to accept. By comparing the customer's risk profile with the institution's risk appetite, the institution can determine if the customer operates in line with the firm's expectations and requirements for a specific industry segment. For example, if the institution has a low risk appetite for customers involved in high-risk sectors such as gambling, cryptocurrency, or arms trade, it can use the customer risk profile to identify and mitigate any potential risks associated with such customers.
Therefore, to understand if the customer operates in line with the firm's risk appetite for a specific industry segment, a financial institution must obtain sufficient customer information to understand the nature and purpose of customer relationships for the purpose of developing a customer risk profile.
References:
A Guide to Customer Due Diligence for Financial Institutions
Customer Due Diligence Guide: Main Requirements, Best Practices & Checklist Financial Crimes Enforcement Network Issues New Frequently Asked Questions on Customer Due Diligence Requirements ACAMS CAMS Certification Study Guide 6th Edition