KYC Due Diligence
When adhering to Know Your Customer (KYC) and Customer Due Diligence (CDD) regulations, you need to know what you are looking for and what your company is willing to risk. This process starts with your firm’s risk appetite, which is based off the risk-based approach. The risk-based approach is explained by FATF as “Assess and understand the money laundering and terrorist financing risks to which you are exposed and to take measures equal to those risks to mitigate them.” Essentially, you can depict a risk assessment through the following equation: inherent risk minus control effectiveness equals residual risk.
Inherent Risk
- Clients
- Products & Services
- Countries
- Channels
Control Effectiveness
- Customer Identification
- Due Diligence
- Management Approvals/Dual Controls
From this point you can determine what your residual risk may be, which will then determine the level of due diligence required. This can be either simplified due diligence or enhanced due diligence dependent on the risk posed by your potential client. There are four important steps to keep in mind when doing full KYC.
Assess
- Determine what you know and what you need to know. Also, determine how to collect that information
Explore
- Create a plan and find the answers
Organize
- Make the customer information meaningful and well put together
Present
- Present information in a purposeful manner and any indication of suspicious activity
Most customers will fall under the low to medium risk rating. In this case, simplified due
diligence will be acceptable. But for a more thorough assessment, here are some things to keep in mind regarding due diligence:
What is it?
- Establishing nature and purpose of account
- Use a risk-based approach
- Creating a customer profile
What to ask?
- Why is the account being opened?
- How will it be used?
- What sort of transactions should be expected?
- How frequently will transactions occur? Also, what amounts?
Unless the customer is deemed high-risk there is no need to implement enhanced due diligence. The information obtained here and organized into a customer profile should suffice for a low to medium risk customer. However, monitoring should never cease, and if there is any potential suspicious activity, a deeper look may be required.
So with that in mind, let’s have a quick overview:
Risk Assessment
- Inherent risk – control effectiveness = residual risk
Know Your Customer and Customer Due Diligence
- Assess – ask, plan, prepare
- Explore – investigate, search, interview
- Organize – gather, align, collect, clarify
- Present – document, persuade, defend
- Customer risk rating
- Dependent on risk appetite
KYC/CDD is one of the first lines of defense against money laundering and terrorist financing. It may seem tedious at times but is more necessary than it may feel. Until next time, stay compliant my friends.