The general approach to risk-based regulation is to establish standards and procedures. It's very difficult to define because it tends to be contextual, and five or six different factors can be taken into account, such as the country, the nature of the transaction, and the type of customer. An attempt has been made in the current regulations to actually define low risk, and it has picked out a few isolated types of transactions.
The risk-based approach would generally allow financial institutions to bring their knowledge to bear and look at the specific factors on a case-by-case basis. There would be certain minimum standards, but it would also be based on guidance that would presumably come with it.