Special Contributor Report: The Complete Guide to Understanding AML KYC requirements
Friday, September 8, 2017
Posted by: Brian Monroe
By Deepak Amirtha Raj
A research analyst for Cenza, specializing in strategy development and business analytics through artificial intelligence, virtual reality and augmented reality.
September 8, 2017
*Special contributor report*
Originally published here. Republished with permission and appreciation.
Do you Know Your Customers? You should, especially if you are a Financial Institution (FI). It is an important practice to protect your FI from fraud and losses due to illicit transactions.
It is essential that FIs know with whom they are conducting business and performing transactions. Due diligence standards are relevant not only for ensuring the integrity of business operations but also specifically for fighting against money laundering and terrorist financing.
As well, the rigor of due diligence tied to customers and the resultant risk score tie directly to the tuning of a bank's automated transaction monitoring. As a result, if a bank fails at the beginning of a relationship to mark a customer as high-risk, and instead judges the person low or medium, the monitoring system may not be sensitive enough to alert AML analysts to aberrant or suspicious activities.
That exact scenario has been highlighted by U.S. state and federal regulators, leading in some cases to formal enforcement actions, hefty monetary penalties and equally expensive and lengthy remediation engagements -- a situation that could potentially have been avoided with more attention to divining true customer risk at the front end.
Know Your Customer procedures are a crucial component to evaluate and monitor customer risk. “KYC” refers to the steps taken by financial institutions to:
1. Discover customer's identity
2. Understand the activities of the customer (importantly to evaluate the source of fund)
3. Perform a risk-based approach for monitoring the customer’s activities
A best-in-class KYC program consists of the following activities:
Customer Identification Procedures (CIP): This is the collection and verification of customer information from documents such as National ID cards, Passports, and other Government issued ID documents, as a measure of initial proof the person is who they say the are.
A CIP program is the starting point for any KYC process. In the financial institution context, a best practice is for the relationship manager to initiate the CIP process but coordinate and communicate with the due diligence manager.
Customer Due Diligence (CDD): This is information obtained from all customers through screening against Sanctions Lists, Politically-Exposed Persons (PEPs), and Adverse Media.
A key objective of CDD is to obtain enough information from new customers at the time of the account opening that it will allow a bank to gain a sound understanding of the customer’s normal and anticipated activity throughout the relationship.
When conducting due diligence, firms normally use a Risk Assessment Matrix (also referred to as a Risk Rating Template) to determine the overall risk rating of the client.
Enhanced Due Diligence (EDD): This is additional information obtained for high-risk customers to provide a deeper knowledge of customer activity to alleviate or mitigate associated risks. But keep in mind, some regulators feel you can't mitigate out of high-risk regions or customers and make them medium or low-risk through stronger controls.
In determining what level of due diligence is essential (CDD vs EDD), a firm should look at "Red Flags" associated with the following:
· Customer’s address/location (country of operations, country of registration)
· Actual or anticipated account activities
· Account type (e.g., cash, trading, savings, and investing)
· Type of business in which the customer is engaged in (export, manufacturing, tobacco/alcohol, design, etc.)
· Type of entity (foreign bank, nonbank financial institution, domestic/foreign corporation, trust, individual, corporation, LLC, partnership, etc.)
· The source of wealth or source of assets
· Purpose of the account
· Involvement of any Politically-Exposed Persons (PEP), their immediate family members or close associates
Ongoing Monitoring: It is not sufficient to perform due diligence only during the application stage, even if the checks are seemingly sufficient to onboard. The ongoing monitoring of a customer involves overseeing transactions based on thresholds stated as part of a customer’s risk score.
Best practices for FIs include transaction monitoring systems and periodic refreshing of due diligence information every 6 months to 12 months (based on risk score of the customer).
About the author
Deepak Amirtha Raj is a Research & Strategy Analyst in the Risk and Compliance sector. He focusses on Business Strategy Research, Emerging Technologies and Advanced Analytics. He studied business at Saint Joseph’s College and had previously worked with Royal Bank of Scotland as Business Process Analyst.