More Than Knowing Your Customer, You Have to Know Your Customer's Customer (KYCC)
Tick, tick, tick; June 26, 2017 is coming up fast. If you’re in Europe and work in compliance, you know that is the full-implementation date for the Fourth Anti-Money Laundering Directive (AMLD 4). As with any compliance regulation, there are many factors to consider, so let’s take a look at some of the main considerations.
Enhanced Customer Due Diligence (CDD)
Customer due diligence (CDD) is a critical element of effectively managing your risks and protecting yourself against potential financial crimes and nefarious activities. As a guiding principle, the only ones who are against are fraudsters and terrorists; anyone working in compliance sees the inherent value of CDD.
The practical issue is the cost and complexity of performing due diligence; in what cases do you need to do so, and to what extent? AMLD 4 puts an emphasis on a risk-based approach — the directive mentions risk 149 times — so tools, policies and procedures need to be in place for ongoing risk assessment. As ACAMS points out, “institutions and organizations will be required to become more risk focused in the way they manage their CDD programs. That applies not only to the question as to whether simplified or EDD should apply but also to which methods, sources and monitoring approaches are appropriate.”
This risk-based approach to CDD requires:
- Written, documented policies that explicitly state what risk-assessments to run under various circumstances, or scenarios. What risk factors are accounted for and at what level? Consider different customers, transaction types, countries, amounts and all other risk factors appropriate for your institution.
- Ensure the risk-assessments are actually run and document that in preparation for any potential audit.
- Have compliance teams’ check and stress the procedures to safeguard against loopholes and oversights.
- Establish and maintain sufficient training for all staff that involves any step of the CDD process.
With an effective risk-based approach to due diligence, the decision to undertake enhanced due diligence (EDD) or allow simplified due diligence (SDD) is clear. While there are, of course, certain hard numbers to follow, a risk-based approach allows for customization to your institutions circumstances, as long as it’s defendable.
For the record, any transaction of over 10,000 Euros, or any gamble of over 2,000 Euros, requires CDD, just in case you were wondering about the specific numbers.
Who really is your customer? If you want to do effective customer due diligence, it’s more than checking the name given to you. Are they just a front, a figurehead, for someone or entity behind the scenes? Are they connected, or doing business with other entities that you don’t want any part of?
One of the main changes in AMLD 4 — mentioned 51 times — is the approach to beneficial ownership. You need to Know Your Customer (KYC), but you also need to Know Your Customers Customer (KYCC).
As the European Commission states in the Directive, “understanding the beneficial ownership of companies is at the heart of the risk mitigation of financial crime and of prevention strategies for regulated firms.”
All corporations and other legal entities need to gather, and maintain, accurate beneficial ownership data and share that with their appropriate government agencies. One innovation, that is a radical departure from before, is the use of a central depository:
(25) Member States should therefore allow access to beneficial ownership information in a sufficiently coherent and coordinated way, through the central registers in which beneficial ownership information is set out, by establishing a clear rule of public access, so that third parties are able to ascertain, throughout the Union, who are the beneficial owners of companies.
Having a central depository will allow parties to investigate beneficial ownership relationships across Europe. This central depository should make it easier to analyze business relationships and ensure that effective CDD is possible.
The ink’s not even dry on legislation the 4th AMLD and amendments are already being debated. The so-called 5th AML Directive has a starting framework and focuses on:
- High-risk 3rd countries,
- Virtual currencies,
- Strengthening requirements on prepaid instruments,
- Enhancing and aligning powers of FIUs (Financial Intelligence Units),
As these amendments are still under consideration, let’s not get too ahead of ourselves. We know it’ll be tough for many just to get ready for the AMLD 4 requirements by June 26, 2017. If you entail your organization to properly do due diligence on a deep level — which you should do anyways — your organization will be well on your way to compliance and set for any changes that come down the line.