Know Your Customer (“KYC”) Due Diligence Best Practices
Republished: Thursday, October 6, 2016, to reflect the latest industry news, trends and insights.
Financial institutions have a lengthy list of Anti-Money Laundering compliance requirements. They face a mountain of risks from a large number of financial transactions, each of which can carry significant risks.
AML compliance programs are built on a systematic review of a large number of financial transactions. The focus of this review has to be on triggers that identify suspicious transactions or customers.
Know Your Customer procedures are a critical function to assess and monitor customer risk.
“KYC” refers to the steps taken by a financial institution (or business) to:
- Establish the identify of the customer
- Understand the nature of the customer’s activities (primary goal is to satisfy that the source of the customer’s funds is legitimate)
- Assess money laundering risks associated with that customer for purposes of monitoring the customer’s activities
A best-practices KYC program will include the following elements:
- Customer Identification Program (CIP): collection, verification and record keeping of customer identification information and screening of customers against lists of known criminals.
A CIP is the starting point for any KYC process. In the financial institution context, a best practice is for the relationship manager to initiate the CIP process but coordinate and communicate with the due diligence manager.
- Basic Customer Due Diligence (“CDD”) is information obtained for all customers to verify the identity of a customer and asses the risks associated with that customer.
- Enhanced Due Diligence (“EDD”) is additional information collected for higher-risk customers to provide a deeper understanding of customer activity to mitigate associated risks. Customer risk assessments can be used to determine which level of due diligence to apply (CDD v. EDD).
In implementing this component, clear, defined process are essential. A consistent method of onboarding third parties indicates that an organization takes KYC seriously. All processes should be thoroughly documented to create a strong audit trail of decisions made. A company should keep an internal database with approved and disapproved third parties, vendors and suppliers to avoid duplication of effort.
At a minimum, due diligence should confirm beneficial owners, sanctions list screening of beneficial owners and relevant entities, politically exposed persons (“PEP”) involvement, and other government database checks.
In determining what level of due diligence is appropriate (CDD v. EDD), a company should look for “red flags” relating to:
- Location of the business
- Occupation or nature of business
- Purpose of the business transactions
- Expected pattern of activity in terms of transaction types, dollar volume, and frequency
- Expected origination of payments and method of payment
- Articles of incorporation, partnership agreements and business certificates
- Understanding of the customer’s customers
- Identification of beneficial owners of an account or customer
- Details of other personal and business relationships the customer maintains
- Approximate salary or annual sales
- AML policies and procedures in place
- Third-party documentation
- Local market reputation through review of media sources
EDD steps may include senior management approval, additional due diligence investigations, on-site visits, contractual certifications, third-party audits, source of funds certifications,
Conducting EDD on all customers is burdensome and undermines the purpose of a risk-based AML Program. By nature, some customers will inevitably present lower risks than others.
- Ongoing Monitoring: The ongoing monitoring function includes oversight of financial transactions and accounts based on thresholds developed as part of a customer’s risk profile.
Best practices for financial institutions include transaction monitoring systems and refreshing due diligence information every six to twelve months.
This article originally appeared on Corruption, Crime & Compliance.
KYC Due Diligence Posts
KYC (Know Your Customer) is not just a compliance issue anymore. It’s a fundamental, bottom-line concern that impacts the number of banking clients, costs, margins and total profits. Senior management is spending increasingly more on time on KYC and Customer Due Diligence (CDD), staff is getting bogged down on fulfilling compliance requirements, and customers are getting frustrated due to delays and difficult onboarding processes.
For any financial institution, one of the first analysis made is to determine if you can trust a potential client. You need to make sure any potential customer is worthy; customer due diligence (CDD) is a critical element of effectively managing your risks and protecting yourself against potential financial crimes and nefarious activities. As of 2013, according to PwC, at least 74 countries have AML legislation with some form of CDD requirements.
Your CIP (Customer Identification Program) process should include procedures for opening accounts, account verification, screening accounts, customer notification, and recordkeeping. A critical element to a successful CIP is a risk assessment, both on the institutional level and on procedures for each account. While the CIP provides guidance, it’s up to the individual institution to determine the exact level of risk and policy for that risk level.
KYC Due Diligence White Paper
Take the necessary steps to ensure that your organization meets compliance obligations. The traditional onboarding process for new clients is a time-consuming, labor-intensive, manual process that can lead to frustrating delays.
Find out how electronic identity verification enables financial institutions to comply with tough industry regulations without burdening customers.
Michael Volkov, CEO and owner of The Volkov Law Group, LLC, has over 30 years of experience in practicing law. A former federal prosecutor and veteran white collar defense attorney, he has expertise in areas of compliance, internal investigations and enforcement matters.
Mr. Volkov maintains a highly popular FCPA blog – Corruption, Crime & Compliance. He is a regular speaker at events around the globe, and is frequently cited in the media for his knowledge on criminal issues, enforcement matters, compliance & corporate governance.